Roughly 75% of small and medium-sized businesses have experienced a cyber breach at least once, and 45% were hacked in the past year, reported USTelecom and CyberRx Thursday. SMBs took an average of five months to fully recover and spent $170,000 to resolve each cyber breach. About six in 10 report breaches that stopped daily productivity; 46% reported lost customers. "SolarWinds and the recent attack at a water plant in Florida demonstrate that companies need to immediately take stock of their cyber defenses -- and get ready" (see 2103040066), said Robert Mayer, USTelecom senior vice president-cybersecurity and innovation.
China “firmly opposes and combats” cyberattacks and cybertheft “in all forms,” said a Foreign Affairs Ministry spokesperson when asked Wednesday about Microsoft’s disclosures of a new “state-sponsored threat actor” based in China it named Hafnium. Microsoft said the hacking group preys on infectious disease researchers, law firms, universities, defense contractors and think tanks. China considers it “a highly sensitive political issue to pin the label of cyber attack to a certain government,” said the spokesperson. "We hope that relevant media and companies will adopt a professional and responsible attitude and underscore the importance to have enough evidence when identifying cyber-related incidents, rather than make groundless accusations.” Though Hafnium is based in China, it conducts its operations from leased virtual private servers in the U.S., blogged Tom Burt, Microsoft corporate vice president-customer security and trust. Hafnium uses “previously undiscovered vulnerabilities” to gain access to network servers by disguising itself “as someone who should have access,” said Burt Tuesday. It creates a “web shell” to control the compromised server remotely and uses that remote access “to steal data from an organization’s network,” he said. “We need more information to be shared rapidly about cyberattacks to enable all of us to better defend against them. That is why Microsoft President Brad Smith recently told the U.S. Congress that we must take steps to require reporting of cyber incidents.”
IT decision-makers observed an “uptick in risky behaviors” online from employees since the pandemic forced most to work remotely, reported Tanium Monday. The cybersecurity vendor canvassed 500 enterprise IT leaders in the U.S. and U.K. in late November, finding 41% say employees stored sensitive data on their PCs and 38% say workers click on phishing emails. The SolarWinds attack illustrated “the systemic vulnerabilities in the ever-growing software supply chain,” said Tanium. Since the COVID-19 pandemic began, 30% of respondents have observed their end users not updating software, said the company. The survey found two-thirds of companies accelerated their planned investments in cloud infrastructure after work-from-home regimens began, but cloud adoption isn’t consistent across regions. Tanium found 40% of U.S. IT decision-makers think their companies are well ahead of others in using cloud services, compared with 24% of U.K. respondents.
Consumers are becoming “increasingly digitized” during COVID-19 stay-at-home protocols, and consumer awareness about the need for online security “continues to increase,” said McAfee CEO Peter Leav on a quarterly call Tuesday. “These trends will continue to fuel the growth of an already large addressable market.” A McAfee-commissioned survey of 11,000 internet-connected adults globally found “high levels of concern around cyber risks and online crime,” said Leav. “Proliferation of devices within the household, increased internet connectivity, the explosive growth in online transactions, the use of personal information in those transactions and more work-from-home policies” drove higher security software purchases among consumers, he said. “The study also showed a broad increase in the usage of online banking, online financial planning, online doctor visits and personal shopping, with the expectations that post-pandemic, these activities will remain at high levels.” McAfee's consumer revenue grew 23% in fiscal Q4, ended Dec. 26, and it added 668,000 “net new core direct-to-consumer subscribers,” similar to its net adds in Q3, said Leav.
The mid-December SolarWinds cyberattack (see 2012170050) was “a wakeup call to all enterprises to modernize cybersecurity and will serve as a net incremental tailwind not just for us but also for the industry,” said Palo Alto Networks CEO Nikesh Arora on a fiscal Q2 call Monday. The cybersecurity vendor fielded more than 1,000 “assessment requests” after the SolarWinds breach and completed more than 500, he said. “This resulted in more awareness of and focus on cybersecurity, which in all candor is the need of the hour, given the complete reliance of technology in these times.” The Senate Intelligence Committee held a hearing on the breach Tuesday (see 2102230064).
