Cyber Intelligence Weekly

Cyber Intelligence Weekly (Oct 31, 2021): Our Take on Three Things You Need to Know

Welcome to our weekly post where I will be sharing some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

You can also Subscribe to receive Cyber Intelligence Weekly in your inbox each week.

Away we go!

1. Microsoft Sets Sights on Closing the Cybersecurity Skills Gap.

We all hear about the shortage of skilled cybersecurity workers in the United States, but rarely do we hear of any potential solutions to the problem. Recently, Microsoft dropped a plan that sets its sights on helping to solve the cybersecurity skills gap. Microsoft’s President, Brad Smith, had this to say in the blog post regarding the shortage, “But this work has also brought an additional and daunting realization: the country’s cybersecurity challenges in part reflect a serious workforce shortage. Until we redress the cybersecurity workforce shortage, we will fall short in strengthening the country’s cybersecurity protection.”

Microsoft recently laid out a plan in their blog for how they plan on helping to tackle this great need. The blog post from Microsoft also describes the shortage and notes that more than 1 in every 20 open jobs in the United States is a cybersecurity job. Microsoft is planning on launching a plan nationally with community colleges across the United States to help train and recruit people into the cybersecurity workforce. Their goal is to train 250,000 people by the year 2025. Microsoft has chosen to work with community colleges on their plan for a number of reasons, but chief among them are, community colleges are everywhere, flexible, and affordable.

Microsoft pledges the following initial commitment:

Microsoft Sets Sights on Closing the Cybersecurity Skills Gap

While I applaud this effort and plan by Microsoft, there seems to be much skepticism among the cybersecurity community if this plan will actually make a dent in the needs that exist today. Personally, many of the needs that I see among my client base are very diverse. Many of the high-need cybersecurity areas that need addressed require experienced talent, not greenhorns fresh out of school. We need more hands-on technical engineering talent, experienced governance/risk/compliance professionals, and experienced cybersecurity software engineers. Most important of all, we really need to educate technology leaders in cybersecurity best practices and how to properly structure an information technology organization with cybersecurity in mind from the start. If we don’t do that first, who will hire all these people?

2. Chinese Point-of-Sale Tech Giant, PAX Technology, Raided by FBI.

A recent report by Krebs on Security highlights potential issues with Pax Technology, a Chinese provider of point-of-sale technology. On the heels of the Krebs article comes headlines from Bloomberg technology about how FIS has been pulling PAX systems from its customers since October 8th. FIS Worldpay, which offers business transactional services, including point-of-sale devices and technology, has begun to offer replacement devices to all its customers using PAX systems at no cost.

PAX Technology’s US headquarters in Jacksonville was raided by the FBI and Homeland security last week, as report by Jacksonville’s WOKV. The Krebs on Security blog offers some explanations as to why PAX may be a target of law enforcement. Brian Krebs mentions confidential sources that he has spoken with that describe how “a major U.S. payment processor started asking questions about unusual network packets originating from the company’s payment terminals.”

Chinese Point-of-Sale Tech Giant, PAX Technology, Raided by FBI.

The Krebs article also mentions how the payment processing organization found that the PAX terminals were potentially being used as malware droppers, executing command-and-control services, and that communication packets originating from PAX terminals were very suspicious in nature and not commensurate with data or packets that should be coming from a payment terminal.

Supply chain security is, and continues to be, a major cause for concern across all industry verticals. This story is yet another example of just how a legitimate company may be used as a front or even as an unwitting vehicle to carry out potential cybersecurity attacks to steal consumer or payment data. These high-risk systems must be tested frequently, and network traffic to and from these systems must be monitored to understand just exactly how they operate on corporate networks.

3. Key Member of REvil Ransomware Gang Identified.

For obvious reasons, criminal actors prefer to hide in the shadows and bask in anonymity. This has always struck me as ironic, given that their main line of work is destroying personal privacy, security and trust in systems. Every once in a while we get a glimpse into the lives of these criminals through the lens diligent of journalists or law enforcement that constantly investigate these criminals.

Recently, a German news outlet called Zeit Online has given us a little glimpse into the world of key members of the REvil ransomware group. The REvil group is a so-called ransomware-as-a-service organization whereby they sell their software and services to budding criminals and take a cut of the ransoms that are collected. They have been infamous through their involvement in the likes of the Colonial Pipeline attack for example.

The German police and Zeit Online investigators have traced supposed Bitcoin payments from illicit hacking events and ransomware wind up in the accounts of a man that they name, Nikolay K. They describe the lavish lifestyle of Nikolay, who can often be found on a yacht, driving his fancy BMW or his taste for luxury watches. Foreign investigators that are tracking this individual keep running to issues with cooperation from foreign officials, as Nikolay lives in southern Russia.

While the United States and other countries continue to apply pressure to foreign governments that harbor these criminals, it doesn’t appear that anything will be changing anytime soon. Until then, the long arm of the law will have to continue to monitor these individuals and hope that they decide to get careless and travel to a country that supports extradition.

Sign Up for Weekly Cyber Intelligence Delivered to Your Inbox

Sign Up for Weekly Cyber Intelligence Delivered to Your Inbox

Sign up to get Cyber Intelligence Weekly in your inbox.
Latest Intelligence