phone_bluetooth_speakerSUPPORT LINE: 844.909.2175

Top Categories

Spotlight

Ramaphosa urges G7 to bridge coronavirus funding gap

todayJune 13, 2021

COVID-19 Raleigh Fleishman

Ramaphosa urges G7 to bridge coronavirus funding gap

“If all G7 countries met their fair share target, this initiative would be two-thirds funded — and it would be 90% funded if all G20 countries made their fair share contributions,” he said.The nations should also support the proposed Trade-Related Aspects of Intellectual Property Rights (TRIPS) waiver to address and [...]


‘I put the interests of the country first’: Colonial Pipeline CEO on why oil biz paid off ransomware crooks

Global news Team Register todayJune 10, 2021

Background
share close

Mandiant investigation says crims gained access through legacy VPN


The boss of Colonial Pipeline has appeared before a Senate Committee to explain the events which led to US East Coast fuel supplies running dry last month and some $5m being handed over in ransom.

Speaking yesterday before the Senate Homeland Security Committee, Joseph Blount was quizzed about the incident before it became clear that a poorly secured legacy VPN was to blame.

  • Fastly ‘fesses up to breaking the internet with an ‘an undiscovered software bug’ triggered by a customer
  • Doncaster insurance firm One Call hit by not-dead-at-all Darkside ransomware gang
  • Eufycam Wi-Fi security cameras streamed video feeds from other people’s homes
  • Colonial Pipeline was looking to hire cybersecurity manager before ransomware attack shut down operations

Last week, Charles Carmakal, senior VP at cybersecurity firm Mandiant, which responded to the incident, revealed in an interview, that crooks accessed Colonial Pipeline’s network using an old VPN and password thought to have fallen into the wrong hands via the dark web, although investigations are still ongoing.

Speaking yesterday, Blount added that the password used to gain access to the VPN was “complex” – it wasn’t just “colonial123”, he told the hearing.

Giving an account of the events surrounding the 7 May cyberattack, Blount said he had no choice but to pay up once the scale of the breach was known.

“I know how critical our pipeline is to the country,” Blount said in the hearing, “and I put the interests of the country first.”

He went on: “I made the decision to pay, and I made the decision to keep the information about the payment as confidential as possible.

“It was the hardest decision I’ve made in my 39 years in the energy industry.”

The operators of the Colonial Pipeline – which stretches 5,500 miles between Texas and New York, and can carry up to 3 million barrels of fuel per day – reportedly paid $5m to regain access to their systems.

As El Reg reported, the Department of Justice on Monday said it has recovered 63.7 Bitcoins, right now worth $2.1m and falling, of the 75 or so BTC the Colonial Pipeline operators paid the ransomware miscreants who infected the fuel provider’s computers. You can watch footage of the hearing here. ®


Other stories you might like

  • No change control? Without suitable planning, a change can be as good as an arrest

    How to make software ch-ch-ch-changes easier

    Feature Anyone who has worked in medium or large organisations will know that there are three levels of change control when it comes to code: (a) the organisation doesn’t have any, (b) the organisation has change control but does it sub-optimally, and (c) change is managed well.

    Anyone who has worked under more than one of these three levels will have seen that the closer you get to (c), the less change-induced disruption you experience. And yes, this probably sounds like common sense, but as with many aspects of real life, common sense turns out not to be as common as you’d like.

    Continue reading

  • Student Loans Company splashes out on 20,000 cybersecurity training courses – for just 3,300 employees

    FoI request details £76,800 in training fees, most of which went to staff security-specific departments

    The Student Loans Company (SLC) spent £76,800 on cybersecurity training over its previous two fiscal years – including a sudden and unsurprising interest in security in a work-from-home environment.

    According to the SLC’s response to a Freedom of Information (FoI) Act request, which was made by self-described “niche litigation practice” Griffin Law, almost 20,000 specialist courses were booked and completed in the 2019/2020 and 2020/2021 financial years ended this April. At a total spend of just over £76,800, that’s a miserly £3.84 per course – but the released figures don’t necessarily cover everything.

    “£77,000 may appear to be low, especially if this is distributed over two years,” opined security specialist Sean Wright of the figures. “It could actually be an appropriate amount if the training which they are purchasing helps their employees and organisation.

    Continue reading

  • Wine 6.0.1: For that one weird app on that one weird Mac

    Wine64 support arrives for the Apple M1

    Fans of Apple’s M1 silicon have some more code to play with as the Wine team emitted version 6.0.1 of the Windows-running platform with support for wine64 on the new chippery.

    The maintenance release has been a while coming, although support has been lurking in the development branches for a while.

    Wine is a neat solution to the problem of having that one weird Windows app that has not been compiled natively for your platform of choice. It’s not an emulator, but rather a compatibility layer that allows some Windows applications to be fired up on Linux and macOS.

    Continue reading

  • An anti-drone system that sneezes targets to death? Would that be a DARPA project? You betcha

    Hotshot snotbot shows grotty terror plot buzzbots what’s what

    Until recently, the variously camouflaged, partially stealthed and fully invisibility-cloaked boffins at DARPA – Uncle Sam’s most famous left-field military research institute – had a problem.

    The United States’ somewhat exuberant past foreign policy decisions mean that American troops frequently find themselves driving slowly through densely populated cities full of people who would strongly prefer they were not there.

