Articles By This Author
SolarWinds’ chief information security officer defended the company’s practices and technology on Wednesday, saying the attack it experienced at the hands of Russia’s foreign intelligence agency last year wasn’t one that most companies would be prepared for. “We ran a pretty good shop, we had pretty good technology,” Tim Brown, the company’s CISO and vice president of security, said during a webcast hosted by the insurance firm Marsh. “We’ve had four months of inspections and we found things to fix, but it wasn’t like we were super dirty—there wasn’t sloppiness, there wasn’t malware all over our environment.”
The Biden administration announced today a 100-day plan aimed at enhancing the security of electric utilities’ industrial control systems and improving the sector’s ability to detect, mitigate, and investigate cybersecurity incidents. According to government officials, the effort is the first of several initiatives planned for multiple critical infrastructure sectors. Recent attacks involving SolarWinds and Microsoft Exchange software have pressured government agencies to modernize cyberdefenses—the U.S. intelligence community warned last week that adversaries including Russia, China, and Iran have the capability to disrupt or damage U.S. critical infrastructure, including the electric grid….
Schools and universities, which were once seen as poor targets for financially-motivated cybercrime, are now awash in impersonation scams and other attacks. On March 30, the IRS warned students and staff at educational institutions of an “ongoing IRS-impersonation scam that appears to primarily target educational institutions, including students and staff who have ‘.edu’ email addresses.” The agency has received a number of reports recently of tax refund scams and phishing attempts targeting people at these institutions, it said.
Last spring, professional services firm Deloitte published a study that ranked Singapore as the most exposed country to cyberattacks in the Asia-Pacific region. The city-state was also deemed the most prepared at defending against them. Over the last decade, Singapore has aggressively rolled out a slew of cybersecurity initiatives aimed at protecting its nearly 6 million highly-connected citizens from cyber threats. As a global financial and shipping hub, it took early steps at bolstering critical infrastructure security and reducing barriers to information sharing. More recently, the country has rolled out cybersecurity labels for consumer smart devices, and awards marks of distinctions to companies that have invested heavily in cybersecurity….
The U.S. and its allies will face “a diverse array of threats” over the next year, most notably from China, Russia, Iran, and North Korea, an annual threat assessment from the U.S. intelligence community concluded on Tuesday. The report was issued by the Office of the Director of National Intelligence ahead of congressional hearings on Wednesday and Thursday…
‘They knew I was running late to meetings’: Former DHS chief on reports that SolarWinds hackers targeted his emails
Former Acting Secretary for the Department of Homeland Security Chad Wolf on Monday recounted the intense first days of the SolarWinds crisis, and remarked on recent reports that the suspected Russian hackers behind the attack had gained access to his email account. “My first question was: were these unclassified email accounts? The answer was yes,” Wolf said at a virtual talk hosted by the Heritage Foundation. “It’s still concerning, but it would have been even more of a concern if they had access to the lines that DHS does its most sensitive work on.”
The Biden administration on Monday said it has picked two National Security Agency veterans to serve in top cybersecurity leadership roles. Chris Inglis will be nominated to serve as the country’s first National Cyber Director, and Jen Easterly will be tapped to run the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA. Both positions require Senate confirmation, which could take several months…
Fitch Ratings, one of the “Big Three” credit rating agencies that assesses the creditworthiness of bonds, companies, and governments, published an alert Thursday warning that cyberattacks could pose a “material risk” to water and sewer utilities and potentially impact their ability to repay debt. The alert follows multiple reports of cybersecurity incidents affecting water utilities. In February, city officials in Oldsmar, Florida, said a hacker attempted to poison the local water supply by changing the concentration of sodium hydroxide at a water treatment plant to toxic levels…
After experiencing a brief dip at the beginning of the year, ransomware attacks are showing signs of a resurgence with