Friday Five 6/4
A behind the scenes look at ransomware, advances in quantum computing, and potential cybersecurity funding in 2022 - catch up on all of the week's infosec news with the Friday Five!
1. SolarWinds hackers are behind a widespread phishing campaign impersonating USAID, Microsoft says by Sean Lyngaas
The Russian spies behind the SolarWinds breach have launched a phishing campaign that's targeting at least 150 organizations across 24 countries. The phishing campaign has been disguised as emails purporting to be from the U.S. Agency for International Development, a legitimate group that's in charge of administering civilian foreign aid and development assistance. The messages were sent through a compromised account that USAID usually uses to send marketing emails. Most of the emails were blocked, but it’s still unclear how successful the campaign was in infiltrating organizations. The campaign could be signaling a change in the group's tactics and businesses should be on the lookout for the phishing campaign.
2. Scientists Successfully Entangled Quantum 'Memories'. What? by Mordechai Rorvig
This fascinating article looks at the drive to allow quantum computers to send signals to each other over long distances. To solve the issue, scientists have developed an alternative of sending signals over shorter trips and storing signals in memory. New research published in Nature Magazine has discovered a way to pass signals that last 1000 times longer than previous experiments. The improved ability to pass signals is a potentially huge development for quantum computers and the article is worth reading for the technical details of how they improved the system.
3. Secret Chats Show How Cybergang Became a Ransomware Powerhouse by Andrew E. Kramer, Michael Schwirtz, and Anton Troianovski
Through the internal dashboard used by customers of the Darkside ransomware gang, this story takes a behind the scenes look at the ransomware gang behind the Colonial Pipeline breach. The story also highlights how ransomware has shifted from a specialized industry with a high bar of entry to a field now full of small-time criminals with the rise of ransomware-as-a-service business model. Moreover, news of how lucrative ransomware can be has also spurred entry into the criminal industry. Interestingly, the ransomware-as-a-service model seems to contend with all of the growing pains that come with a new business, including complaints about its website and having to provide customer service for its clients. It’s also interesting in the internal messages that DarkSide tries to be polite, which makes sense as their goal is to get payment and the veneer of professionality increases the odds of a company paying. The story is worth reading because to combat the ransomware threat, it’s important to understand both the business and psychology of these criminal enterprises.
4. Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber by Tim Starks
In a detailed look at cybersecurity funding in the proposed 2022 federal budget, it’s clear with the increased spending that cybersecurity is a top priority for the new administration. In total, the budget requests $9.8 billion in federal cybersecurity funding and $750 million to respond to the SolarWinds breach earlier this year. The budget also allocates funds to fulfill recommendations from the Cyberspace Solarium Commission, such as the creation of the National Cyber Director Office out of the White House. Along with the recent executive order, the budget is part of the larger White House response to the notable cyberattacks of the last few months: including the Colonial Breach and the aforementioned Solar Winds breach.
5. Ransomware Hits a Food Supply Giant--and Underscores a Dire Threat by Lily Hay Newman
Ransomware has continued to dominate cybersecurity news. This week, JBS SA, the world’s largest meat processing company was hit with a ransomware attack. The attack has raised understandable concern about a disruption to the food supply chain. Early signs are that the attack came from one of the cybercriminal groups that operate out of Russia with impunity. JBS is the latest example of how ransomware affects everyone, from companies to individuals, and that it will take the joint effort of the government and private sector to fight the threat.