This week’s Cyber Security Headlines – Week in Review, July 5-9, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Shawn M. Bowen, CISO, World Fuel Services

Cyber Security Headlines – Week in Review is live every Thursday at 4pm PT/7pm ET. Join us each week by registering for the open discussion.

Further context on the Kaseya attack

Deployed at noon on Friday, the start of the US Fourth of July holiday weekend, the REvil ransomware attack affected eight known managed service providers and over a thousand of their customers through Kaseya, a cloud-based MSP. Huntress Labs’ John Hammond  told BleepingComputer that all of the affected MSPs are using Kaseya VSA and that they have proof that their customers are being encrypted as well. Kaseya issued a security advisory on their help desk site, warning all VSA customers to immediately shut down their VSA server to prevent the attack’s spread while investigating. DoublePulsar researcher Kevin Beaumont posted a summary stating that the REvil ransomware arrived via a Kaseya update and used the platform’s administrative privileges to infect systems. Once the Managed Service Providers were infected, their systems were able to attack the clients that they provide remote IT services for (network management, system updates, and backups, among other things). As of this recording, this first time a ransomware group has used a zero-day in attacks, hitting around 40 customers worldwide, including 500 stores belonging to the Swedish grocery chain Coop.

(The Verge, BBC News, and The Hacker News

DHS announces most successful cybersecurity hiring initiative in its history

Secretary of Homeland Security Alejandro N. Mayorkas on Friday announced the Department’s largest cybersecurity hiring initiative ever with the onboarding of nearly 300 cybersecurity professionals and the extension of an additional 500 tentative job offers. This hiring initiative, which exceeded its goal by almost 50 percent, is part of a 60-day Cybersecurity Workforce Sprint focused on building a more diverse cybersecurity workforce. The initiative also includes an Honors Program for recent cybersecurity graduates for a one-year professional development program at DHS, followed by eligibility for permanent, full-time positions, an expansion of of its K-12 initiative to cultivate the next generation of diverse cybersecurity professionals, and a new cybersecurity initiative for girls in grades 6-12.

(DHS Press Release)

Could technological diversity help keep systems secure?

A growing school of thought suggests that resilience and preparation against cyberattacks might be helped if there was less focus on homogeneous systems. Robert M. Lee, the CEO and founder of the security company Dragos, Inc., notes the increasing trend of homogenous infrastructure in recent years as vendors acquire one another and settle common technologies and operating platforms, and suggests this makes it easier for threat actors to practice, deploy and refine their techniques across a wide selection of victims. This isn’t a vendor issue, he adds, instead pointing the finger at customers as the source of the conformity pressure. His thoughts are available in full at robertmlee.org.

(robertmlee.org)

Popular audio editor accused of being spyware

The popular open-source audio editor Audacity released an updated privacy policy that includes provisions for data collection, following the apps acquisition by the company Muse Group back in May. Under the policy, Audacity can collect IP addresses which will be stored for 24 hours, as well as processor, OS version, and unspecified data “for legal enforcement,” with data stored in the European Economic Area, as well as Muse Group’s office in Russia and in the US. The policy also states that Muse Group can share data collected with potential buyers in the future. 

(AppleInsider)

Thanks to our episode sponsor, Viakoo

IT vulnerability remediation solutions don’t work for IoT. Viakoo’s award-winning agentless and automated IoT vulnerability remediation solution can quickly shrink the attack surface created by distributed and unmanaged IoT devices. See Viakoo at Black Hat, and visit us at Viakoo.com.

Cyber reinsurance rates see a spike

According to the London-based reinsurance broker Willis Re International, in July the company saw a 40% jump in renewal rates as companies look for help in the recovery process from increasingly common ransomware attacks. This comes as the cyber insurance industry itself is getting shaken up, with provider AXA backing away from ransomware insurance products, and France considering banning ransomware insurance on the grounds it encourages attackers. Premiums for this insurance offering are also increasing, as providers are now realizing the exposure many companies face in cyber security. 

(ZDNet)

Facebook partners with Liquid to extend Africa fiber network

Facebook Inc. and Africa’s largest fiber company, Liquid Intelligent Technologies, are extending their reach on the continent by laying 1,243 miles of fiber in the Democratic Republic of Congo. The move will make Facebook one of the biggest investors in fiber networks in the region. The cable will eventually extend the reach of 2Africa, a major sub-sea line that’s also been co-developed by Facebook, the two companies said in a statement Monday. Facebook switched to a predominantly fiber strategy following the failed launch of a satellite to beam signal around the continent in 2016. The build will 5,000 people to work on the project, the companies said.

(BNNBloomberg)

Pentagon cancels $10 billion JEDI cloud contract that Amazon and Microsoft were fighting over

The Department of Defense announced Tuesday it’s calling off the $10 billion Joint Enterprise Defense Infrastructure cloud contract that was the subject of a legal battle involving Amazon and Microsoft. In a press release sent yesterday, the Pentagon said that “due to evolving requirements, increased cloud conversancy, and industry advances, the JEDI Cloud contract no longer meets its needs.” The Pentagon did say however that it still needs enterprise-scale cloud capability and announced a new multi-vendor contract known as the Joint Warfighter Cloud Capability. It plans to solicit proposals from both Amazon and Microsoft for this contract, adding that they are the only cloud service providers that can meet its needs, but said further it will continue to do market research to see if others could also meet its specifications.

(CNBC)