I probably need a clever security section name.
Colonial Pipeline’s CEO took the stand at a Senate hearing on Tuesday. He defended his organization as a victim of forces beyond his control – and directly addressed that account with no 2FA. “It was a complicated password … I want to be clear on that … it was not a ‘colonial123’-type password,” he said. He later added that the company is now compliant with new cybersecurity regulations “almost to a T.”
The FBI is clearly stepping up its game – they arrested hundreds in a sting operation using a fake encrypted messaging app, developed by the bureau and presented as a platform for organized criminals. Developed by the FBI and the Australian Federal Police, 20 countries cooperated in spreading the app. The system had about 12,000 total and 9,000 active devices.
FINRA, which regulates US securities, has warned brokerages about a phishing campaign which threatens penalties unless the victims hand over information to the attackers. The campaign uses a fake [email protected] email address.
Spain’s Ministry of Labor and Social Economy was hit Wednesday. Their communications office and multimedia room were down.
Why do we care?
That FBI operation has been going on for quite some time. Kudos to them. This predates the rash of incidents we’ve been reporting on recently, and points to often how long it takes law enforcement to get to the end. Detective work isn’t like TV – it takes more than a 60 minute show with three commercial breaks.
I have to admit, I love the fact that a CEO is defending his password policy against a “123 style” password. It’s a comedic moment for sure… but it speaks to the change in attitude. It’s very well known this is a bad idea. Doing it… should result in consequences. Should being the operative word.