Let’s recap the security stories with updates.
JBS, the meat packing giant hit with ransomware, has indicated they are coming back online. The Russian-based group REvil has been identified by the FBI as the source, and analysts indicate there should not be price impacts. For some context… cybersecurity firm Recorded Future says there have been at least 40 attacks publicly reported during the last year against food processors.
The Steamship Authority of Massachusetts was hit on Wednesday. This disrupted ticketing and reservations for the state’s largest ferry service.
Chinese threat actors have been identified in going campaigns designed to focus on governments. Beginning with spear-phishing, the victims would be hit with a tool kit which then opens the victim up with a backdoor.
Another identified active campaign is email based phishing, targeting employees with emails appearing to come from the CIO welcoming them back into offices. This reported by Cofense, and the redirection is to an apparent but fake SharePoint site hosting documents, which are designed to harvest credentials.
In the scam front, crypto-theft is up 1000% from a year ago, per the Federal Trade Commission. Scams include fake currency exchanges and phony investment websites.
The Biden Administration’s fiscal year 2022 budget proposal includes $58.4 billion to IT, including $9.8 bullion for cybersecurity, and a proposed $750 million dollar SolarWinds response fund. That fund includes $93 million for “SolarWinds breach remediation and security operation improvements”. The bulk of the funding goes to licensing upgrades and security operations, including new tools. There are also funds for modernization of infrastructure, and a Cyber Response and Recovery Fund.
On the research front, a survey of CIOs, CTO’s and CISO’s by VMWare shows 61% believed cloud had expanded the threat surface and they needed to view security differently, and 43% said they were planning to build more security into their infrastructure and apps, and cut down on the number of point solutions they run.
Why do we care?
Something has to change. Let’s note that the Biden Administration imposed sanctions on Russia, and we haven’t seen a change in behavior.
I’m going to extend my editorial from the weekend to note that cybersecurity companies benefit from the very problem created by technology. Licensing upgrades are “buy more”… so existing software providers are getting MORE money, and without a specific guarantee that it will work.
As I’m an advocate for paying for business outcomes, not for the technology itself, I find that lack of connection to outcome to be the most troubling. We’re spending a lot of time talking about the criminals’ activities in this reporting, and a lot less time talking about the negligence involved in implementations nor the responsibility for damage.
And we care because savvy providers are going to get ahead of that with their own risk management approaches. Don’t take all the risk.