Friday Five 5/14
Pipeline breaches, cybersecurity executive orders, and WIFI vulnerabilities - catch up on all of the week's infosec news with the Friday Five!
1. Following Attack, Colonial Pipeline Says Systems Could be Online by End of Week by Chris Brook
In this week's big cybersecurity news, a major U.S. pipeline was impacted by a ransomware attack. On Monday, the FBI confirmed that the attack was carried out by the DarkSide ransomware group. Despite the government stressing that there's not an oil shortage, the panic caused by the coverage has led to some shortages as Americans have tried to horde oil in the fear that there might be a shortage. Colonial Pipeline, which oversees about 45 percent of the fuel supplies for the Eastern U.S. has announced that it plans to have the pipeline back operational by the end of the week, which is much faster than initially feared. It will be interesting to see how the effects of the Colonial hack will impact the cybersecurity executive order which was signed this week by President Biden.
2. Experts suggest French insurer AXA's plan to shun ransomware payouts will set a precedent by Tim Starks
A decision by the French insurer AXA to no longer cover extortion payments in cases involving ransomware may set a precedent for the rest of the insurance industry. Cyber insurance experts have long argued for this change as insurance policies covering ransomware have incentivized criminals because it guarantees a company has the money to pay a ransom. May experts are surprised that this change hasn't happened sooner as some argue the insurance helps maintain a vicious cycle of theft. Even if other insurance companies don’t follow suit in eliminating payments, the hope is that it can start a dialogue around what policies a company must adopt to hold a ransomware insurance policy, such as requiring policyholders to enable 2FA across their organization.
3. WiFi devices going back to 1997 vulnerable to new Frag Attacks by Catalin Cimpanu
A Belgian security researcher has discovered a series of so-called "frag attacks," or fragmentation and aggregation attacks, which allow the attacker to gather information and run malicious code through Wi-Fi devices. Crucially, the attacks are effective even if Wi-Fi’s security protocols, such as WEP and WPA are active, and is concerning as it might be a setback in what has been steadily improving Wi-Fi security. Three of the vulnerabilities are flaws in the Wi-Fi standard and in turn, affect most devices while the rest are programmed mistakes in the implementation of Wi-Fi. For now, patches that fix some of the vulnerabilities have been released along with a series of mitigations while the researchers work on patches for the rest.
4. Biden signs order to beef up federal cyber defenses by Alan Suderman
President Biden signed an executive order on Wednesday intending to strengthen U.S. cybersecurity defenses. The executive order comes on the heels of a number of high-profile cyberattacks this year, most recently the Colonial Pipeline ransomware attack last week. The order will require new standards for software makers that work with the federal government and force all federal agencies to adopt cybersecurity measures like multi-factor authentication. The order also contains a pilot program that will develop a rating system similar to sanitary inspections in restaurants to make sure that companies are secure from a cybersecurity standpoint. Finally, the order will create a new cybersecurity safety review board which will be co-chaired by an official from the private sector and government to signal a new era of cooperation.
5. How the Personal Computer Broke the Human Body by Laine Nooney
This story tracks the history of how our constant use of computers in our life has changed our bodies over time. It’s especially relevant in the WFH environment as we consider the aches and pains that may arise from our heavy computer use. Research in the article clearly shows that as more people started working on computers the number of corresponding difficulties with wrist pain, vision problems, and back soreness increased proportionally. It’s not surprising as in the history of human work, the posture and requirement of working on a computer are unprecedented and we’re still grappling with the implications of that change. It’s an interesting story to make us reflect on our relationship with these machines that in many ways have made our lives better but have also complicated them in ways we’re still reckoning with today.