Cyber Connections News Roundup: Feb. 23

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

February 23

SolarWinds Response to Be Part of Biden Administration Cybersecurity Efforts

According to an article on www.duo.com, as part of its commitment to cybersecurity, which includes more than $10 billion of it of its $1.9 trillion COVID-19 recovery proposal, the Biden administration’s will propose an executive order to address “gaps” in the federal government’s network security to prevent future breaches like the massive SolarWinds attack. The breach, which impacted nine federal agencies and compromised about 100 private sector companies, is believed to have been the result of Russian hackers. The administration is also working with allies who have been similarly affected by Russian cyberattacks and espionage. Read more.

U.S. Charges North Koreans With Cybercrime Theft

Prosecutors unsealed an indictment on Feb. 17 charging three North Korean computer programmers with a criminal conspiracy to steal and extort $1.3 billion from financial institutions and companies in both cryptocurrency and cash. According to a report on www.cyberscoop.com, the indictment of three men— Jon Chang Hyok, Kim Il and Park Jin Hyok, the third of whom the DOJ targeted in 2018 — accuses them of working on behalf of North Korea’s Reconnaissance General Bureau, a military intelligence agency. The charges expand on the first case brought in 2018 against a North Korean regime-affiliated hacker tied to some of the nation’s most prominent alleged hacking campaigns, including the 2014 Sony attack, the 2016 Bangladesh bank heist and the 2017 WannaCry outbreak. Read more.

Integrated Security Models Gaining Traction According to New PwC Survey

PwC’s 2021 Global Digital Trust Insights, a survey of 3,249 business and technology executives worldwide, tells us that innovation is changing the cybersecurity game, giving new advantages to defenders and leveling the playing field with attackers. According to the report, an existing array of cyber solutions has matured, enabling a shift to Zero Trust architectures, real-time threat intelligence, security orchestration and automation, advanced endpoint protection, identity and access management and other advanced technologies—prompted in large part by a threefold growth in cloud services. Organizations are investing in the classic digital transformation trifecta—people, processes and technologies—to close the wide lead that attackers have long held. Read more.

Recent Cyber Attack on Florida Water Supply Exposed Gaps in Security

According to a recent report on www.nbcnews.com, hackers looked to poison the water supply in Oldsmar, Florida. Experts say the hack, which was addressed quickly, was a prime example of why the cybersecurity of the U.S. water supply remains one of the greatest risks to the country’s infrastructure. In the case of the Oldsmar attack, the hackers needed only to gain access to a TeamViewer account, which lets remote users take full control of a computer associated with the plant. That let them set the chemical content for the underground water reservoir that provides the drinking water for nearly 15,000 people. The facility has backup alarms to measure unsafe chemical levels, but the hackers were at least briefly able to order the plant to poison the water. Read more.

Educators Lagging in Cyber Training

A recent article on www.edweek.com claims that 44% of K-12 and college educators say they haven’t received basic cybersecurity training, and another 8% were unsure if they had been trained at all. That’s according to an October 2020 survey by Morning Consult on behalf of IBM, a technology company. That finding is despite the fact that many educators teaching in full-time remote or hybrid learning environments have experienced the problem. Perhaps more problematic from a cybersecurity perspective is that more than half of K-12 educators report that they are using their own personal computing devices for remote learning. Such devices tend to lack the same level of cybersecurity protections as school-issued. Read more.