Congress should limit the scope of any cyber incident reporting legislation, CTA, the Internet Association, Information Technology Industry Council and 15 other industry groups wrote lawmakers Friday, before the House Cybersecurity Subcommittee’s Wednesday hearing on incident reporting. The Business Roundtable, BSA|The Software Alliance, ACT|The App Association, CompTIA, Software & Information Industry Association, TechNet and Telecommunications Industry Association also signed. Legislation should include reporting timelines no less than 72 hours, they wrote. Reporting should be limited to verified incidents and reporting obligations limited to victim organizations, they said. Hearing witnesses are: USTelecom Senior Vice President-Cybersecurity Robert Mayer, ITI Senior Vice President-Policy John Miller, Heather Hogsett, Bank Policy Institute senior vice president-technology and risk strategy for its technology policy division, FireEye Mandiant Vice President Ronald Bushar, and American Gas Association Managing Director-Security and Operations Kimberly Denbow.
A new DOJ Cyber Fellowship program is designed to develop “prosecutors and attorneys equipped to handle emerging national security threats,” the agency said Friday. The program will be coordinated through the Criminal Division’s Computer Crime and Intellectual Property Section, it said.
A hacker used “brute force” to hack into T-Mobile’s system and steal customer data (see 2108180062), CEO Mike Sievert blogged Friday. T-Mobile is working with law enforcement and is constrained in what it can say, he noted. “What we can share is that, in simplest terms, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data,” Sievert said: “In short, this individual’s intent was to break in and steal data, and they succeeded.” T-Mobile is acting to make its systems more secure, he said. The carrier is getting help from cybersecurity experts at Mandiant and consulting firm KPMG, he said. Mandiant has been part of the forensic investigation “and we are now expanding our relationship to draw on the expertise they’ve gained from the front lines of large-scale data breaches and use their scalable security solutions to become more resilient to future cyber threats,” he said: KPMG is reviewing “all T-Mobile security policies and performance measurement.”
The Department of Homeland Security “needs to provide details” about coordination between entities “responsible for cybersecurity and those responsible for enterprise risk management,” the GAO said in recommendations released Monday. GAO cited July 2019 recommendations for DHS to “document a process for coordination between its cybersecurity risk management and enterprise risk management functions.” The department concurred with the recommendation and had estimated completion by July 31, 2020. To consider the recommendation “fully implemented,” DHS will need to follow Monday’s recommendation, GAO said.
The ransomware threat “continues to rise,” and the average ransom demand in 2021's first half grew 518% from a year earlier, said Palo Alto Networks CEO Nikesh Arora on an earnings call Monday for fiscal Q4 ended July 31. “Ransomware readiness” is one of Palo Alto’s “key engagements,” he said. It did 39 readiness “assessments” in the quarter and has 300 more in the “pipeline,” he said. Quarterly billings of $1.87 billion were up 24% year over year, "well ahead of our guided 22% to 23% growth," said Chief Financial Officer Dipak Golechha. Revenue growth of 28% "was above the high end of our guidance range," he said. "Growth was driven by strong demand across all geographies and major product areas." The stock closed 18.6% higher Tuesday at $441.87.
Comcast's cybersecurity strategies include assessing how the company might be affected by major breaches like those against Colonial Pipeline and T-Mobile, said Chief Product and Information Security Officer Noopur Davis. She spoke Tuesday in Aspen, Colorado, at the Technology Policy Institute conference, where the previous day, the incident at T-Mobile was discussed and disclosed; see our reports here and here. "Immediately, yesterday, I had to step out of some of these sessions" at TPI when she heard of the data hacks against T-Mobile, Davis said: "My immediate, emotional response to seeing something like T-Mobile in the news is sympathy and empathy," and "it could happen to any of us." The reported incident spurred Comcast to look at "how did these threat actors get into T-Mobile" and are there "things that could impact us," Davis said. "Our surface is enormous" for possible attacks at Comcast, she added. "You have to start looking at that entire ecosystem." T-Mobile didn't comment on her remarks, saying it had no update on the incident. Davis also spoke to TPI about her company's cybersecurity strategy (see 2108170054).
Increased device mobility and complexity “are leaving schools increasingly vulnerable to security risks and potential attacks,” reported Absolute Software Tuesday. The cybersecurity company analyzed “anonymized” data from more than 10,000 schools, finding the total number of devices deployed increased 74% from 2019 to 2020, it said. “The disruption caused by digital learning -- and the flurry of new technologies needed to support it -- opened up new potential attack vectors for cybercriminals, it said, citing FBI statistics showing 57% of all reported ransomware attacks in August and September 2020 targeted K-12 schools. Absolute found that nearly half (47%) of K-12 devices in spring 2021 were located more than 25 miles from their school or district, compared with 27% a year earlier. Students and faculty spent 60% of their time online actively using officially sanctioned educational resources so far in 2021, but 21% of online activity takes place “outside established and approved education sites,” it said.
The volume of first-half 2021 phishing attacks jumped 22% from a year earlier, but phishing volume in June “dipped dramatically” for the first time in six months, immediately after a very high volume in May, reported PhishLabs Tuesday. Bad actors are using phishing “to fleece proprietary information” in increasingly more sophisticated attacks, “based on growth in areas such as cryptocurrency and sites that use single-sign-on,” said Chief Technology Officer John LaCour. Of the significant decline in bad behavior from May to June, “we’ll continue to monitor through the summer and analyze if we’re seeing a trend in the right direction, or if attackers simply took a summer vacation.”
Dish Network Chairman Charlie Ergen hadn't heard from T-Mobile about any data breach, he told the Technology Policy Institute Monday. At around that same time, T-Mobile said it's investigating such claims and suggested a hack may have occurred. “We take the protection of our customers very seriously and we are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims, and we are coordinating with law enforcement,” the carrier emailed. “We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed.” T-Mobile didn't immediately say if it subsequently communicated with Dish, which has prepaid wireless customers divested as part of T-Mobile's buying Sprint on the T-Mobile network. Speaking in Aspen, Colorado, Ergen noted there are about 9 million such customers. In general, such hacks “are too common” an occurrence, he said. Telecom networks are “particularly susceptible” to intrusions, Ergen said. “It's why the government is properly looking at Chinese vendors.” With Dish's wireless network construction, it's “trying to build [security] in on the front end,” Ergen said. “To the extent” a data break-in took place, he said, “we’ll have to deal with it.” Ergen also hopes to settle a 3G network phaseout issue with T-Mobile, he told TPI (see 2108160057). “The key is to work together” with government on cybersecurity, Ergen said. “We’ve asked for it. We’re open to help.” He likes “the partnership with government when it comes to security. We’re open to it, and we’re happy to share what we’re doing.”
Dell’s Latitude 5000 and 7000 series of laptops are embedded with Fingerprints identity authentication technology in their power buttons, said the biometrics company Thursday. Dell’s endorsement “confirms the positive trend in demand for biometric authentication in consumer and enterprise PCs,” it said. The new Fingerprints authentication interfaces with Microsoft’s Windows Hello enhanced sign-in security and can be used in combination with a broad range of touch sensors, it said.