|
|
Cyber Daily: Hybrid Work Is a Hacker’s Dream | Global Digital Sting Operation
|
|
|
|
|
|
|
|
Hello. Hybrid work brings a constantly changing mix of office and remote workers, devices that move in and out of company networks, and security staffs stretched thin. WSJ Pro’s James Rundle reports on how companies are dealing with the cyber challenge.
Plus: In a Q&A with WSJ Pro’s Catherine Stupp, the head of Scotland’s Environmental Protection Agency details how the group is still recovering from a Christmas 2020 ransomware attack.
Other news: Colonial Pipeline isn’t fully recovered; pipeline service firm LineStar compromised; U.S., Europe, Australia and New Zealand conduct digital sting; how hackers use your social-media activity, and more ...
|
|
|
|
|
|
Security Challenge: Hybrid Work
|
|
|
|
|
The task of securing company networks is harder as some workers return to the office, some stay home and some do both.
ILLUSTRATION: JON KRAUSE
|
|
|
|
In a typical hybrid workplace, some employees will be in the office, some will be working from home—or spaces like coffee shops and client headquarters—and some will be cycling back and forth. Devices, too, are moving in and out of the company network, with employees bringing their laptops onto those networks and then taking them back home—where they’re much more exposed to hackers and can easily get infected with malware.
We look at some of the challenges businesses face as they make this transition—and how they’re dealing with them, including:
-
Catching up on patches
-
Keeping personal devices sequestered
-
Removing the human factor
Read the full story.
|
|
|
|
|
|
More Cyber and Privacy News
|
|
|
|
PHOTO: GRAEME JENNINGS/PRESS POOL
|
|
|
Colonial Pipeline not fully recovered from hack. Joseph Blount of Colonial Pipeline Co. confirmed that investigators believe Russia-based hackers broke into his company’s computer system by logging into an out-of-use virtual private network that lacked the routine requirement that the user provide a second method of identity verification, such as a code sent to a registered phone number. (WSJ)
|
|
|
-
“We are deeply sorry for the impact that this attack had,” Mr. Blount told the Senate Homeland Security Committee.
-
He faced sharp questions from Democrats and Republicans about Colonial Pipeline’s cybersecurity practices, his decision to pay the hackers more than $4 million in the cryptocurrency bitcoin and the company’s communication with federal authorities during the hack.
|
|
|
“It is a stunning admission that Colonial Pipeline did not have a plan in place if hackers requested a ransom payment.”
|
|
— Sen. Maggie Hassan (D., N.H.) on Mr. Blount’s testimony
|
|
|
|
|
Pipeline service provider LineStar compromised. Hackers posted data they claim was stolen from Houston-based LineStar Integrity Services LLC, including software code and more than 73,000 emails. The company, which sells technology, auditing and other services to fuel pipeline firms, didn’t disclose the May incident. Activist group Distributed Denial of Secrets identified the data. (Wired)
|
|
|
|
Australian Federal Police detained a suspect in the global sting operation built off monitoring of the communications platform Anom.
PHOTO: AUSTRALIAN FEDERAL POLICE/REUTERS
|
|
|
|
World-wide digital sting: In a sting dubbed “Operation Trojan Shield,” an international coalition of law-enforcement agencies led by the Federal Bureau of Investigation covertly monitored the encrypted communications service Anom. The operation was revealed this week by authorities in the U.S., Europe, Australia and New Zealand. Alleged members of criminal organizations adopted the platform to communicate securely, unaware that authorities were covertly monitoring 27 million messages from more than 12,000 users across more than 100 countries, officials said. (WSJ)
The numbers:
-
More than 800 arrests in 16 countries
-
Items seized included more than 8 tons of cocaine, 22 tons of cannabis and 2 tons of synthetic drugs, as well as 250 firearms, 55 luxury vehicles and over $48 million in various currencies.
-
More than 150 threats to human life were also disrupted, officials said.
|
|
|
Q&A: The Scottish EPA Was Hacked. Here’s What Happened Next. Agency CEO Terry A'Hearn talks about how he and his colleagues responded to the attack last December, and what lessons they are learning. The key reaction, he said, was “to turn quickly to other experts.” (WSJ Pro Cybersecurity)
|
|
|
|
🎧 Listen: Why Crypto is Key to Stopping Ransomware. WSJ Pro’s David Uberti details how the U.S. government is fighting back against ransomware hackers and explains why going after cryptocurrency is critical to the strategy.
|
|
|
|
|
|
|
|
PHOTO: DADO RUVIC/REUTERS
|
|
|
How hackers use your social-media profile. Armed with publicly available intel, cybercriminals can cobble together a profile of you—and use it in countless ways to break into your company’s network. They might craft an email tailored to your interests (“Hello fellow dog lover!”) that gets you to click on a link giving them access to the network. Or they might use details about service providers like your health-insurance company in the course of launching a ransomware attack. (WSJ)
|
|
|
|
Colorado passes privacy bill. Residents of Colorado would get the right to see and delete personal data that organizations store, as well as the ability to call a stop to the sellling of their information if Gov. Jared Polis, a Democrat, approves the legislation. It would go into effect in two years. (Consumer Reports)
|
|
|
12
|
|
Number of hours, on average, it takes for hackers to exploit freshly leaked user credentials, according to a study from cybersecurity firm Agari, which planted fake login data on 8,000 hacker websites. And 20% of accounts were targeted within one hour. (ZDNet)
|
|
|
|
|
|
|
|
|
