Ransomware Triggers Food Shortages, AWS Bomb Plot, and PlexTrac Secures...
As this week’s stories go to show, there’s never a dull moment in the cybersecurity industry.
A fired IT contractor is jailed for a retaliatory cyber attack on his former employer, CNA — one of the U.S.’s top providers for cybersecurity insurance — is hit with a security breach, Apple is slammed for “aiding tyrants” by ProtonVPN’s CEO, and much more.
If only there was an awesome blog post you could read every week that walks through five of the biggest stories in the industry in a condensed format … Oh wait, there is, and you’ve found it.
Let’s get to the news.
According to InfoSecurity Magazine, an IT contractor who carried out a retaliatory cyber attack after being fired for “underperforming” has been sentenced to prison.
Indian national Deepanshu Kher was hired by an American IT consulting firm in 2017. This firm sent Kher to one of their client’s headquarters in Carlsbad, California to assist the business with its migration to a Microsoft Office 365 (MS O365) environment.
However, the company was quickly unhappy with the standard of Kher’s work and wasted zero time reporting this dissatisfaction to his employer. In January 2018, Kher was removed from the position, and on May 4th he was fired from the position at the IT consulting firm.
Not long after losing his job — after only a month — Kher moved to Delhi, India where he took his revenge. In August of 2018, Kher hacked into the server of the Carlsbad company that complained about his performance and deleted over 1,200 of its 1,500 MS O365 user accounts. This cyber attack affected the majority of the company’s employees, and the company was forced to shut down completely for two days.
Following the attack, the Carlsbad company repeatedly suffered IT problems for three months. Court documents recorded the company’s vice president of IT stating: “In my 30-plus years as an IT professional, I have never been part of a more difficult and trying work situation.”
Kher was arrested when he flew to the United States on January 11, 2021. On March 22, the 32 year-old was sentenced to two years in prison and three years’ supervised release. He was further ordered to pay $567,084 in restitution to the company he sabotaged.
CyberScoop brings us our next article, which is focused on CNA, one of the U.S.’s top providers of cybersecurity insurance.
CNA has been struggling with a cyber attack that prompted it to disconnect its systems from its network. Its website hasn’t been working for the last couple days, and, at the time of this release, displayed the message, “The attack caused a network disruption and impacted certain CNA systems, including corporate email.”
The Chicago-based firm reported more than $10 billion in revenue in 2020 and is in the top 15 U.S. property and casualty insurers and top 10 U.S. providers of cyber insurance, according to recent measurements.
If this attack proves to include policyholder data, industry experts warn that it could enable particularly devastating incidents in the future that hackers could leverage in extortion attempts. If this is the case, CNA said it will keep its customers updated.
The company said it discovered the intrusion on March 21, adding that it is working with forensics experts to determine the scope of the incident and has alerted law enforcement for an investigation. A spokesperson did not respond to requests for information about the nature of the hack.
“The nightmare scenario” would be if hackers got ahold of the previous policyholder data, said Coalition CEO Joshua Motta, whose company provides cyber risk management tools and cyber insurance.
According to Threatpost, ProtonVPN’s CEO says Apple rejected a security update needed to protect human-rights abuse evidence.
In a blog post that’s filled with a passionate defense of human rights and internet privacy, Andy Yen, the CEO of secure internet provider ProtonVPN, blasted Apple for blocking its latest update and accused the tech giant of helping the global spread of authoritarianism by “giving in to tyrants.”
Yen emphasized in his blog that this issue is immediate, with “life and death” consequences. In the days following a Feb. 1 military coup that seized control of the Myanmar government, signups for ProtonVPN encrypted internet services exploded by 250 times over the previous average daily rate, Yen stated. Encrypted internet access has become particularly vital once the military started ordering the country’s telecom companies to block internet access and social media platforms.
Secure channels like ProtonMail were also being used to send evidence of crimes against humanity to the U.N. in response to the body’s March 17 appeal for people to preserve documentary evidence on the ground. “In the same day the U.N. recommended Proton apps, Apple suddenly rejected important updates to our ProtonVPN iOS app,” Yen wrote.
“Today, apps like ProtonVPN are a lifeline to the rest of the world for the people of Myanmar who are being massacred,” Yen wrote. “By preventing us from informing users that ProtonVPN can be used to bypass internet restrictions, Apple is making it harder for people to find this lifeline. Apple’s decision will make it even more difficult for the citizens of Myanmar to send evidence of crimes against humanity to the United Nations.”
The Biden administration seeks ways to better gather and share security intelligence from the private sector, but experts see barriers to success, according to CSO Online.
As the federal government continues to deal with the aftershock of Russia and China’s widespread and damaging hacks, the Biden administration is seeking new methods for better early threat detection of these sophisticated intrusions. Both the notorious SolarWinds espionage hack attributed to Russia and the Microsoft Exchange vulnerabilities attributed to China were uncovered by private firms, cybersecurity giant FireEye and Microsoft.
Both attacks originated on servers within the U.S., placing them out of reach of the National Security Agency’s (NSA’s) powerful detection capabilities, which U.S. law restricts to international activities. The Biden White House is brainstorming methods to establish new early warning systems that combine traditional intelligence agency methods with private sector expertise.
Relating to these efforts, on March 17th the White House announced the formation of a task force it calls the Unified Coordination Group consisting of federal and private sector representatives charged with finding a “whole of government” response to the Microsoft Exchange attack. Chief among the new approaches is establishing more profound information sharing methods with the private sector.
In our final story of the week from Threatpost, TikTok source code has been deemed “in line with industry standards” relating to censorship and privacy.
Privacy and censorship criticisms have been circulating about the video social media app TikTok for the past several months. Security analysts from CitizenLab are the first to collect real data on the platform’s source code, and reported that TikTok meets reasonable standards of security and privacy.
The platform, CitizenLab concluded, is a customized version of the more intrusive versions of the application used by TikTok’s parent company, China-based parent ByteDance, across East and Southeast Asia, minus limitations on access and privacy. The firm explained that the controls put in place by ByteDance for the version of TikTok available in the United States are sufficient, “nor [contain] strong deviations of privacy, security, and censorship practices when compared to TikTok’s competitors, like Facebook,” the report said.
However, there are lingering concerns about the capability of the source-code to be “turned on” in the U.S. version of TikTok down the line. TikTok is the first social media platform to come out of a Communist country and explode across the globe. In fact, TikTok’s rise has been so extreme that last year it posted the most downloads in a single quarter for any app ever and crossed more than 2 billion users worldwide.
Last summer, former President Trump threatened to ban TikTok and even signed an executive order to block it from app stores over what was called “national-security concerns.” It turns out that those accusations were unfound, according to these new findings from CitizensLab.
Ransomware Triggers Food Shortages, AWS Bomb Plot, and PlexTrac Secures...
U.S. to Publish SolarWinds Hacking Tools, UK Cyber Security Council...
Fired IT Contractor Jailed for Retaliatory Attack, CEO Blasts Apple...
COVID-19 ‘Relief Check’ Scam, TrickBot Campaigns, and a Prison Sentence...