Tag Archives: ransom

Security News for the Week Ending June 25, 2021

Paying Ransom is Tax Deductible

Under current IRS regulations, paying cyber ransom after a hack is deductible, just like losses from a robbery, but the IRS is “looking into it”. One way the government could discourage ransom payments is if the cost is borne fully by the company’s owners. They still might choose to do it, but at least the taxpayers would not be subsidizing it. Of course, if your insurance pays for or reimburses you for the ransom, then that ransom is not deductible. Credit: AP

How Much Does YOUR Board Know About Cybersecurity Issues

As I reported last week, the SEC fined First American Financial a half million dollars for the data leak they had. The fine was based on the fact that an internal security team discovered the problem that was reported to the SEC several months later, no one bothered to tell FirstAm executives about the issue. The moral of the story is that the SEC is “suggesting” that you keep your business leaders informed about cybersecurity issues. If the SEC does that, assume that your insurance provider will follow suit soon and deny coverage if your executives are not kept in the loop. Credit: Reuters

How Long Does It Take to Fix Critical Vulnerabilities

According to White Hat Security, the average time to fix a CRITICAL vulnerability in May 2021 was 205 days, up from 201 days in April. The water utility sector was the least prepared. 66% of all applications used by the sector had at least one exploitable vulnerability open throughout the year. Even in finance, 40% of the applications had a window of exposure of 365 days, but 30% had a WoE of fewer than 30 days. Given stats like these, it is not surprising that the hackers are winning. Credit: ZDNet

Cyber Breach Insurance Market Set for a Reckoning

Cyber insurance claims spiked this year. Standalone claim payouts jumped from $145,000 in 2019 to $358,000 in 2020. A key metric the industry uses is something called direct loss plus defense and cost containment ratio. It skyrocketed last year to 73% from 42% the previous five years. At 73%, when you add in other costs, that means the industry is probably losing money. This means that premiums will go up, coverage will go down and limits and sublimits will be changing. If you have cyber risk insurance, prepare for changes. Credit: The Record

How Long Does it Take a Misconfigured Container to be Attacked?

Containers are great, but they are not bullet proof. Aqua Security says that based on data they have collected over 6 months, 50% of Docker APIs are attacked by botnets within 56 minutes of being set up.

It takes five hours on average for a new honeypot container to get scanned. The fastest happened in a few minutes. The longest was 24 hours. None of these numbers are very long.

What this means is that you need up your game when it comes to securing your cloud based systems. If you can, set them up in a contained environment (that is not publicly accessible) and harden it before exposing it. Credit: SC Magazine

Security News for the Week Ending May 10, 2019

Hackers Wiping Github and Other Repos

Hackers are attacking repositories of users on Github, Gitlab and Bitbucket, leaving a ransom note that says pay up if you want your software back.

The ransom isn’t much – around $500, – which may cause people to pay up rather than trying to recover the data, which I assume is their strategy.

One possibility is that users have the password embedded in other repositories in clear text and the hackers were able to find those passwords.

Key point here is to make sure that you have backups OF ALL OF YOUR CLOUD BASED DATA.  Today it is Github;  tomorrow it is something else.  If you care about your data, make sure that it is securely backed up.  Offline backups are best because it is hard to wipe something that is not connected.  Source: Bleeping Computer.

 

Remember Shadow Brokers – China Already Had the Tools That Were Released

Remember all the fury a few years ago when Shadow Brokers released a whole bunch of NSA hacking tools?  Symantec now says that China already had those tool a year earlier and was using them against others.  Was NSA hacked?  Apparently not – China captured the NSA tools that were being used on them and repurposed them.

It is hard to keep these tools under check.  If you use them people will likely discover that fact and if they are motivated, they may use them against you.   In this case, China used them hacking targets in at least 5 countries including one telecom carrier where they got access to hundreds of thousands or millions of private communications.

After Shadow Brokers released the tools, China felt even bolder to use them because now they weren’t secret any more and would soon be patched.

Keeping these secrets under wraps is basically impossible.  Source:  The NY Times.

Israel Blows Up Palestinian Hackers

In an unusual move, Israel blew up a building that it said was used by Hamas for cyber attacks – in direct response to current or future Hamas cyber attacks, according to a press release from the IDF.

Neither side is saying much beyond that Israel did blow up the building.  No one is saying if there were casualties.

Apparently this facility was known to the Israelis.  This points to the likely escalation of cyber war into kinetic war as large countries fear what small countries can do in cyberspace.  This likely causes an escalation into cyber warriors operating out of spaces which would cause collateral damage if bombed, such as schools, hospitals and shopping malls.  Source: Gizmodo.

 

A Few More Details On Cyber Attack Against Western US Power Utility

We are hearing a few more details about the cyber attack on a so-far unnamed western US power utility.

The attackers, it is now being anonymously reported disabled the utility’s Cisco ASAs.  This is particularly scary since Cisco is pretty much the 800 pound gorilla in that space and their Adaptive Security Appliance is used by hundreds of thousands (or more) of businesses.  It is certainly possible that the ASAs were configured insecurely or missing patches (security patches are typically not available to owners unless they have a paid up maintenance plan, which I HOPE an electric utility would have).

Given how critical the electrical grid is in the US and how fragile it is, this is a bit of a wake up call for those utilities (water, power, gas, phone, Internet, etc.) that have not yet drunk the security Kool-Aid.  Source: EENews.

 

Navy May Be Getting Serious About Cybersecurity

Last year the Navy decided that having a CIO was superfluous and eliminated the position as unnecessary (See article).   They decided that the Undersecretary of the Navy could manage all those pesky IT and security details in his spare time.

In March the Navy released a SCATHING report on how bad their cybersecurity really was.  Now they are working on asking Congress to approve adding a position at the Assistant Secretary level, responsible for IT and security.

They also are looking at training (too basic) and discipline (can cyber-mistakes get you fired).

There is a report due June 1 outlining the roles, responsibilities and staffing for a Assistant secretary for cyber with a plan to role it out in July.  March.  June.  July.  This is amazingly fast for an organization as large as the Navy.

WHAT ARE THE OTHER SERVICES DOING?  Source: Defense Systems.