Tuesday, February 28, 2023

Cybersecurity Industry News Review: February 28, 2023

Joe fay - Cybersecurity Industry News Review 28 2 2023 iStock-1297939802By Joe Fay 

Australia to scrap cybersecurity rules as part of a new regime, ransoms bankroll further ransomware attacks, Dole and PyPi attacked, while the European Commission calls time on TikTok. 

Australia to Overhaul Cybersecurity Rules 

The Australian government is overhauling its approach to cybersecurity and will create a new agency to coordinate responses to cyberattacks and manage investment. The plans follow publication of a discussion paper on cybersecurity following recent high-profile attacks, including one that affected telco Optus. The minister for home affairs, Clare O’Neil, described the current regime as “bloody useless.”                      

AT&T Selling a Cybersecurity Business, Trend Micro Buying One 

AT&T plans to offload its cybersecurity division. The telecoms giant built the unit around its $600m acquisition of AlienVault five years ago. AT&T’s strategy has been overtaken by a rash of startups offering more cost-effective offerings. Meanwhile, Trend Micro has acquired security operations center vendor Anlyz, boosting Trend’s orchestration, automation and integration capabilities and bringing 40 technical employees to Trend’s 3,000+ engineering team. 

The Big Return for Paying Ransom Demands? Research Warns of 10 More Attacks 

If ransomware victims pay the ransom they are bankrolling 10 more attacks on average, according to research from Waratah Analytics and Trend Micro. The report, What Decision Makers Need to Know about Ransomware Risk, applies data science techniques to a range of data, from chat logs to crypto currency transactions. It claims that LockBit and the historic Conti groups enjoyed ransom payment rates of 16%, probably thanks to their highly targeted business models. 

Banana Giant Dole Bent Out of Shape By Ransomware Attack 

Fruit and veg giant Dole has confirmed it had been hit by a ransomware attack, but the impact to its operations “has been limited”. The food producer said it had “moved quickly to contain the threat” and engaged leading third-party cybersecurity experts to work with Dole’s internal teams to remediate the issue and secure systems. The attack was first reported by CNN, which said it had resulted in shutdowns at Dole’s plants in the US earlier this month and halted shipments to grocery stores. Apparently, salad making kits were particularly affected, illustrating the supply chain disruption that ransomware can create.  

Warning Over More Malicious Libraries on Pypi 

The number of malicious “HTTP” libraries on the Python Package Index repository has increased according to research by ReversingLabs. In a blog post the firm said that most of these are “simple, malicious packages bearing names that are Frankenstein-like’ amalgamations of the acronym ‘HTTP’”, usually aping popular libraries in a bid to distribute malware or steal information. The PyPi repository was the source of a supply chain attack at the end of December, when someone uploaded a malicious dependency package with the same name as one shipped as part of the PyTorch nightly package index. 

Google reports on Ukraine (cyber) war a year on 

A year after Russia’s invasion of Ukraine, analysts and pundits have been contemplating the ongoing effect on the cyber landscape. A report from Google has detailed the phases of the cyberwar to date and its lasting effects, concluding that Moscow-based attackers have waged an “aggressive, multi-pronged effort…often with mixed results.” The effort has also “triggered a notable shift in the Eastern European cybercriminal ecosystem” with long term implications. The outlook? More of the same, with attacks likely to expand to include Ukraine’s NATO allies. 

European Commission takes a lead from the US, bans Tik Tok 

The European Commission has become the latest governmental organization to ban the video app TikTok from its staff’s corporate devices. The Commission explicitly said the move was to “increase its cybersecurity”, and to protect it against “actions which may be exploited for cyber attacks against the corporate environment of the commission”. Other social media platforms would be kept under review, it added. The commission is in good company, with multiple governments banning the app, along with a range of US government agencies. Joe Biden approved a TikTok ban for the Federal Government in December, though the White House has also sought to use TikTokers to reach the youth vote. 

 

The post Cybersecurity Industry News Review: February 28, 2023 appeared first on Cybersecurity Insiders.


February 28, 2023 at 09:10PM

0 comments:

Post a Comment