IEEE Cipher --- Items from security-related news (E163)

  • Spyware Creepers Scale the Wall
    Why Apple's walled garden is no match for Pegasus spyware
    Publisher: The Guardian
    Date: 21 Jul 2021
    By: Alex Hern

    The Guardian and 16 other media organizations investigated the spyware that was used to infect and steal information from the cellphones of targeted people, including journalists and politicians. Their findings get at the very heart of how mobile devices, indeed any computing device, is protected. One interesting quote from an expert: "What that means in practice is that the only thing that can protect iOS users from an attack is Apple – and if Apple fails, there's no other line of defence."

  • Ransomware Key Revealed
    Software vendor caught up in ransomware attack obtains decryptor key
    Publisher: CNN Business
    Date: July 22, 2021
    By: Brian Fung and Geneva Sands

    The security firm Kaseya had a remote access tool that was exploited for a large number of ransomware attacks against its customers. Somehow Kaseya obtained the decryption key that the victims need to recover their files.

  • Better Late Than Never ... FBI Delayed Release of Ransomware Key
    FBI Withheld REvil Ransomware Decryptor Key as Some MSPs Suffered Encryption
    Publisher: MSSP Alert!
    By: D. Howard Kass
    Date: Sep 22, 2021

    It turned out that the decryption key that Kaseya gave to victims of a ransomware attack was given to them by the FBI. The FBI chose to delay revealing the information for 3 weeks. FBI director Christopher Wray told a Senate Security Committee hearing that "We make the decisions as a group, not unilaterally. These are complex ... decisions, designed to create maximum impact, and that takes time in going against adversaries where we have to marshal resources not just around the country but all over the world."

  • Accenture Unfazed by LockBit
    Another big company hit by a ransomware attack
    Publisher: CNN Business
    Date: August 11, 2021
    By: Brian Fung

    Did the REvil gang disappear into the LockBit ransomware-as-a-service group? Rumors of a ransomware attack against the global consulting firm Accenture have raised speculations about the possible realignment of ransomware software groups. Accenture was threatened by LockBit with public release of sensitive files. For its part, Accenture said it had detected and dealt with "irregular activity" with no impact on its operations or those of its customers.

  • Who Was That Guy in the Voting Machine Meeting?
    FBI joins investigation into QAnon-affiliated leak of voting machine logins in Colorado
    Publisher: CNN
    Date: August 17, 2021
    By: Paul P. Murphy

    Mesa County Colorado has been in turmoil over an argument over who has the right to supervise elections. The battle between the state and county started when the login credentials for administering the county's voting machine were shown in a video posted online. The video was suspected of being shot by an unauthorized visitor to a confidential meeting of officials and the voting machine vendor's representatives.

  • Industrial Systems Need Cybersecurity
    Biden administration issuing new security guidance to companies aimed at blunting cyberattacks
    Publisher: CNN
    Date: September 22, 2021
    By: Sean Lyngaas

    In July the Biden administration released a report on Security goals for Cybersecurity for Critical Infrastructure Control Systems. Recommendations for practices that can assure those goals are the subject of a further report to be released soon. An incident at a Florida water treatment plant in February highlighted the need to securing the cybersecurity at all levels of critical infrastructure.

  • SEC Casts Wide SolarWinds Net
    Wide-ranging SolarWinds probe sparks fear in Corporate America
    Publisher: Reuters
    Date: September 10, 2021
    By: Christopher Bing and Chris Prentice, Joseph Menn

    Summary: Tension has developed over an SEC request to businesses for reports on all cybersecurity incidents since October 2019. The government request is voluntary and only applies to companies that downloaded a SolarWinds product that was later shown to have a serious flaw. The SEC says that they are investigating the scope of the wide-scale attack, but business leaders are concerned that they may be liable for unrelated incidents that could be revealed by the requested records.