SolarWinds CEO Sudhakar Ramakrishna will testify Friday about the company’s recent breach, the House Oversight and Homeland Security committees announced Monday (see 2102180043). Microsoft President Brad Smith, FireEye CEO Kevin Mandia and ex-SolarWinds CEO Kevin Thompson will also testify. The vulnerability that enabled the breach exists in “every company, so what happened to us can happen to any software developer in the world,” Ramakrishna told a Center for Strategic and International Studies event Monday. The attacker was able to inject malware into Orion software code in a narrow way that went undetectable, so SolarWinds delivered and signed it, he said: “The ability for our bill systems to identify that did not exist.” Ramakrishna “came to know” about the breach around Dec. 13-14, when he wasn’t officially an employee, he said. He noted the attackers used older software releases as test beds. He said SolarWinds is working with third parties to understand the breadth, depth of the sophistication and patience of the attackers. SolarWinds is working with the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology on potential generalized best practices, he said. He suggested the U.S. government should have one agency for companies to inform and brief about incidents, because having multiple points of contact results in wasted time and effort.
Companies including Adobe, Arm, BBC, Intel and Microsoft will develop standards to certify provenance of media content, to address disinformation and online content fraud. The Coalition for Content Provenance and Authenticity plans an end-to-end, open standard for tracing the origin and evolution of digital content, C2PA said Monday. Member organizations will partner to develop content provenance specifications for common asset types and formats to enable publishers, creators and consumers to trace images, videos, audio and documents, said C2PA. Specs will include defining what information is associated with each type of asset, how that information is presented and stored, and how evidence of tampering can be identified, it said: Collaboration with chipmakers, news organizations, and software and platform companies will enable a “comprehensive provenance standard and drive broad adoption across the content ecosystem.” This builds on recent advances in content provenance, including Project Origin; the Content Authenticity Initiative; and C2PA member Truepic's development of the first native integration of hardware-secured photo capture smartphone technology, C2PA said. "There's a critical need to address widespread deception in online content -- now supercharged by advances” in artificial intelligence and graphics “and diffused rapidly via the internet,” said Eric Horvitz, Microsoft chief scientific officer and Project Origin executive sponsor. Organizations interested in joining can apply at membership@c2pa.org.
An Atlanta-based Bitcoin service provider was fined more than $500,000 for allowing people in sanctioned countries to use its services. BitPay committed more than 2,000 sanctions violations when it allowed people in Cuba, North Korea, Iran, Sudan, Syria and the Crimea region of Ukraine to use digital currency on the platform to transact with U.S. parties, the Office of Foreign Assets Control said Thursday. OFAC said BitPay allowed $129,000 worth of digital currency transactions that should have been blocked. OFAC said the case highlights the compliance risks faced by digital currency services. Those companies “are responsible for ensuring that they do not engage in unauthorized transactions,” OFAC said, saying they should develop a tailored compliance program that screens “all available information,” including IP addresses and location data. "During the transaction period, and since, BitPay has steadily enhanced its already rigorous compliance program," the company said. "Our commitment to compliance has been continuous and unwavering."
SolarWinds CEO Sudhakar Ramakrishna will testify before the Senate Intelligence Committee Tuesday during a hearing on the Russian government-sponsored hack of his company's Orion software (see 2102100059), Chairman Mark Warner, D-Va., announced Thursday. Microsoft President Brad Smith, FireEye CEO Kevin Mandia and CrowdStrike CEO George Kurtz will also testify during a hybrid hearing in 106 Dirksen. The SolarWinds breach prompted Smith to use his CES 2021 keynote last month to urge tech industry and government action to write new cybersecurity “rules of the road" (see 2101130028).
Three North Koreans were indicted on charges of helping lead the November 2014 Sony Pictures Entertainment cyberattack and an international campaign to steal more than $1 billion from companies and organizations, DOJ announced Wednesday (see 1809060044). Jon Chang Hyok, Kim Il and Park Jin Hyok were charged with conspiracy to commit computer fraud, wire fraud and bank fraud in an indictment filed in the U.S. District Court in Los Angeles. They created “multiple malicious cryptocurrency applications” and developed and fraudulently marketed a blockchain platform, DOJ alleged. They helped create WannaCry 2.0 ransomware in May 2017, the department alleged. “The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering,” said acting U.S. Attorney for the Central District of California Tracy Wilkison. Then-Sony CEO Kazuo Hirai used his CES 2015 speech to blast the SPE hackers as extortionists (see 1501050055).