AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/24/2021

1 – The Cybersecurity 202: Cybersecurity pros are split on banning ransomware payments

Some cybersecurity pros want to ban ransomware victims from paying hackers to unlock their computer systems. They argue it’s the only way to halt a wave of debilitating and increasingly brazen cyberattacks for profit. But such bans could do more harm than good, forcing companies out of business if they can’t get back online, other experts warn. They could also endanger lives and livelihoods if hospitals, schools and other critical services are shut down for days on end. “It’s very contentious,” James Shank, chief architect of community services at the cybersecurity firm Team Cymru, told me. “Some people adamantly believe you can’t solve the problem without banning. … On the other side, you have victims that are really impacted by ransomware and their viability as businesses is threatened.”


2 – The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms

On January 11, antivirus company Bitdefender said it was “happy to announce” a startling breakthrough. It had found a flaw in the ransomware that a gang known as DarkSide was using to freeze computer networks of dozens of businesses in the US and Europe. Companies facing demands from DarkSide could download a free tool from Bitdefender and avoid paying millions of dollars in ransom to the hackers. But Bitdefender wasn’t the first to identify this flaw. Two other researchers, Fabian Wosar and Michael Gillespie, had noticed it the month before and had begun discreetly looking for victims to help. By publicizing its tool, Bitdefender alerted DarkSide to the lapse, which involved reusing the same digital keys to lock and unlock multiple victims. The next day, DarkSide declared that it had repaired the problem, and that “new companies have nothing to hope for.” “Special thanks to BitDefender for helping fix our issues,” DarkSide said. “This will make us even better.”


3 – The Full Story of the Stunning RSA Hack Can Finally Be Told

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.  Amid all the sleepless hours that Todd Leetham spent hunting ghosts inside his company’s network in early 2011, the experience that sticks with him most vividly all these years later is the moment he caught up with them. Or almost did.  It was a spring evening, he says, three days—maybe four, time had become a blur—after he had first begun tracking the hackers who were rummaging through the computer systems of RSA, the corporate security giant where he worked. Leetham—a bald, bearded, and curmudgeonly analyst one coworker described to me as a “carbon-based hacker-finding machine”—had been glued to his laptop along with the rest of the company’s incident response team, assembled around the company’s glass-encased operations center in a nonstop, 24-hours-a-day hunt. And with a growing sense of dread, Leetham had finally traced the intruders’ footprints to their final targets: the secret keys known as “seeds,” a collection of numbers that represented a foundational layer of the security promises RSA made to its customers, including tens of millions of users in government and military agencies, defense contractors, banks, and countless corporations around the world.


4 – Don’t Let Scary Headlines Shape Your Company’s Cyber-Resilience Strategy

When the Colonial Pipeline attack made headlines earlier this month, Steve Grobman knew that every security practitioner would soon be talking about ransomware risk in their organizations again. “Here we are halfway through 2021 and the pendulum has swung back to discussing ransomware attacks,” he says. “If all of our focus is on the last thing to [have] happened, then we can get in a really dangerous situation.” Grobman, senior vice president and chief technology officer at McAfee, served as a keynote speaker at RSA Conference this week, pointing to the flaw in heeding headlines to make risk-based decisions. Grobman’s argument is this: As humans, we are awful at perceiving risk. We are too easily influenced by media, anecdotal data, and evolutionary biology. He called on security leaders to lean on data and science, not headlines, when deciding where to invest in tools and how to craft security strategy.


5 – The Long-awaited 2021 Cyber Executive Order

On May 12, 2021, the US president issued an “Executive Order on Improving the Nation’s Cybersecurity.” The EO follows on the heels of the Colonial Pipeline ransomware attack, along with the Codecov and Solar Winds supply-chain attacks. While the EO focuses primarily on internal-government actions, the presidential order expresses hope that private sector companies will follow the US government’s lead and take “ambitious measures to augment and align cybersecurity investments” to reduce the number, frequency and intensity of future cybersecurity incidents.


6 – China self-develops brain-computer interface to bypass US tech sanctions

Neuralink, a US-based technology firm founded by serial entrepreneur Elon Musk, might have the edge in developing brain-computer interface (or BCI) technology, but Chinese research teams have been catching up in their development of this crucial biosciences space that could have far-ranging applications, including in medicine and aerospace. Brain-computer interface technology has come a long way from seeming like science fiction, and while Musk’s Neuralink has gone so far as to implant a microchip in a monkey’s skull and enable it to control video games with just its mind, China’s researchers have seen some success with wearable headgear wired with a chip and sensing electrodes. This allows for a non-invasive alternative to allow brain signals to be interpreted and transmitted onscreen.

Related Posts