|
|
|
|
|
|
|
|
|
|
Cyber Daily: Corporate Cyber Teams Uneasy About Rising Threats
|
|
|
|
|
|
|
|
Hello. Cybersecurity executives aren’t confident that they can fend off attacks even though the U.S. government has introduced new initiatives to disrupt cybercrime and strengthen security. Ransomware is growing, and corporate cybersecurity teams are becoming burned out as they deal with a quickening pace of attacks, said Patrick Gaul, executive director of the National Technology Security Coalition, an advocacy group for chief information security officers.
The Cybersecurity and Infrastructure Security Agency announced last week that it is setting up a task force on ransomware. But the government likely only knows about one quarter of ransomware attacks due to a lack of reporting, according to a report published last week by the Senate Homeland Security Committee. The lack of data makes it difficult for the government to help victims, the report said.
Continued below.
|
|
|
|
|
CONTENT FROM OUR SPONSOR: Netscout
|
|
It’s Not Too Late to Re-evaluate Your Security Posture
When you assume everything inside your firewall is good, it’s bad for business. Learn why organizations of all sizes are rethinking their security architecture to adopt zero-trust principles.
Read More
|
|
|
|
|
|
|
|
|
|
|
A cyberattack last year forced Colonial Pipeline to shut down the main pipeline carrying gasoline and diesel fuel to the U.S. East Coast. PHOTO: MARK KAUZLARICH/ BLOOMBERG NEWS
|
|
|
|
|
|
Despite Washington’s recent attempts to expand cybersecurity rules and disrupt hacking gangs, ransomware continues to proliferate and executives report unease about their companies’ ability to ward off the threat.
The number of ransomware attacks against U.S. businesses has continued to increase this year, cybersecurity experts say, while some lawmakers warn the government has limited visibility of such hacks. Companies that rapidly digitized their operations during the pandemic are spending more time and effort navigating a fast-changing and treacherous ransomware landscape.
About 19% of cyber risk executives are highly confident in their organization’s ability to understand and respond to cyber threats, according to a more than 660-person survey published Thursday by Marsh & McLennan Co.’s insurance broking business and Microsoft Corp.
“It reflects that, despite the significant amount of time and energy and resource that organizations are spending on cyber, the risk environment continues to evolve and expand such that it’s difficult to get ahead of it or get on top of it,” said Thomas Reagan, cyber risk practice leader for the U.S. and Canada at Marsh.
Verizon Communications Inc.’s annual Data Breach Investigations Report, published last week, found that ransomware’s involvement in data breaches rose by 13% over the course of the past year, more than the increase in the previous five years combined.
Read the full story.
|
|
|
|
|
|
|
|
PHOTO: JUAN CARLOS HIDALGO/ POOL/ SHUTTERSTOCK
|
|
|
|
|
|
Spain to reform secret services after Pegasus scandal. Prime Minister Pedro Sanchez (pictured, above) said the country will strengthen judicial control over its secret services after it was revealed last month that intelligence services hacked top Catalan politicians’ phones using spyware from the NSO Group. The government also confirmed that Mr. Sanchez and the defense and interior ministers’ phones were hacked. Mr. Sanchez is the first head of government to be confirmed as a hacking target using NSO Group’s Pegasus software. (AFP)
Russian prosecution of REvil ransomware group is stalled. A lawyer for one of the suspects told Russian media that the investigation is stalled due to a lack of U.S. cooperation. Russian authorities arrested several suspects allegedly affiliated with the REvil group in January in a joint operation with U.S. officials. The lawyer representing suspect Oleg Khramov told Russian media he has asked authorities to drop the case. A working group between U.S. and Russian officials that coordinated on cybersecurity hasn’t met since Russia invaded Ukraine, a spokesperson for the U.S. National Security Council told CyberScoop in April. (CyberScoop)
|
|
|
|
|
PHOTO: BEN GRAY/ASSOCIATED PRESS
|
|
|
|
|
Federal officials verified that there are software flaws in Dominion voting systems. A draft analysis from the Cybersecurity and Infrastructure Security Agency says that federal cybersecurity officials discovered flaws in Dominion Voting Systems during a Georgia court case. The vulnerabilities haven’t been exploited by hackers, who would need physical access to machines to do so. Brandon Wales, CISA's executive director, told CNN that states’ election security procedures would detect if the flaws were being exploited and in many cases would prevent hackers from doing so. The vulnerabilities affect a ballot-marking device known as the Democracy Suite ImageCast X, which is only in use in
certain states. An election security expert analyzed the devices and wrote a report assessing them as part of a lawsuit against Georgia’s Secretary of State.
|
|
|
|
China issues warnings about U.S. hacking. China’s Foreign Ministry and the domestic cybersecurity industry have been warning of U.S. cyberespionage since the beginning of the year, something they rarely did before. Chinese cyber firms and media have alleged that U.S. intelligence authorities have hacked Chinese companies and monitored 45 countries.
-
Cyber threat analysts say the accusations can be strategically useful for China's propaganda campaigns when the U.S. warns about Chinese hacking.
-
An analyst at cybersecurity company Mandiant told Wired that Chinese authorities refer in their warnings to old U.S. hacking tools dating back to the Snowden leaks or the Shadow Brokers group, which had ties to the 2017 leak of National Security Agency hacking tools.
-
Some analysts see the Chinese accusations as part of a broader battle between the U.S. and China over national security issues. The U.S. and other Western nations have described China as a bigger cyber threat than Russia, Iran and North Korea. (Wired)
|
|
|
|
|
|
|
|
|
PHOTO: U.K. INFORMATION COMMISSIONER'S OFFICE
|
|
|
|
|
Facial recognition tool scans internet for images. Facial recognition firm PimEyes collects images from the internet and matches them to photos of people, drawing from news websites, wedding announcements and other sources including pornography websites. Clearview AI, another facial recognition firm, was fined £7.5 million, or around $9.4 million, last week by Britain’s privacy regulator John Edwards (pictured, left), and has also been fined in Italy. PimEyes doesn’t take images from social media, unlike Clearview AI. The service is intended for people to search their own faces to see what images of them are on the internet. Privacy
advocates say the company doesn’t enforce that rule or have its service audited. Users pay $29.99 monthly to use the service, and people can pay a separate monthly fee to have their images excluded from the company’s searches. (New York Times)
|
|
|
|
|
|
14 Million
|
|
Number of suspicious cybersecurity events that Ukraine’s State Service of Special Communications and Information Protection recorded in the first three months of 2022, according to the agency.
|
|
|
|
|
|
|
|
|
|
|
|
Join us at the WSJ Pro Cybersecurity Forum on June 1
The agenda includes discussions with corporate cyber leaders and policy makers on running a global program, risks in M&A, the outlook for regulation, congressional priorities and more.
See the full program here.
Register for a discounted ticket here using the code WSJPro30.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
