Press "Enter" to skip to content

The Bureau of Cyberspace is coming as North Korea attacks the IT supply chain

North Korean state hackers are targeting the IT supply chain too – Kaspersky has reported on the Lazarus group switching focus to attack the IT supply chain, noting breaches againat both Latvian and South Korean IT vendors.     That Latvian one – that’s an IT asset management software package.

The guns apparently didn’t help – a Russian speaking ransomware gang claims to have breached the National Rifle Association, releasing 13 documents alleged to belong to the organization and threatening to release more.     The NRA declined to comment. 

Spiceworks Ziff Davis’s State of IT report says security training tools are the top security expenditure planned for 2022, and also notes that hardware based authentication is a priority for 68% of respondents.  

If you missed it, a win for the good guys – the New York Times reporting on the operation by Emsisoft to reverse engineer the BlackMatter group’s ransomware.     Exploiting discovered issues in the group’s code, they worked with other cybersecurity companies and government agencies to restore a number of organizations. 

And big news – the State Department is creating a Bureau of Cyberspace.   One of the tasking is to address international concerns with hacking, ransomware and internet freedom.

Why do we care?

Think about that – the US government is moving to address online as another place to manage, like any other physical space.  

Right now, the movements at the governmental level are way more interesting than anything commercial… because that’s how the big changes will happen.    Solving a people problem with tools doesn’t work, so adding more locks is not the solution to security here long term.  That’s not to argue that technical solutions aren’t relevant, they simply aren’t the ultimate solution to customers problems.

A classic AND situation rather than an OR, and why providers should be vocal about their security needs from governments… and law enforcement.