Security week 8

Stay safe. We bring you our regular weekly overview of security news.

Tightening security after the attack on the Colonial Pipeline

The Department of Homeland Security has announced new security requirements to protect oil pipelines after Colonial Pipeline became the victim of an attack and was forced to suspend its operations. From now on, operators of such facilities are required to report any confirmed or potential cyber security incident. They must also establish computer security coordinators available 24/7 and report all risks and security deficiencies and countermeasures taken by the Transportation Security Administration (TSA) and CISA.

The US army has tightened the conditions for working from home for a while

IoT devices capable of automatically recording sound have been placed on a list of prohibited articles that may be present in a room intended for teleworking. The restriction applies to private smartphones, tablets, personal assistants (e.g. Siri, Cortana, “hey, Google”) etc. Restrictions must be respected by military and civilian staff, but also by contractors. After a few days, however, the army canceled the policy, saying that further staffing steps were needed. It is not clear whether the policy will be reintroduced and it also depends on the amount of telework after the end of the pandemic measures. In any case, the idea of the potential leakage of trusted information through such devices is interesting.

The hackers affected the Swedish database of infectious diseases with their attacks

The Swedish Public Health Agency (Folkhälsomyndigheten) had to shut down SmiNet, a database of infectious diseases, after becoming the target of several attacks. During this period, SmiNet is also used for statistical reports regarding the Covid-19 pandemic. It is currently being examined whether sensitive personal data has been compromised.

The food giant became the target of a hacker attack

Food company JBS has confirmed that it had been the victim of an attack that affected its systems in North America and Australia. At present, it is not known if the customer, supplier or employee data have leaked. The details of the attack are unknown. The FBI issued a short statement attributing the attack to ransomware gang REvil.

The US government plans to catch the hackers behind the attack on the Colonial Pipeline

The hackers who attacked the Colonial Pipline have become persons of interest of the US government. Although Joe Biden said no country-linked group was behind the attack, it is clear that they operate from Russia. However, he expects the Russian government to cooperate in resolving this case. The company, meanwhile, has paid a $ 5 million ransom to resume fuel supplies. Despite paying the ransom, the decryption tool turned out to be slow and the company still had to rely mainly on its reserves. The ransom was paid despite the FBI and CISA strongly warn against such a procedure.