DHS Releases Alert: Advanced Persistent Threat Activity Exploiting Managed Service Providers
In an alert released last Wednesday, US-CERT said, “The National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016, APT actors have used various tactics, techniques, and procedures (TTPs) for the purposes of cyber espionage and intellectual property theft. APT actors have targeted victims in several U.S. critical infrastructure sectors, including Information Technology (IT), Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.” ZDNet notes, “…the DHS said a previous threat alert –TA17-117A– included information related to today's activity. TA17-117A warned about ongoing attacks with a new malware strain named RedLeaves. An Accenture report from April 2018 linked this malware to [a] nation-state group known as APT10, of Chinese origin.”
FBI Makes Case for Public-Private Sector Partnership with Corporate Boards
Companies can act wary about letting the federal government know about a data breach, especially immediately after an incident, because they fear repercussions and punishment. The FBI is trying to send the opposite message to corporate boards. Reported in NextGov, “FBI Director Christopher Wray implored corporate board members [last] Monday to work with the federal government to secure their data and computer systems from foreign hackers. If a company believes it has been breached or finds evidence of malware on its systems, the company should contact the federal government as soon as possible, Wray said during an address before the National Association of Corporate Directors.”
Department of Energy Invests $28 Million to Advance Cybersecurity of the Nation’s Critical Energy Infrastructure
According to a press release, the U.S. Department of Energy (DOE) announced last Monday awards of up to $28 million to support the research, development, and demonstration (RD&D) of next-generation tools and technologies to improve the cybersecurity and resilience of the nation's critical energy infrastructure, including the electric grid and oil and natural gas infrastructure. With funding provided by the Office of Cybersecurity, Energy Security, and Emergency Response’s (CESER) Cybersecurity for Energy Delivery Systems (CEDS) Division, research partnerships will create and make available innovative technologies that help prevent, detect, and mitigate cyberattacks. The teams will pursue innovative approaches such as redesigning the current architecture that exposes the energy grid to cyber threats so that existing and future energy delivery systems can detect adversarial actions and adapt to survive while continuing to support critical functions.
Cybersecurity Reports and Surveys Roundup
We’ve rounded up a few of the best cybersecurity reports and surveys released last week:
Palo Alto Networks Announces Intent to Acquire RedLock
According to a press release, Palo Alto Networks announced last Wednesday that it has entered into a definitive agreement to acquire RedLock Inc., a cloud threat defense company. Under the terms of the agreement, Palo Alto Networks will pay approximately $173 million in cash to acquire RedLock. The acquisition is expected to close during Palo Alto Networks’ fiscal first quarter, subject to the satisfaction of customary closing conditions. RedLock co-founders Varun Badhwar and Gaurav Kumar, will join Palo Alto Networks. This acquisition will help Palo Alto Networks provide customers with cloud security analytics, advanced threat detection, continuous security, and compliance monitoring in a single offering.