Cyber Connections News Roundup: May 18

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

May 18

U.S. Government Acts in Wake of Colonial Pipeline Attack

The Biden administration announced an executive order that contains sweeping improvements to the nation’s cybersecurity defenses, according to a recent article on www.cpomagazine.com. The executive order, a response to the Colonial Pipeline incident that impacted states along the southern and eastern coast, echoes themes established in the recent proposal of a ransomware task force, calling for increased partnership with the private sector along with significant investments. One measure calls for the sharing of threat information, as IT and OT service providers often have contracts that prevent them from sharing information about cybersecurity breaches with other agencies. Read more.

DHS Plans to Hire 200 Cyber Professionals In Response to Recent Attacks

A recent article on www.workscoop.com reports that the Department of Homeland Security (DHS) plans to hire 200 new cybersecurity professionals by July as the Biden administration aims to curb ransomware attacks affecting U.S. corporations, as well as foreign espionage operations. In a speech May 12, Homeland Security Secretary Alejandro Mayorkas said the cyber recruiting was part of “the most significant hiring initiative” that DHS has undertaken in its 18-year history. Half of the new jobs will be with DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and the other half will be with other DHS agencies that work on cybersecurity. Read more.

Metropolitan Police Department Hackers Claim to Release Data After Ransom Remains Unpaid

According to a recent article on www.forbes.com, hackers who broke into the Washington, D.C., Metropolitan Police Department, locked up files and demanded $4 million in return for not leaking the agency’s data, have now released what they claim is the full batch of documents they stole. The Babuk ransomware crew said it amounted to a huge 250GB trove of files, including a “gang database” and masses of personal data of police personnel and informers. The Metropolitan Police Department (MPD) declined to comment, though it has previously acknowledged an attack on its IT systems and has brought in the FBI to assist with the investigation. Babuk first started leaking data in April. Read more.

Cyber Attackers Continue to Exploit Security Gaps from COVID019

A recent article on https://manufacturingglobal.com highlights the need for companies to protect IP from cyberattacks. As the fallout from the SolarWinds attack and the recent Colonial Pipeline attack dominate the news, the applications companies use for day-to-day operations can be turned into malicious programs by nefarious actors. And the cost of each breach for manufacturers is now greater than $1M according to Manufacturers Alliance for Productivity & Innovation (MAPI). According to the article, researchers say that manufacturers have already experienced an 11% increase in attacks and intrusions on their networks in 2020 than all of 2019. Read more.

Florida Homecoming Queen Accused of Hacking Computer System to Win

According to an article on www.cyberscoop.com, a teenager accused of gaining unauthorized access to school computer systems in order to rig a homecoming queen contest with her mother will stand trial as an adult, and could spend 16 years in prison if convicted. Emily Grover, who turned 18 in April but who was arrested in March, when she was 17, faces four charges alongside her mother, Laura Carroll. The pair allegedly schemed to cast hundreds of fraudulent votes in the homecoming contest, an election that Grover ultimately won. The Florida teen and her mother each face charges of offenses against users of computers, computer systems, computer networks, and electronic devices; unlawful use of a two-way communications device; criminal use of personally identifiable information; and conspiracy to commit these offenses. Read more.