{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


READ IN BROWSER

06/09/2022
linkedin facebook twitter instagram
WorkScoop
We have lots of reporting from the 2022 RSA Conference. Experts are worried about EPA's handling of water cybersecurity. And feds warn about Chinese hacking of telecoms. This is CyberScoop for June 9.

Are campaigns ransomware gangs’ next targets?

“The worry in all of election security is trust and confidence — that we’ve delivered a safe and secure election,” National Security Agency Cyber Director Rob Joyce told CyberScoop at a media roundtable at the 2022 RSA Conference on Wednesday. “And if you know if elections are subject to ransomware, or if there’s a botnet that runs a denial of service, what you’ll find is that’s probably going to, in this day and age, escalate and be an issue of trust." Security strategists at top tech companies shared similar concerns at an RSA panel earlier in the day. “A risk that I am most fearful of is the growing trend of ransomware attacks,” said Ethan Chumley, senior security strategist for critical institutions for Microsoft. Chumley’s worries stem from the overall growth in ransomware, not from any 2022 examples, but experts say that campaigns need to be on guard now. Tonya Riley reports from RSA.


A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.


FBI domain seizure takes down erstwhile Ukraine IT Army partner

Three domains associated with cybercrime were seized as part of an international cybercrime operation, the FBI and U.S. Department of Justice announced May 31. Not included in the statement was that one of the domains, IPStress[.]in, connected to a DDoS-for-hire operation that had, until shortly before the seizure, been affiliated with the Ukrainian IT Army. The IT Army, formed by the Ukrainian government after Russia's Feb. 24 invasion and now run by volunteers, told CyberScoop that it had dropped the service as a partner shortly before the seizure due to "poor performance," and had no idea it was involved in an FBI investigation. Every law enforcement agency involved — in the U.S., the Netherlands and Belgium — as well as the Ukrainian government agency most associated with the IT Army, declined to comment or did not respond to questions about the affair. AJ Vicens has it covered.


EPA outmatched by cyberthreats facing water sector, industry officials and legislator say

The Environmental Protection Agency is not prepared to defend the water sector from cyberattacks, according to Rep. Jim Langevin, D-R.I., and several industry leaders. They say the agency has an alarmingly low number of staffers working on water cybersecurity and a paltry budget of less than $7 million. The officials painted a picture of an agency overwhelmed by the demands of protecting a sector seen as exceptionally vulnerable to cyberattack, particularly after a hack last year left one Florida water treatment plant with lye at 100 times normal levels. The water sector industry officials and Mark Montgomery, the former executive director of the Cyberspace Solarium Commission, say the EPA should embrace a co-regulatory model with support from industry in order to properly regulate the sector's cyberdefenses. An EPA spokesperson said the agency is committed to using its existing resources to strengthen water sector cybersecurity, pointing to a website it has developed offering cybersecurity tools. Suzanne Smalley has the story.


MFA on delay

CISA's Eric Goldstein says federal agencies are wrestling with older, legacy IT as they strive to meet the demands of a last summer's executive order for deploying multifactor authentication, which experts and government officials consider a key defense against cyberattacks. “The challenge is that no insignificant number of federal systems are running on legacy infrastructure, which means that it’s not just as simple as deploying a modern authentication stack on top of your modernized infrastructure,” Goldstein, executive assistant director for cybersecurity, said in an interview with CyberScoop at the 2022 RSA Conference on Tuesday. Agencies are trying, and boosting their chances of getting up to speed — the deadline was in November — by changing their budgets and using Technology Modernization Fund dollars, Goldstein said. Tim Starks has the rest.


Chinese hackers don't need fancy exploits to game telcos, feds warn

Chinese state hackers typically don't need to burn their own custom, sophisticated exploits to worm their way into telcos via routes and other network-attached devices, the FBI, NSA and CISA said in a joint advisory Tuesday. The advisory explained that vulnerabilities known widely affecting unpatched routers and network attached storage devices are typically all the hackers need to get into networks and go about exfiltrating data or any number of malign cyber activities. The advisory included a range of mitigation techniques to address the problems. AJ explains.


SPONSORED BY DRAGOS

Implementing effective OT security posture

A new guide details five critical controls IT leaders should implement to better secure their operational technology (OT) environments and how to align executives to ensure organizations have a successful cybersecurity program and security posture. Download the guide.


SPONSORED BY TRELLIX

WATCH: Developing zero trust strategies that don’t limit access to FOIA data

Brian Gardner, CISO for the City of Dallas, shares his office's view on developing zero trust controls that keep a balance between protecting sensitive data and public data — especially for those agencies whose data is heavy on public and Freedom of Information Act (FOIA) access. Watch Gardner’s full interview here.


Tweet Of The Day

Image

Follow-up is important.


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}