The Industry’s Only SaaS-Delivered Enterprise DLP
Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.
No-Compromise Data Protection is:
- Cross Platform
- Flexible Controls
New cyber requirements, improving the CVSS, and the potential for Rowhammer attacks - catch up on all of the week's infosec news with the Friday Five!
1. TSA cyber requirements would fine pipeline operators for lax security practices by Sean Lyngaas
In a direct response to the Colonial Pipeline breach a few weeks ago, the TSA has instituted new mandatory cybersecurity requirements. Under the new rules, pipeline operators must report hacking incidents within 12 hours, and failure to report will result in a fine. The new guidelines are expected to cover around 100 pipeline operators. The policy change is significant as it shifts reporting from being voluntary to being required by law. Pipeline operators will have 30 days to assess if their current security protocols meet the new federal guidance and will have to designate an executive to coordinate with the federal government in the event of a future cybersecurity incident.
2. Critical for who? The triumph and tragedy of CVSS as a risk rating tool by Joe Uchill
In a look at the Common Vulnerability Scoring System, experts have been debating how to make the system more useful in influencing security priorities. Currently, the system assigns a score from 1 to 10 to indicate the level of threat a vulnerability poses. The problem with the system is that admins use the score to infer how likely a vulnerability is to be exploited; when in reality, the base score does not address whether it is being actively exploited or the number of systems it exists within. Though the score can be helpful, it should not be a factor in determining priority around patching. Another problem is the score only addresses each vulnerability as a standalone attack and does not properly address the damage that can be caused by vulnerabilities that work as a chained attack. In the future, the system would be better served by incorporating all of its scores, including its temporal and environmental scores into the overall base score.
3. As Chips Shrink, Rowhammer Attacks Get Harder to Stop by Lily Hay Newman
New research has found that smaller computer chips are vulnerable to what is known as a Rowhammer attack. A Rowhammer attack involves attacking a row of DRAM transistors, which are the electric charge in computer chips, in the hope of causing electricity to leak to another row of transistors. The leaked electricity can flip other transistors from 1 to 0 and back, and if enough are switched, attackers can gain control of the chip. Though some protections have been developed for adjacent rows, now that rows are closer together in the small chips, a Rowhammer attack is more of a threat because the charge can jump over two or three rows, where there is no protection. Though there are some mitigations, to fix the problem, chip manufacturers will have to rethink how chips are designed.
4. Hackers Posing as The United Nations Hacked Uyghur Muslims by Lorenzo Franceschi-Bicchierai
In the latest cyber targeting of the Uyghurs, an ethnic minority group within China, malicious hackers set up fake human rights websites and pretended to be the UN in order to identify members of the Uyghur community. The hackers also included a fake anti-virus scanner which itself contained malware. This is especially nefarious as it preys on the Uyghurs' understandable fear that they are being targeted and the offer for protective software instead is a further attack. The attack’s origin has not been fully attributed, but the campaign used code from a Chinese hacking forum and was designed to find and track Uyghurs with the intent of a second malware campaign to follow.
5. 10 days after ransomware attack, Irish health system struggling by Alice Chambers and Patrick Reevell
About two weeks after a major cyberattack on the Irish Health System, Ireland is still struggling to deal with the fallout. The attack has forced mass cancelations of appointments and disrupted treatments. Each day that the computers remain offline, the backlog and disruption to care get worse in a health system that was already strained by the pandemic. Ireland has refused to pay the $20 million ransom and is currently in the arduous process of recovering the systems. In response, the ransomware gang gave a mildly effective encryption tool to the hospitals, in what was widely viewed as a PR stunt, and is likely to sell the stolen health data on the black market. In conjunction with the Colonial Pipeline breach a few weeks ago, the threat from ransomware has never been more apparent.