This Week In Security - 05/11/2020
Trump Declares Power Threat a National Emergency
The US President, Donald Trump, has declared “a national emergency with respect to the threat to the United States bulk-power system”.
On 1st May, Trump signed an executive order designed to reinforce the nation’s bulk-power system against the threat posed by “foreign adversaries” seeking to “commit malicious acts against the United States and its people”.
The executive order states that the foreign supply of bulk-power equipment constitutes an “extraordinary threat to the national security, foreign policy, and [the] economy”. As a result, the “acquisition, importation, transfer, or installation” of such equipment “from companies under foreign adversary control” is prohibited.
Trump said the move, designed to “protect our Nation against a critical national security threat”, would be balanced with a commitment to maintaining an “open investment climate” that would ensure the overall “prosperity of the United States”.
The US Secretary of Energy, Dan Brouillette, supported the order, saying it “will greatly diminish the ability of foreign adversaries to target our critical electric infrastructure”.
The move follows reports from both the FBI and the former Director of National Intelligence, Daniel Coats who last year warned of Russia’s ability to “execute cyber-attacks in the United States that generate localized, temporary disruptive effects on critical infrastructure”.
Acronis Launches New Cyber Protection Solution
The global technology company, Acronis, last week unveiled its latest approach to cybersecurity. The Acronis Cyber Protect Cloud combines disaster recovery, data backup, next-generation antivirus, cybersecurity, and endpoint management tools into a single solution.
The new product is designed to eliminate complexity and improve productivity while helping MSPs “avoid cyberattacks, minimize downtime, ensure fast and easy recoveries and automate the configuration of client protection to counter the latest cyber threats”.
When AV-Test put Cyber Protect through its paces in March, the product “scored perfectly with a verified 100% detection rate” with similarly impressive results in the false-positive test.
Cyber Protect Cloud comes in response to the latest wave of cyberthreats and reflects the opinion of Acronis CEO, Serguei Beloussov, that “traditional backup is dead because it is not secure enough, and traditional anti-viruses do not protect data from modern cyber threats”.
The new offering from Acronis looks set to rectify those problems by offering:
- Extra protection of video-conferencing services
- Remote application of software patches
- Advanced phishing protection
- Remote desktop accessibility for IT administrators
According to Phil Goodwin, a research director at the International Data Corporation (IDC), “Acronis Cyber Protect is among the most comprehensive attempts to provide data protection and cybersecurity to date”.
Cybercriminals Hunt Down Virus Data
The US and UK governments warn of a heightened cyber threat as hackers linked to foreign states start hunting down COVID-19 vaccine research and data.
The joint advisory was issued in response to “a number of incidents in which other states are targeting pharmaceutical companies, medical research organizations, and universities, looking for intelligence and sensitive data, including research on the virus”.
The UK’s National Cyber Security Centre (NCSC) is offering “advice and protection” to a dozen universities, including Oxford, “that they have identified as critical players in responding to the coronavirus pandemic”.
Meanwhile, according to senior US intelligence officer, Bill Evanina, “there is nothing more valuable or worth stealing than any kind of biomedical research that is going to help with a coronavirus vaccine”. The joint warning drew attention to a cyber threat called password spaying which hits “a target with multiple common passwords in the hope that one will work”.
Although the advisory stopped short of naming names, the “culprits are understood to include China, Russia, and Iran”.
NCSC director of operations, Paul Chichester, said, “By prioritizing any requests for support from health organizations… we can inform them of any malicious activity and take the necessary steps to help them defend against it”.
Amazon Fires Protestors, Workers Claim
Workers at the technology and e-commerce company, Amazon, claim the company is cracking down on protestors, firing those campaigning for safer working conditions.
Vice-president, Tim Bray, resigned on 1st May, saying, “I quit in dismay at Amazon firing whistleblowers who were making noise about warehouse employees frightened of Covid-19”.
Others were not given the luxury of resigning. John Hopkins was suspended after handing out pamphlets discussing some of the safety concerns that had arisen regarding Amazon’s response to the coronavirus.
Hopkins was told he had violated a new policy that allows workers to remain onsite for only 15 minutes before or after their shift.
Meanwhile, Marin Costa and Emily Cunningham were fired last month after organizing “a virtual event for warehouse workers to speak with tech workers about … Amazon’s response to the pandemic”.
Costa criticized Amazon, saying “There seems to be a pattern of censoring… around the world, with Amazon choosing to silence workers who are standing up for safety, basic human rights instead of taking criticism as an opportunity to do better”.
Bray appeared to agree with Costa, saying it’s “not just Amazon” that treats its warehouse workers as “fungible units of pick-and-pack potential… it’s how 21-st century capitalism is done”.