The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Friday Five 4/16

by Colin Mullins on Friday April 16, 2021

Contact Us
Free Demo
Chat

Ransomware gang profiles, cybersecurity nominations, and efforts to stop foreign hackers - catch up on all of the week's infosec news with the Friday Five!

1. NSA Urges Organizations to Patch Five Vulnerabilities Exploited by Russia by Chris Brook

The U.S. Government, as part of a wide-ranging announcement of sanctions against the Russian Government for election meddling, also warned organizations to patch five vulnerabilities that are actively being exploited by Russia’s Foreign Intelligence Service. U.S. federal agencies have warned of the bugs before but the urgency to patch has taken on new meaning with the Biden administration’s tougher stance on Russia. According to the warning, the SVR is using the vulnerabilities to gain access to organizations in an attempt to obtain potentially useful intelligence. The sanctions and the public push to patch are significant, as they are the first response from the U.S. since it emerged that Russia was likely behind the SolarWinds attack, a breach that affected numerous federal agencies.

Read more

2. Lawmakers press spy leaders on lagging efforts to block foreign hackers by Shannon Vavra 

In testimony on Wednesday, FBI Director Chris Wray highlighted the importance of U.S. companies informing the FBI if they learn that they are targets of criminal or nation-state hackers. If more companies came forward, it could help create an early warning system that might prevent the larger scale breaches that have roiled the U.S. in the last few months. Part of the reason that the government discovered the SolarWinds breach when it did, was that an affected company, FireEye, came forward and disclosed that it had been attacked. Especially as the government is limited by what it can surveil domestically, the private industry often has a better view into what intrusions are occurring domestically. Some other matters discussed to reduce the number of cyber-attacks on the U.S. were more aggressive offensive deterrence and a breach notification law to speed up and force companies to report breaches to enable the early warning system.

Read more

3. Meet the Ransomware Gang Behind One of the Biggest Supply Chain Hacks Ever by Lorenzo Franceschi-Bicchierai 

This profile of the C10p ransomware gang examines how the group’s tactics continue to get more aggressive; recently they attempted to recruit customers of a breached company to extort the hacked company in question into paying. Specifically, they used the stolen contact information that they gained during the hack to mass email the customers imploring them to pressure the company. The ransomware gang has breached a multitude of companies over the last few years, their most notable suspected attack being a supply chain attack targeting the file sharing service Accellion FTA. While individual identities are unknown, most researchers agree they are based out of Russia or former territories of the Soviet Union. The profile of the ransomware gang is worth a read, especially as the author was able to get some comments (anonymously of course) from the cybercriminals themselves.

Read more

4. White House to nominate NSA vets Chris Inglis, Jen Easterly as national cyber director, CISA chief by Sean Lyngaas 

There were two important nominations on the federal level concerning cybersecurity this week. Chris Inglis was nominated to be the national cyber director and Jen Easterly was nominated to be the next director of DHS’s Cybersecurity and Infrastructure Security Agency. The positions are especially important as the Biden administration prepares to respond to recent cyber-attacks from Russia and China. Both nominees hold impressive resumes in cybersecurity and national defense and are expected to help lead a newly empowered cybersecurity contingent of the federal government to solve the myriad challenges facing the U.S.

Read more

5. The FBI Takes a Drastic Step to Fight China's Hacking Spree by Brian Barrett

In a series of extraordinary court documents, it was revealed that in an attempt to mitigate the damage caused by the infection of tens of thousands of Microsoft Exchange Servers, the FBI obtained a warrant to enter infected systems, without permission, to delete malicious web shells on the servers. Though large companies that were affected likely have the resources to quickly fix the issue, a lot of mid-sized to smaller companies benefitted from the FBI taking this novel proactive approach. The FBI showed a lot of restraint by just deleting the web shells (essentially the mechanisms in which the keys to future intrusion were left by hackers) and not scanning or doing more to servers without permission. In the past, the FBI has only unilaterally acted in a similar way in the cyberspace to disrupt botnets, and though there is a fear that the FBI could abuse this kind of access, in this case, they used their court-ordered mandate to potentially avert a lot of harm.

Read more

Tags: Government, Ransomware

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • The Five Stages of Threat Hunting
  • A Proactive Approach to Threat Hunting
  • Expert Tips

Colin Mullins

Colin Mullins is a Social Media Marketing intern at Digital Guardian