Draft Biden Executive Order Requires Fed Contractors to Issue Swift Breach Notifications, Sources
DHS to embark on cybersecurity "sprints," North Korean hackers targeting security pros again, DHS issues another Microsoft Exchange emergency directive, Man charged with water system hacking, more
Please consider following us on Twitter to catch the news as it occurs throughout the day.
The Biden administration plans to require companies doing business with the federal government to report hacks to their networks within a few days, according to a draft cybersecurity executive order, sources say.
The order would also require companies that work with the U.S. government to meet certain software standards and require improvements for federal agencies’ basic security practices, including mandating data encryption and two-factor authentication. Department of Homeland Security Secretary Alejandro Mayorkas said the order would contain nearly a dozen items.
According to one official, software vendors would be required to secure their so-called build systems by ensuring they aren’t accessible to the internet and that the identity of workers who access the code is protected by two-factor authentication, among other measures. The order would require software companies to provide the government with a “software bill of materials” that breaks down the various pieces of code that make up a software product.
Finally, a key element of the order requires government agencies to encrypt the data now stored in their computers, which would make it unreadable by hackers, according to sources. (Jennifer Jacobs and Micheal Riley / Bloomberg)
Techmeme @TechmemeSources: draft Biden executive order would require companies doing business with the federal government to report hacks of their networks within a few days (Bloomberg) https://t.co/PiHlpRDXyB https://t.co/BjCPENblhc
Department of Homeland Security Secretary Alejandro Mayorkas said during an event hosted by security firm RSA that in response to ransomware incidents that have crippled states and cities, a “cyber response and recovery fund” will be established to help the department deliver resources to state and local governments dealing with those and other incidents.
Mayorkas also announced a series of two-month “sprints” that will focus resources on a given threat that CISA will undertake. Ransomware, industrial control systems security, and election security are among those issues covered by the sprints. (Sean Lyngaas / Cyberscoop)
Google’s Threat Analysis Group said it had identified a website for a fake security company created by the same North Korean government-backed hacking group that tried to lure security professionals to sites that would download malware to infect their systems.
The new site, called SecuriElite, does not yet have malware but does feature fake security worker profiles and fake Twitter and LinkedIn profiles. (Catalin Cimpanu / The Record)
DHS’s Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to scan their networks again for any signs of compromised on-premises Microsoft Exchange servers and report their findings within five days.
The emergency directive orders federal departments and agencies to run newly developed tools, Microsoft’s Test-ProxyLogon.ps1 script and Safety Scanner MSERT, to investigate whether their Microsoft Exchange Servers have been compromised. (Sergiu Gatlan / Bleeping Computer)
Email security firm Proofpoint said that hackers linked to Iran had targeted 25 senior professionals at various medical research organizations located in the US and Israel as part of a weeks-long phishing campaign it calls BadBlood.
Proofpoint attributes the attacks to an Iranian hacking group known as TA453, also known as Phosphorous, APT35, and Charming Kitten. (Catalin Cimpanu / The Record)
According to research by games publisher Activision, hackers hid malware inside a cheat for its Call of Duty: Warzone game.
The researchers found that the Warzone cheat advertised on popular cheating forums was actually malware that let hackers control the victims' computers. One of the goals of the malware was to use gamers' powerful GPUs to mine cryptocurrency. (Lorenzo Franceschi-Bicchierai / Motherboard)
Cisco Talos says that threat actors target gamers with backdoored game tweaks, patches, and cheats, hiding malware capable of stealing information from infected systems.
One of the strains deployed in the game cheats is XtremeRAT (aka ExtRat), a commercially available remote access trojan (RAT) used in targeted attacks and traditional cybercrime since at least 2010. (Sergiu Gatlan / Bleeping Computer)
A joint effort by Chinese police and gaming giant Tencent has led to the closure of what police say is the biggest ever video-game-cheat operation called Chicken Drumstick.
The gang sold cheats to popular video games, including Overwatch and Call of Duty Mobile, and generated around $76 million in revenue by charging subscription fees to clients. (BBC News)
Joe Tidy @joetidyPolice bust 'world's biggest' video-game-cheat operation. Roughly $76m (£55m) in revenue was made by the organisation which charged a subscription fee to clients. Police seized assets worth $46m, including several luxury cars. https://t.co/37Cz71JR48
A Kansas man, Wyatt Travnichek, has been indicted on a federal charge accusing him of tampering with a public water system.
The indictment alleges that Travnichek knowingly accessed the Ellsworth County Rural Water District’s protected computer system without authorization. During this unauthorized access, Travnichek allegedly performed activities that shut down the facility's processes with the intention of harming the Ellsworth Rural Water District No. 1, also known as Post Rock Rural Water District. If found guilty, Travnichek faces up to five years in prison and a fine of up to $250,000 for computer hacking charges, and up to 20 years in prison and a fine of up to $250,000 for tampering with a public water system. (STL News)
Security researchers have been fighting a battle for the past two months against a new BazarCall or BazaCall malware that uses call centers to distribute some of the most damaging Windows malware.
BazarCall phishing emails prompt users to call a phone number to cancel a subscription before they are automatically charged. The victims are then directed to a specially crafted website to download a "cancellation form" that installs the BazarCall malware. Security researchers believe that the threat actor group runs the call centers and rents out distribution as a Distribution-as-a-Service. (Lawrence Abrams / Bleeping Computer)
Related: The Record by Recorded Future
Microsoft’s inaugural Security Signals report, conducted by Hypothesis Group, which polled 1,000 decision-makers involved with security and threat protection at enterprise companies, found that less than 30% of organizations allocate security budget toward preventing firmware attacks.
Of the firms surveyed, 83% had been hit by criminals with a firmware attack in the past two years. (Kelly Sheridan / Dark Reading)
The open-source Chromium project, which powers the Google Chrome web browser, announced plans to release a Chrome for Linux version with DNS-over-HTTPS (DoH) support, which provides end-to-end encryption as well as expanded privacy.
However, Chrome's support for certain configurations in Chrome for Linux will be limited to detection of whether or not the configuration is a common configuration compatible with Chrome behavior, according to the project’s design document. (Ax Sharma / Bleeping Computer)
As the Biden Administration grapples with the challenges posed by the SolarWinds and Microsoft Exchange hacks, the Cybersecurity and Infrastructure Security Agency is struggling to keep up, according to interviews with fifteen people familiar with CISA, including past and current employees.
The relatively new agency is understaffed and overwhelmed and may be too stretched to prepare for the next attack, sources say. (Eric Geller / Politico)
The Dutch Data Protection Authority has fined hotel booking website Booking.com €475,000 (about $560,000) for reporting a security incident 22 days after it happened, in breach of EU GDPR that requires all breaches must be disclosed within 72 hours.
The fine followed the theft of more than 4,000 Booking.com customers' personal data, with credit card numbers stolen for 300 of the victims. (Catalin Cimpanu / The Record)
Global IT consulting giant Wipro is acquiring Ampion, an Australia-based provider of cybersecurity, DevOps, and engineering services. The terms of the deal were not disclosed.
Ampion, formed through the merger of Revolution IT and Shelde, employs more than 500 consulting and technology specialists who support more than 150 clients. (MSSP Alert)