Vlog - Security Snark
Security Snark - Episode 3 (November 11, 2021)
This week's episode looks at the heavily scrutinized CMMC 2.0, supply chain attacks, more attacks on several business verticals, and a ransomware gang QUITS (really...).
Pentagon Unveils CMMC 2.0 Cybersecurity Plans (nationaldefensemagazine.org)
Attack Type:
What To Know: The DoD has made a major revision to a cybersecurity standard that impacts 300,000 private businesses who do business with the DoD.
Why You Should Care: Our strategic competitors are stealing our technology. The DoD says these changes are intended to strengthen the standard, but they in fact do the opposite.
Supply chain under attack as 'dark' cyber underground peddles sensitive company data | Fox Business
Attack Type:
What To Know: Hackers are targeting international shipping companies which make consumer goods readily available to Americans from markets abroad.
Why You Should Care: The holiday season is right around the corner, and store shelves are half full as it is due to existing supply chain problems. This could exacerbate the issue.
KdcSponge, NGLite, Godzilla Webshell Used in Targeted Attack Campaign (paloaltonetworks.com)
Attack Type:
What To Know: A group of highly skilled hackers are using advanced methods to target specific industries across the technology, defense, healthcare, energy and education industries. CISA and the NSA have declined to reveal the source of these attacks.
Why You Should Care: These are highly sophisticated attackers interested in several business verticals that could have a direct impact on national security.
BlackMatter ransomware gang is reportedly quitting operation (hackread.com)
Attack Type: (malicious logic, threat actors,)
What To Know: A group of hackers who use ransomware to make money has publicly disclosed their decision to “close shop” due to pressure from law enforcement and evidently, a lack of staff.
Why You Should Care: These are cybercriminals who make their living by using technology to extort money from their victims. Being aware of their operations can help you avoid becoming a victim.