Welcome to The Cybersecurity 202! Is there a greater evil than refusing to break down oneâs boxes in a community recycling bin? I will answer for you. No. No there is not.
Published on January 18th, 2023 📆 | 7529 Views ⚑
0A royal mess in the U.K. points to the risks of cyberattacks on mail delivery
Below: FTX says hackers stole more than $400 million after it declared bankruptcy, and an apparent Russian cyberattack disrupted a Ukrainian news conference on Russian cyberattacks. First:
U.K. Royal Mail incident demonstrates how harmful cyberattacks can be on the industry
A cyberattack on the United Kingdomâs largest mail delivery service that has snarled international parcel exports for a week is illustrating the cyber risks for mail services.
The incident was first confirmed as a cyberattack on Tuesday by Royal Mail CEO Simon Thompson. There are no signs of when the disruption will end, and U.K. businesses say it is hitting them in their pocketbooks.
âFor export parcels and letters through our postal services ⊠we are no longer able to provide that service,â Thompson told a parliamentary committee Tuesday. âThe team have been working on workarounds so that we can get the service up and running again.â
Mail delivery services in the United States are no stranger to cyber incidents. Ransomware twice struck a FedEx subsidiary in 2017, slowing services and costing the company hundreds of millions of dollars â although that primarily affected customers overseas. The U.S. Postal Service suffered a breach in 2014 that it said potentially affected sensitive personal data of more than 800,000 employees, as well as call center data on potentially 2.9 million customers, although that customer data was less sensitive.
To get a sense of what a major, successful cyberattack on the U.S. Postal Service might look like, observe how mail delivery suffered during the peak of the covid-19 crisis, said Gary Barlet, who served as chief information officer at the agencyâs inspector general office for 10 years before leaving in May.
âAn attack like that has huge ramifications for every U.S. citizen, basically, because in some way, shape or form, theyâre touched by the U.S. Postal Service,â Barlet, now federal chief technology office for the cybersecurity company Illumio, told me.
The United Kingdom is still sorting through what has happened in the Royal Mail incident. The first signs of it popped up on Jan. 10.
The ransomware gang LockBit, which is widely believed to be based in Russia, was behind the attack, Jasper Jolly reported last week for the Guardian. LockBitâs response to this has been muddled, and ransomware gangs are well-known for fibbing for who they have or havenât hacked.
The U.S. Postal Service picture
After the 2014 U.S. Postal Service breach, the agency turned to Greg Crabb, naming him chief information security in 2015. He said the information security staff grew from perhaps 40 at the time to several hundred, including contractors, by the time he left in 2021.
âIt was a matter of really taking a step back, getting a lot of expert opinion as to the things that needed to be improved and setting out a very significant security investment road map in order to be able to address those opportunities for investment,â Crabb, who since has founded the cyber firm 10-8, told me of the turnaround from the 2014 incident.Â
The agency said in 2018 that it had patched a vulnerability that exposed data on 60 million customers, albeit one year after a security researcher identified it. The Postal Service said there was no evidence to believe hackers exploited the flaw.
Recent inspector general audits are mixed, although itâs hard to know exactly what the agency did well or poorly as the documents are heavily redacted.
- âThe Postal Service generally has an effective security posture and security awareness program to protect its IT infrastructure from external cyberattacks,â reads a 2021 audit. Many of the recommendations for improvement are redacted, but the report suggests that auditors found problems when conducting âpenetration testsâ looking for flaws, and with how the Postal Service managed vulnerabilities.
- In 2022, the inspector general report said that â[t]he Postal Service has made positive strides in implementing improvements to its risk management program, cybersecurity strategy, and organizational structure. However, its state of cybersecurity lacks maturity, which limits its ability to fully understand its risk exposure and protect the agency from cyberattack.â Redactions again made it difficult to figure out what specific recommendations auditors made.
Although some agenciesâ cybersecurity audits have redactions, or even are substantially withheld unless someone files a Freedom of Information Act request, the blacked-out sections of the Postal Service inspector general reports appear more extensive.
âOur redactions in public reports are due to the sharing of sensitive information or information that could cause the USPS to become a target for threat actors,â Postal Service spokesperson Jim McKean said. âAll redactions are made in coordination with our FOIA and legal departments.â
FedExâs ransomware attacks came back-to-back in 2017. The infamous, worldwide ransomware outbreaks of WannaCry and NotPetya both hit TNT Express, a FedEx subsidiary.
- NotPetya affected company computer systems in Asia, Europe and the United States; TNT Express operated in more than 200 countries at the time.
- In one 2017 quarterly earnings report, FedEx estimated it lost $300 million, mostly due to NotPetya.
- The impact of WannaCry doesnât appear to have been as severe on TNT Express, with FedEx saying at the time it was âexperiencing interference with some of our Windows-based systems caused by malware.â
- The U.S. government has blamed Russia for NotPetya, and North Korea for WannaCry.
Also in 2014, UPS said it suffered a cyberattack that exposed data on more than 100,000 transactions, but that it didnât see evidence that cybercriminals had used any of the information for fraud.Â
The company said it found out about the hack after reading a U.S. government bulletin outlining a âbroad-based malware intrusion not identified by current anti-virus software.â
Hackers stole more than $400 million from FTX since it declared bankruptcy, company says
FTX CEO John Ray said hackers took around $323 million from its international exchange and $90 million from its U.S. exchange since the company declared bankruptcy two months ago, Reutersâs Dietrich Knauth reports. The firm collapsed in November and U.S. prosecutors have accused its founder, Sam Bankman-Fried, with breaking the law. Bankman-Fried has pleaded not guilty.
âWe are making progress in our efforts to maximize recoveries, and it has taken a herculean investigative effort from our team to uncover this preliminary information,â Ray said in a statement.
Russian cyberattack disrupts news conference about Russian cyberattacks, hosts say
Ukrainian media collective Media Center Ukraine said Russian hackers briefly delayed its news conference on Russian cyberattacks affecting the country, Axiosâs Sam Sabin reports. Ukrainian cybersecurity chief Yurii Shchyhol, spoke at the event.
âWe just faced a cyberattack on our information platform committed by Russia,â a host said at the event. âWe understand they don't like to hear the truth about this war, but we're not to be stopped, we are online, we are broadcasting.â
In the 11 months since Russia invaded Ukraine, âRussian hackers have mostly focused on low-level attacks, such as overloading government websites with bot traffic and deploying malware wipers against Ukrainian organizations,â Sabin writes. âSome of these attacks have also targeted organizations in NATO countries, researchers have said, but nothing has reached the level of Russia's worldwide 2017 NotPetya incident.â
China proposes ban on spreading false information in U.N. cyber treaty, but it will probably face opposition
Chinese diplomats proposed that a U.N. cybercrime convention direct its signatories to criminalize the âdissemination of false information,â the Recordâs Alexander Martin reports. It comes as countries jockey to change the shape of the treaty under negotiation.
Western governments will probably challenge the Chinese proposal over its human rights implications, Martin reports.
âThe new proposal will now be negotiated as part of the ongoing discussions that will run until January 20,â Martin writes. âThere will be several more sessions in Vienna before a final negotiation held in New York at the end of August, after which a draft treaty will be introduced to the General Assembly.â
- Steven Frid is the new executive director of the U.S. Election Assistance Commission. Frid was previously Federal Student Aidâs security director.
- Daniel Bernard and Raj Rajaman have joined CrowdStrike as chief business officer and chief product officer for data, identity, cloud and endpoint. They previously worked at SentinelOne.
Thanks for reading. See you tomorrow.
Gloss