NTSC Technology Security Roundup

Weekly News Roundup: October 8, 2018

DHS Releases Alert: Advanced Persistent Threat Activity Exploiting Managed Service Providers

In an alert released last Wednesday, US-CERT said, “The National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016, APT actors have used various tactics, techniques, and procedures (TTPs) for the purposes of cyber espionage and intellectual property theft. APT actors have targeted victims in several U.S. critical infrastructure sectors, including Information Technology (IT), Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.” ZDNet notes, “…the DHS said a previous threat alert –TA17-117A– included information related to today's activity. TA17-117A warned about ongoing attacks with a new malware strain named RedLeaves. An Accenture report from April 2018 linked this malware to [a] nation-state group known as APT10, of Chinese origin.”

FBI Makes Case for Public-Private Sector Partnership with Corporate Boards

Companies can act wary about letting the federal government know about a data breach, especially immediately after an incident, because they fear repercussions and punishment. The FBI is trying to send the opposite message to corporate boards. Reported in NextGov, “FBI Director Christopher Wray implored corporate board members [last] Monday to work with the federal government to secure their data and computer systems from foreign hackers. If a company believes it has been breached or finds evidence of malware on its systems, the company should contact the federal government as soon as possible, Wray said during an address before the National Association of Corporate Directors.”

Department of Energy Invests $28 Million to Advance Cybersecurity of the Nation’s Critical Energy Infrastructure

According to a press release, the U.S. Department of Energy (DOE) announced last Monday awards of up to $28 million to support the research, development, and demonstration (RD&D) of next-generation tools and technologies to improve the cybersecurity and resilience of the nation's critical energy infrastructure, including the electric grid and oil and natural gas infrastructure. With funding provided by the Office of Cybersecurity, Energy Security, and Emergency Response’s (CESER) Cybersecurity for Energy Delivery Systems (CEDS) Division, research partnerships will create and make available innovative technologies that help prevent, detect, and mitigate cyberattacks. The teams will pursue innovative approaches such as redesigning the current architecture that exposes the energy grid to cyber threats so that existing and future energy delivery systems can detect adversarial actions and adapt to survive while continuing to support critical functions.

Cybersecurity Reports and Surveys Roundup

We’ve rounded up a few of the best cybersecurity reports and surveys released last week:

  • Firms Seek to Close Security Skills Gap: According to the Wall Street Journal, “Many companies face a creeping IT security skills gap as continued cloud and mobility adoption expose their systems to new threats that cannot be handled by standard security efforts, CompTIA says. […] Among the broad set of skills that it says corporate security teams need to address in employee programs are familiarity with vulnerability assessments, compliance and operational security, access control and identity, and incident detection and response.”
  • For some cloud services more than 75% of accounts are utilized by hackers: Reported in Help Net Security, “Researchers found that 21.57% percent of accounts originating from cloud service IP ranges appear to be fraudulent. Malicious accounts are eight times more likely to originate via cloud services than normal users. In fact, some cloud services and data centers can have more than 75% fraudulent accounts.”
  • Majority of businesses believe they are open to cyberattack: Reported in Computer Weekly, “Most organizations (67%) believe hackers can still penetrate their network and 89% say they have had an application layer attack in the past year, according to a survey report.”
  • New study finds 5 of every 6 routers are inadequately updated for security flaws: Reported in ZDNet, “Of the total 32,003 security flaws, more than a quarter were vulnerabilities that received the two highest severity ratings of ‘critical’ and ‘high-risk’ respectively.”

Palo Alto Networks Announces Intent to Acquire RedLock

According to a press release, Palo Alto Networks announced last Wednesday that it has entered into a definitive agreement to acquire RedLock Inc., a cloud threat defense company. Under the terms of the agreement, Palo Alto Networks will pay approximately $173 million in cash to acquire RedLock. The acquisition is expected to close during Palo Alto Networks’ fiscal first quarter, subject to the satisfaction of customary closing conditions. RedLock co-founders Varun Badhwar and Gaurav Kumar, will join Palo Alto Networks. This acquisition will help Palo Alto Networks provide customers with cloud security analytics, advanced threat detection, continuous security, and compliance monitoring in a single offering.