This Week in Security News – October 29, 2021

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about what victims go through during a ransomware negotiation. Also, read on how cybercriminal group, Grief, claims to have hacked the NRA.

Read on:

What To Expect in A Ransomware Negotiation

Trend Micro wanted to get a better understanding of what victims go through during the aftermath and recovery process of a ransomware attack to help others in case they find themselves in a similar situation. To do this, it analyzed victim support chats for five ransomware families: Conti, Lockbit 2.0, AvosLocker, Hive, and HelloKitty for Linux. In this blog, Trend Micro identified trends and commonalities across the actors and affiliates and offer guidance for organizations.

Cybercriminals Claim to Have Hacked the NRA

A notorious Russian cybercriminal group has posted what appear to be National Rifle Association files to the dark web. Like many ransomware gangs, Grief often posts a handful files stolen from a victim in an effort to spur a ransom payment. While paying any ransomware hacker is a risk, Grief is particularly tricky. Cybersecurity experts widely believe Grief is a rebranded effort by a group of Russian cybercriminals who previously used the nickname Evil Corp, which is currently under sanctions by the U.S. Treasury Department.

India Releases Cybersecurity Guidelines for Power Sector

The Indian Government’s Power Ministry and the Central Electricity Authority (CEA) recently released cybersecurity guidelines to enhance the power sector’s cybersecurity readiness. It is the first time that cybersecurity guidelines are created for the sector. All power sector utilities must comply with the new regulations.

Iran President: Cyberattack on Gas Stations Meant to Create Anger, Disruption

During the cyberattack, when someone tried to use a government card to get subsidized fuel, a message popped up that said, “cyberattack 64411,” according to the news agency ISNA. The agency later took down the post, saying they were hacked, but the AP reported that other outlets in Iran have also claimed they were hacked after posting news the government disapproves of.

The Most Common Cloud Misconfigurations That Could Lead to Security BreachesUsing Trend Micro Cloud One™ – Conformity data, Trend Micro looked at the top 10 Amazon Web Services (AWS) and Microsoft Azure services with the highest misconfiguration rates with regard to the implementation of Cloud Conformity rules. In this blog, learn more about these common cloud misconfigurations.

State Department Will Form New Cyber Bureau

The Biden administration is launching a new bureau for cyberspace and digital policy at the State Department as part of an effort to strengthen diplomats’ cyber expertise, Secretary of State Tony Blinken announced in an email to the department’s workforce on Monday. The bureau will focus on three key areas: international cybersecurity, international digital policy and digital freedom.

Smart Car Makers VW & Nissan to Build Smart Factories

Nissan has unveiled its Intelligent Factory Initiative, a new production line at its Tochigi Plant. This new technology aims to help the company achieve carbon neutrality by 2050. Meanwhile, Volkswagen has taken another leap into making its factories fully networked. A local 5G standalone network (campus network) is now available at the German automaker’s Wolfsburg plant.

California Publishes ‘Road Map’ for Next Five Years of Cybersecurity

The “Cal-Secure” plan, which Gov. Gavin Newsom announced Friday, aims to expand and improve security technologies and controls, conduct broader oversight and compliance operations and fill job vacancies across a statewide enterprise with more than 150 agencies and a highly federated IT governance structure. The plan is also an extension of “Vision 2020,” an IT agenda the state implemented in 2017.

Google, Twitter Back #ShareTheMicInCyber Campaign to Expand Cybersecurity Industry

The #ShareTheMicInCyber campaign that took over the Twitter pages of the country’s cybersecurity leaders last week is being formalized thanks to a partnership between the movement’s founders and a think tank. A fellowship will be created for 2020 that will be centered around researching diversity and inclusion in the cybersecurity industry, nurturing a stable of mentors and organizing professional development activities.

Russian Hackers Reportedly Hid Behind Americans’ Home Networks

Russian military hackers have been waging an ongoing hacking campaign against high-level American targets and have used a special technique to mask their activities: a tool to hide behind addresses associated with everyday Americans’ home and mobile networks.

New Real-World Cybersecurity Training Range Opens in South Florida

A new cybersecurity training range with a software platform powered by Cyberoperations Enhanced Network and Training Simulators (CyberCents) has opened in Fort Lauderdale, Florida. The next-gen training facility at the Alan B. Levan Center at Nova Southeastern University is aimed at filling the cybersecurity skill gaps that currently exist globally. It’s located at the NSU Broward Center of Innovation, an economic and education development engine in South Florida.

Op-ed: How the US Can Finally Close the Cyber Workforce Gap

For many Americans, the COVID-19 pandemic brought their work into the digital sphere to a far greater extent than ever before. The shift to online work has increased our economy’s reliance on secure and dependable technology. Maintaining America’s economic competitiveness will require continued investment in the tools needed to compete in the digital economy and the workforce to build and protect these tools from online threats.

What do you think about the new State Department cyber bureau? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

Read More HERE