Cyber Security Headlines: National Cybersecurity Strategy, CISA delivers Decider, Bookstore chains hacked

White House gets tough with new National Cyber Strategy

The White House unveiled its long-awaited National Cybersecurity Strategy yesterday, laying out a holistic approach to improving digital security across the country. The plan is built around five basic pillars:

  • Minimum cybersecurity requirements for critical infrastructure 
  • Offensive cyber actions against hackers and nation states 
  • Shifting liability onto software manufacturers
  • Diversifying and expanding the cyber workforce
  • Continuing to build international partnerships.

As we reported on Monday, the strategy places greater responsibility on larger organizations, and stresses robust collaboration, particularly between the public and private sectors. 

(The Record

CISA releases free ‘Decider’ tool to help with MITRE ATT&CK mapping

Decider is an open-source tool that helps defenders and security analysts quickly generate MITRE ATT&CK mapping reports. CISA recently published a “best practices” guide about MITRE ATT&CK mapping, highlighting the importance of using the common standard. Decider was developed in partnership with the Homeland Security Systems Engineering and Development Institute and MITRE, and was made available for free via CISA’s GitHub repository.

(Bleeping Computer)

British retail chain WH Smith says data stolen in cyberattack

The data breach exposed information belonging to current and former employees. The company operates 1,700 locations across the United Kingdom and employs over 12,500 people. The company states that the attack did not impact its trading business. Customer data was not affected because this information is stored on separate systems that remained safe from unauthorized access. Although there are no details about the date of the attack, it can be concluded that the intrusion occurred after January 18, the date of the last trading update from the company, which did not mention any cyberattack. According to the BBC, the incident happened earlier this week.

(Bleeping Computer)

Canadian book giant says employee data was stolen during ransomware attack

In a parallel story, Canadian bookseller Indigo denied that any customer data was stolen last month during a ransomware attack that took down its website. However it now says that employee data was involved in the attack. The Toronto-based company did not respond to requests for comment about how many people were affected. It has more than 8,000 current employees at more than 160 stores across Canada. The LockBit cybercrime gang has claimed responsibility for the attack on Tuesday..

(The Record)

Thanks to this week’s episode sponsor, Conveyor

Just because your security questionnaire is from the stone age, doesn’t mean you have to answer it with cave-era tools. At Conveyor, we implemented GPT-3 into our first-of-its-kind questionnaire eliminator so teams of all sizes can blast through questionnaires faster than you can say “prehistoric”. Go beyond re-writing mediocre matches, to getting your questionnaire auto-filled with the exact answers customers need. Join the top SaaS companies in the GPT-3 powered future by using Conveyor. Learn more at

Washington state public bus system confirms ransomware attack

A public transportation system serving parts of Washington state has confirmed that a ransomware attack two weeks ago disrupted some of its systems. Pierce Transit — which provides bus, van, and carpool services primarily to the city of Tacoma and the surrounding Pierce County area — said the ransomware attack started on February 14 and forced the organization to put temporary workarounds in place. The transit system serves about 18,000 people each day. The LockBit ransomware group took credit for the attack and had demanded a ransom by February 28. The Pierce Transit spokesperson said the agency was aware that the deadline had passed.

(The Record)

SysUpdate malware strikes again with Linux version and new evasion tactics

The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features designed to evade security software and resist reverse engineering. Trend Micro said it observed the equivalent Windows variant in June 2022, nearly one month after the command-and-control (C2) infrastructure was set up. Lucky Mouse is also tracked under the monikers APT27, Bronze Union, Emissary Panda, and Iron Tiger, and is known to utilize a variety of malware such as SysUpdate, HyperBro, PlugX, and a Linux backdoor dubbed rshell.

(The Hacker News)

Power grid program receives $48 million in funding from Department of Energy

The program is designed to modernize grid infrastructure across the country for improved efficiency and better resilience against extreme weather events, such as the winter storm that hit Texas in 2021 enabling utilities to more effectively control grid power flow to avoid disturbances, and quickly isolate and route around disruptions. With possibly the most ambitiously awkward acronym of all time, the Unlocking Lasting Transformative Resiliency Advances by Faster Actuation of power Semiconductor Technologies” (ULTRAFAST) program will support the infrastructure development. 

(Security Magazine)

Australian woman arrested for email bombing a government office

The Australian Federal Police (AFP) arrested a woman in Werrington, Sydney, for allegedly email bombing the office of a Federal Member of Parliament. The AFP says the suspect sent over 32,000 emails to the MP’s office over 24 hours, preventing employees from using the IT systems and the public from contacting the office. Although the AFP does not elaborate on the exact means by which the suspect sent a large volume of emails to the MP office within such a short time, they state that the attack used multiple domains when sending the emails. This likely means that she used an “email bombing” service accessed through the dark web to essentially DDoS the MP’s email servers.

(Bleeping Computer)