Hello, readers! Once again, the massive SolarWinds hack is monopolizing headlines, with Forbes Business reporting on January 14 that CrowdStrike, a cybersecurity firm investigating the SolarWinds attack, identified a third malware strain, dubbed SUNSPOT, that is believed to be involved in the hack.
As more evidence becomes known, legislators and industry experts debate whether this breach was an act of cyberwar. Regardless, one revelation has come to light: the need for improved supply chain security. Earlier this week, Next Gov reported that National Counterintelligence and Security Center director William Evanina called for a fusion of responsibilities across the National Security Agency, the Department of Homeland Security and the FBI, noting that “we have to be able to be in a position, and be willing to have a supply chain risk mitigation program that really is around zero trust.”
Let’s take a look back at what else made cybersecurity headlines this week.
Jan. 15: Two European developers are facing legal action from Facebook. The company alleged that the accused were scraping data, a violation of Facebook’s terms of service.
Jan. 14: President-elect Joe Biden included more than $10 billion in cybersecurity and information technology funding as part of his proposed COVID-19 relief plan, The Hill reported.
Jan. 13: TikTok announced its efforts to bolster privacy protections for teen users.
Jan. 13: Bloomberg reported, “The Defense Department has halted deployment on its classified networks of a $2 billion cybersecurity project intended to detect intrusions and prevent attacks because of poor test results, according to the Pentagon’s testing office.”
Jan. 13: The Biden Administration has officially announced the appointment of Anne Neuberger, the National Security Agency’s cybersecurity director, as deputy national security adviser for cyber and emerging technology.
Jan. 12: CyberScoop reported, “Disinformation campaigns on social media, sinking trust in journalism and a willingness among some lawmakers to spread conspiracies present a pernicious set of challenges for the federal government. While major technology firms have started to act against calls for violence, specialists say Congress, the intelligence community, the private sector and the incoming Biden administration must consider ways that Americans can improve media literacy before the issue becomes more of a national security issue.”
Jan. 12: Email security provider Mimecast said hackers hijacked its products to spy on its customers, Reuters reported.
Jan. 12: According to The Hill, the director of the National Counterintelligence and Security Center (NCSC) has growing concerns that China and Russia are reportedly targeting the COVID-19 vaccine supply chain.
Jan. 11: In the aftermath of the insurrection at the Capitol Building, ZDNet reported, “… items were stolen. One report comes from acting US Attorney for DC, Michael Sherwin, who stated ‘items, electronic items were stolen from senators’ offices, documents and ... we have to identify what was done to mitigate that.’ ”
Jan. 11: Cloud-enabled IoT vendor, Ubiquiti, issued a statement to its customers that the company had been made aware of, “unauthorized access to certain of our information technology systems hosted by a third party cloud provider,” Krebs on Security reported.