Security News for the Week Ending July 29, 2022
TSA Updates Cybersecurity Guidelines for Pipeline Operators
After the Colonial Pipeline meltdown last year, TSA, who regulates pipeline cybersecurity (don’t ask), issued a set of regulations for pipeline operators to follow. Given that TSA had less than a dozen people in their cybersecurity department and zero industrial IoT expertise, it is not a surprise that the guidelines were a fiasco. Now they have updated them and we will see if the new ones are better. Credit: Federal Computer Weekly
How Long Does it Take for Hackers to Start Scanning for Vulnerabilities?
How long do you think it takes for hackers to start scanning for vulnerabilities? We used to think you had at least 72 hours before you were at risk. Palo Alto Network’s Unit 42 says not any longer. They say that threat actors start scanning within 15 minutes. Since scanning is easy, you can give that task to the new kids while the more experienced hackers are developing an exploit. Credit: Bleeping Computer
Federal Court Database Breach Bigger Than Admitted
In 2021 The US federal court system admitted that they had been hacked a year earlier and the electronic document filing system compromised. Also in 2021 the courts said that they were instituting new security measures. While the courts have been very limited in what they have said about this, they told lawyers that sealed documents must now be filed on paper to actually keep them secure. Now we are hearing of another (probably different) breach in March of 2022. At this point, we do not know how many breaches of the federal court system there were or what was taken, other than it was bad and probably much worse than admitted. So much for government transparency. We do know that the DoJ is investigating the issue. Credit: Security Week and Cybernews
Ransomware Attacks May Be Falling as Victims Stop Paying
Ransomware statistics from the second quarter of the year show that the ransoms paid to extortionists have dropped in value, a trend that continues since the last quarter of 2021. In part this is due to ransomers moving from the big bang theory (Colonial Pipeline) to smaller mid-market attacks. This does not mean that cybercrime is going away, just shifting. Credit: Bleeping Computer
Apple Network Traffic Routed Through Russia for 12 Hours
For about 12 hours on July 26th and 27th, Russia’s Rostelecom “announced routes” for parts of Apple’s network, sending traffic destined for Apple to Russia first. This likely was due to the lack of security in the most popular Internet routing protocol, BGP. Apple, as is typical for them, is keeping their mouths shut. It is, of course, extremely embarrassing and they would just like this to go away quietly. Credit: Cybernews