    This difficult situation ensures any potential enemy has numerous opportunities for attack, meaning equipment and tactics of varying usefulness have been developed to prevent this from happening, or at least lessen the chances of success.

    Continue reading

  • UK.gov’s new single enforcement body does not cover rogue umbrella companies, contractor campaigners complain

    Why does it always… That’s why. That’s why it’s raining on you

    UK government proposals to create a workers’ watchdog have been slammed by campaigners for not adequately covering umbrella companies, some of which have been accused of sharp practices as the IR35 off-payroll tax revamp expands their usage among contractors.

    This week the Department for Business, Energy and Industrial Strategy said it would launch a new organisation to tackle modern slavery, enforce the minimum wage and protect agency workers, work currently spread across three different regulatory bodies.

    The single enforcement unit will take a “one-stop shop” approach to improve administration through better co-ordination and pooling intelligence, according to a BEIS statement.

    Continue reading

  • Hong Kong to explore its own digital currency and keep testing China’s Digital Yuan

    Plans fintech infusion for local banking sector, plus data-sharing infrastructure

    Hong Kong has revealed a strategy to give its financial services sector a fintech infusion.

    The sector is important to Hong Kong, as it accounts for around 20 per cent of GDP and seven per cent of employment. Hong Kong’s also important to China, as its markets are more open to the world than the Middle Kingdom’s own stock exchanges and banks. Chinese companies often seek Hong Kong listings to access foreign capital.

    However, China’s recent actions to unwind the “one country, two systems” governance model for Hong Kong have led to much speculation about the future of the Special Administration’s financial services industry.

    Continue reading

  • ‘Ring of fire’ headed to northern UK – a partial solar eclipse, not the sensation you get after a potent vindaloo

    Russia, Greenland, northern Canada will get the Full Monty

    Dust off your funky eclipse sunglasses and your homemade pinhole projector – a partial solar eclipse is set to cast a blurry shadow across parts of the UK on Thursday.

    The partial eclipse – best viewed by those in the north of the Britain – starts at 10:08 BST, 10 June, peaking at 11:13 before finally ending at 12:22.

    Continue reading

  • South Korea’s data watchdog barks warnings at Microsoft and five local firms

    Fines, fines, everywhere there’s fines

    Microsoft and five other companies have received fines totaling US$75K from South Korea’s Personal Information Protection Commission (PIPC), for running afoul of local data protection laws.

    The Commission fined Microsoft 16.4 million won (US$14,700) for failing to have protective measures on administrative accounts that led to the leak of over 119,000 email accounts, 144 of which belonged to South Korean residents. Furthermore, when Microsoft announced the leaks, it did so within 24 hours of the incident in English but not until 11 days later in Korean. The PPIC said Korean users should be notified in Korean.

    South Korean web giant company Kakao’s blockchain subsidiary Ground X and software company Innovation Academy were each handed 25 million won (US$22,400) in penalties for general privacy naughtiness. Ground X was slapped with an extra six million won (US$5,400) fine for not protecting passwords and Innovation Academy wore three million won (US$2,700) for a data leak.

    Continue reading

  • Ransomware-skewered meat producer JBS confesses to paying $11m for its freedom

    Company also says large and well-funded IT department sorted recovery swiftly

    JBS Foods, one of the world’s largest meat producers, has revealed it handed over “the equivalent of $11 million” to resolve a ransomware infection that disrupted operations in Australia, the USA, and Canada.

    A statement from the company says the decision to pay was made “In consultation with internal IT professionals and third-party cybersecurity experts … to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.”

    “This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO, JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.” The company statement also offers welcome news that “Preliminary investigation results confirm that no company, customer or employee data was compromised.”

    Continue reading

  • NTT slashes top execs’ pay as punishment for paying more than their share of $500-a-head meals with government officials

    None were illegal, but they did put civil servants in awkward ethical territory and execs knew it

    Japanese tech and telecoms giant NTT has temporarily slashed the pay of several top executives, to reprimand them for paying too much of the bill at $500-a-head lunches with government officials.

    NTT is part-owned by Japan’s government and is also the nation’s dominant telco. Meetings with officials from the Ministry of Communications are therefore to be expected.

    Local ethics rules don’t prohibit government officials dining with those they regulate. But NTT made the mistake of taking officials to very expensive restaurants — Japanese media report the bill reached the equivalent of over $500 per person on some occasions — and then paying most of the bill.

    Continue reading

  • Y’all ready to get back to the office this October, Facebook tells staff in the US

    Sure, you can apply to work from home in the middle of nowhere, just don’t expect Silicon Valley pay

    Facebook, like other Silicon Valley mega-corps, is ready to get its workers back in the office, setting October as the time when business returns somewhat to normal.

    Last week Tim Cook told Apple staffers that, from September, they should expect to work at least three days a week in the office – well, it did spend US$5bn on a new HQ in California, would be a shame to waste it – and Google too has set that month for a return to office work.

    Now Facebook is getting with the program: from around September-October, US employees will be expected to come into the office for at least half the week unless they are able to get permission to continue working from home full-time.

    Continue reading

Written by: Team Register

Rate it
Previous post



Products


Company


Contacts

Support