Cyber Intelligence Weekly (March 5, 2023): Our Take on Three Things You Need to Know

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Also, we are always looking for great people to join our team. If you know anyone who fits the profiles for any of our open positions, drop me a line and let me know!

Before we get started on this week’s CIW, I’d like to highlight that Echelon will be attending the Shared Assessments Third-Party Risk Summit 2023 in Orlando from March 14 through March 16! In addition, our very own Tom Garrubba, Director of Third-Party Risk Management Services will be teaching the CTPRP course on March 14 from 8:00am-6:00pm. If you plan on attending the Summit please let us know!

Away we go!

1. Biden- Harris Administration Announces National Cybersecurity Strategy

On March 2, 2023, the Biden-Harris administration announced a fresh National Cybersecurity Strategy that builds on previous strategies and sets the tone for the future of cybersecurity for our nation.

The new National Cybersecurity Strategy comes with five key pillars that attempt to attack the cybersecurity problems from several key angles:

1. Defend Critical Infrastructure: This pillar outlines ways the government may expand and enforce minimum cybersecurity requirements across critical sectors of the nation as well as building better public and private collaboration in order to minimize cyber attack damages. In addition, the strategy outlined a better and more coordinated approach to responding to cyber attacks when the private sector puts out a call for help.
2. Disrupt and Dismantle Threat Actors: This one is exactly as it sounds, finding ways to stop the problem at its source, disrupting the threat actors in their tracks. The strategy outlines how the government will use its powers across various planes like diplomatic, military (kinetic and cyber), financial, intelligence, and law enforcement, to help stamp out the bad guys. The objectives also include the idea of enhancing the public-private operational collaboration in cyber.
3. Shape Market Forces to Drive Security and Resilience: This is where things get interesting. This part of the National Cybersecurity Strategy talks about holding the organizations that are responsible for the foundations of our technology more accountable for what they produce or how they take custody and care of your data. Mentioned here is ensuring that data collected is safely held and use is limited, makers of devices and software are responsible for building in security by design, and shifting liability for insecure software products and services back on the original makers. In addition to all this, there is talk of a Federal cyber insurance backstop for “catastrophic incidents” and for the government to come in to assist stabilize things.
4. Invest in a Reliable Future: This entire section is devoted to the planning for the future and making the future bright from a cyber perspective. There is talk about several key governmental investments across a variety of areas to make this a reality. For example, they talk about making investments in the core foundations of the internet and its underlying technologies, prioritizing several different pillars or research, development and demonstration, as well as instituting programs and incentives to bolster the cybersecurity workforce.
5. Forge International Partnerships to Pursue Shared Goals: In this final section of the National Cybersecurity Strategy, there is a call to our allies across the world to ensure that there is a concerted and well accepted strategy across the world to align goals and incentives to help make this strategy a reality.

What struck me as most inspiring about the strategy is that it spoke of an open and free internet that is there to encourage sharing of ideas and fueling prosperity. The Biden-Harris administration drew parallels to an open, free and secure internet to that of the foundations of democracy itself.

I personally loved this line from the closing paragraph of Joe Biden’s introduction within the National Cybersecurity Strategy, as it reminds me of Echelon’s Mission Statement, “We must ensure the Internet remains open, free, global, interoperable, reliable and secure-anchored in universal values that respect human rights and fundamental freedoms.” Echelon’s Mission Statement is, “We believe that security and privacy are basic human rights.” It is only with a shared belief and value system that we can be successful in the coming years in this race to secure the internet and systems for all.

2. LastPass Security Breach: A Lesson on the Power of Timely Software Updates

More information was released last week about the LastPass breach as the forensic response data from Mandiant must be rolling in. The new blog post by the LastPass CEO describes the two different data breaches that occurred over the last year and how they were intertwined with one another.

In the first security incident, the blog post illustrates that the threat actor was able to compromise a software engineer’s corporate laptop (the blog doesn’t say how), allowing the threat actor to gain access to their development systems in the cloud where they were able to steal some source code, technical information, and certain LastPass internal secrets. They noted that no customer data was stolen or taken as part of this incident. They did however state that the first incident made way for the second incident, as it allowed the threat actor to identify further juicy targets within the organization.

The second incident summary is where things get even hairier. The threat actor specifically targeted a senior DevOps engineer at LastPass and exploited a missing patch in the DevOps engineer’s HOME COMPUTER! Clipped from the LastPass details, “Due to the security controls protecting and securing the on-premises data center installations of LastPass production, the threat actor targeted one of the four DevOps engineers who had access to the decryption keys needed to access the cloud storage service. This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware. The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.”

PCMag has reported that the threat actor targeted out of date Plex Media Server software on the DevOps engineer’s personal laptop. The software was roughly 75 versions out of date at the time of the incident.

There were clearly several failures here:

• Allowing critical systems to be accessed from personal computers and unsanctioned devices is a critical error in this whole story.
• There were no elements of zero-trust enabled here, the threat actors used legitimate credentials and then all walls were down.
• If you are going to allow personal devices to be used by employees, ensure that they are well protected and patched.

For a breakdown of all data that was accessed, please visit this support posting from LastPass.

3. Dish Network Hit by Ransomware Attack, Data Stolen by Cybercriminals

As first announced on February 23, 2023, Dish Network still seems to be severely affected by a ransomware attack. In a 8K filing with the SECv, Dish Network reported that they were experiencing various IT outages on their earnings call in late February, and by the looks of it, it appears that they are still experiencing major issues.

The ransomware is reportedly affecting Dish's primary website, applications, and customer service platforms, as well as the company's Sling TV streaming and cellular services. Bleeping Computer is reporting that Dish has fell victim to the Black Basta ransomware group. With no clear end in sight, it sure looks like there are going to be lots of angry customers out there with no Dish Network.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about