Also on today’s menu:
Open-Source Software Security
Security On The World Stage
There has been a lot of publicity about the computer hack in Peterborough that robbed the town of $2.3 million. Criminals posing as officials with the ConVal School District and Franklin-based contractor Beck & Bellucci sent emails to the town seeking vendor payments. Unsuspecting municipal employees paid the invoices, which went into the accounts of the hackers.
Peterborough was not alone. Primex, the Public Risk Management Exchange that provides pooled insurance coverage to municipalities, schools, and counties, reports an increase in cybersecurity claims from four in 2019 to 14 in 2020, and there were 24 claims as of October 2021.
Pam McLeod, director of technology for the Concord School District, agrees that investments in technology and staff training in how to avoid data loss are important, but she said that budget and staffing constraints make the task difficult. “The days of getting a teacher a laptop and then waiting 10 years to replace it are long gone,” McLeod said. “We’re on a three- to four-year cycle for all of our devices so that we’re staying up to date. Everything, from our servers to our specific devices, we need to keep those on modern operating systems. That’s a big step to staying secure.”
Open-Source Software Security
The White House is discussing ways to improve security for open-source software libraries today with leading technology companies, along with a number of relevant government agencies, to address what senior administration officials are calling a “key national security concern.” Representatives from Akamai, Amazon, Apache Software Foundation, Apple, Cloudfare, Facebook/Meta, GitHub, Google, IBM, Linux Open Source Foundation, Microsoft, Oracle, RedHat, and VMWare are among those taking part.
“Open-source software has accelerated the pace of innovation and has driven tremendous societal and economic benefits, but the fact that it is broadly used and maintained by volunteers is a combination that is a key national security concern, as we are experiencing with the log4j vulnerability,” a senior administration official said.
Log4j is a flaw that lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics. It runs across platforms that include Windows, Linux, and Apple’s MacOS, powering everything from webcams to car navigation systems and medical devices, according to the security firm Bitdefender.
Security On The World Stage
While U.S. and Russia officials are trying to de-escalate tensions between Russia and the Ukraine, some experts are warning of the possible use of cyber capabilities as a war tactic.
In the past, Russia has targeted Ukraine using cyber techniques, especially leading up to the annexation of the Crimea region. Other government agencies and experts believe that Russia used distributed denial of service (DDOS) attacks against both Georgia and Estonia around the same time. When Russia turned its attention back to Ukraine in 2017, the U.S. government suspected that members of the country’s Main Intelligence Directorate, also known as the GRU, deployed malware dubbed NotPetya against the country, causing billions in damage. Investigators found the NotPetya attack spread to organizations such as Danish shipping giant Maersk, the Heritage Valley Health System in Pennsylvania, and FedEx’s TNT Express.
“The best preparation, frankly, is to invest in an ongoing capacity to detect and respond to adversaries that have bypassed preventive controls and are lurking inside an organization — whether those are criminals or nation-states,” Tim Wade, former security and technical manager for the U.S. Air Force and technical director at security company Vectra AI, told Dice.
Please Support Our Efforts
The News Café is a virtual meeting place where we discuss the news of the day. An effort by the Liberty Independent Media Project, the work does not rely on advertising, as most media outlets do, freeing us to provide an independent focus on events and cultural issues. The project instead relies on direct monetary support from donors and subscribers.
If you like what we’re doing, please give what you can. Subscriptions to this newsletter are available for as little as $5 per month. Subscribers can share their knowledge, thoughts, and questions about any topic, and we may select some of those subjects for more in-depth analysis.
If you’re unable to pay but still want to receive all of the free public posts in your in-box, click the Subscribe button and select a free subscription.