Cyber Connections News Roundup: April 20

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

April 20

FIN7 Administrator Sentenced to Prison

According to a recent report on www.cyberscoop.com, a U.S. federal judge on April 16 sentenced Fedir Hladyr to 10 years in prison for his alleged role as an administrator of the multibillion-dollar cybercrime group known as FIN7, which has breached hundreds of U.S. firms. FIN7, one of the most formidable cybercriminal groups of recent history, allegedly siphoned off millions of credit card numbers from restaurant and hospitality chains in 47 U.S. states. Hladyr allegedly controlled an instant messaging service that the crime group used to upload stolen payment card data and screenshots from hacked financial firms. Read more.

Promoting Diversity Is Key to Closing the Jobs Gap

The shortage of cybersecurity professionals in the U.S., which is only expected to grow, according to a recent article on www.washingtonpost.com, has encouraged government officials to ramp up their efforts to address barriers surrounding diversity. In a recent speech Department of Homeland Security Secretary Alejandro Mayorkas said the agency plans to launch a diversity and workforce development initiative in the coming months. The plan includes equal access to professional development opportunities to fill the current half-million cyber vacancies across our country and to prevent future shortages that threaten our ability to compete. Read more.

Wind Energy Latest Concern Among Cybersecurity Experts

In a recent opinion piece on www.theepochtimes.com, Bonner Cohen, senior fellow at the National Center for Public Policy Research, warns that by announcing its intention to increase the dependence of the American energy grid on renewable sources such as wind, the Biden administration may also be increasing the threat of cyber attacks on infrastructure by random hackers and hostile governments such as Communist China. Cohen said that the more wind installations that come into service, the more cybersecurity challenges their integrated control systems and related technologies will pose. As tensions rise between the United States and China, a growing Chinese presence in the wind power industry could end up becoming a national cybersecurity threat. Read more.

Recent Annual Threat Assessment Report Pins SolarWinds Attack Squarely on Russia

The Office of the Director of National Intelligence released its Annual Threat Assessment on April 13. A recent article on www.cyberscoop.com breaks down that report, noting that the intelligence communitymade its most direct public attribution, yet that Russia perpetrated the SolarWinds attack in order to facilitate a sweeping espionage operation, impacting hundreds of companies and U.S. federal agencies. Specifically, and without directly naming SolarWinds, the report said that a Russian software supply chain operation against a US-based IT firm exposed approximately 18,000 customers worldwide, including enterprise networks across US Federal, state, and local governments. Under the Trump, the intelligence community had stated that the operation was “likely” Russian in origin. Read more.

Democrats Reintroduce IoT Bill

According to a recent article on www.msspalert.com, Democrats have reintroduced the Cyber Shield Act, a bill to legislate cybersecurity into Internet of Things (IoT) devices. The bill calls for a voluntary certification program that would allow manufacturers to verify their connected devices as hacker proof. The bill was first introduced in 2017 and again in 2019, with this latest attempt again sponsored by Senator Edward J. Markey (D-MA) and Congressman Ted Lieu (D-CA). The Act establishes cybersecurity benchmarks for IoT devices based on standards set by an advisory committee of cybersecurity experts from academia, industry, consumer groups, government and the public. Read more.