NetStandard’s Security Minute Series
The big ransomware news from last weekend was Colonial Pipeline, the largest fuel pipeline operator on the East Coast, which was forced to shut down its entire network and all operations after being hit with ransomware from DarkSide.
- There are reports that the company paid $5 million in ransom: Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom – Bloomberg
- A detailed writeup on DarkSide can be found here: Shining a Light on DARKSIDE Ransomware Operations | FireEye Inc
- Update: There are reports today that DarkSide’s infrastructure has been taken down, and that the gang is shutting down. Do not overreact to this news. There’s a decent chance that the criminals did it themselves, claiming “We were taken down!” as an excuse to lay low until the spotlight fades, then pop back up with a new name. This has happened before.
In more under the radar news, the City of Tulsa OK was hit with ransomware last weekend, which disrupted citizen-facing services: City of Tulsa hit by ransomware over the weekend | The Record by Recorded Future
The Biden administration issued an executive order on cybersecurity this week, which requires federal IT contractors to disclose breaches, requires MFA and encryption for government systems, and establishes a “Cyber Safety Review Board,” among other things. This is a good thing for all businesses, not just federal contractors: Executive Order on Improving the Nation’s Cybersecurity | The White House
Windows 10 version 1909 has reached end of service, and will no longer receive security updates: Windows message center | Microsoft Docs
I know I send a lot of uber-nerdy info, but this might be the deepest one yet. How MFA works in Windows: MFA is Hard to do Right (syfuhs.net)
On another note…
- November 2020, the US Air Force discovered a cryptominer inside its internal law enforcement agency. Agents raided a home in Olathe KS last week: Agents raid home of Kansas man seeking info on botnet that infected DOD network | The Record by Recorded Future