Below are the top headlines we’ve been reporting this whole week on Cyber Security Headlines.
If you’d like to hear and participate in a discussion about them, the CISO Series does a live 20-minute show every Friday at 12:30pm PT/3:30pm ET. Each week we welcome a different cyber practitioner to offer some color to the week’s stories. Our guest this week/tonight is Edward Contreras, CISO, Frost Bank.
If you want to get involved you can watch live and participate in the discussion on Crowdcast ([register](https://www.crowdcast.io/e/cyber-security-headlines)), or you can just [subscribe to the Cyber Security Headlines podcast](https://cisoseries.com/subscribe-podcast/) and get it into your feed.
Here are some of the stories we’ll be covering.
## More Than 600 ICS flaws spotted in H1 2021
The vulnerabilities in Industrial Control Systems marks an increase of 41% year over year, and directly impacts 76 vendors. The most affected manufacturers were Siemens with 146 vulnerabilities, followed by Schneider Electric, Rockwell Automation, WAGO, and Advantech. An important point is that the list of affected manufacturers also includes 20 companies whose products were not affected by any of the bugs reported last year. Most of the vulnerabilities were critically or highly rated and constituted a severe danger to industrial control systems, and the the majority of the vulnerabilities, 90%, were discovered to be exploitable without the need for any specialized knowledge.
## Apple started scanning for CSAM in 2019
Earlier this month, Apple announced it would start client-side scanning of devices for hashes derived from child sexual abuse materials or CSAM. These scans would only occur when uploading content to iCloud. This triggered concerns about potential privacy implications and potential uses for state censorship. Apple has now confirmed it has been scanning outgoing and incoming iCloud Mail for CSAM since 2019, although it says it has never scanned iCloud Photos or iCloud backups. Apple’s pages on child safety policy and interviews with executives have previously alluded to some sort of existing CSAM scanning. Sources tell 9to5Mac that the total number of reports Apple makes regarding CSAM each year is measured in the hundreds.
## New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them
Jen Easterly, the new director of CISA plans to draw on her experience working on cyber operations for the military and for Morgan Stanley. The goal is to ensure that critical infrastructure firms, CISA, the FBI and other agencies are coordinated in responding to major hack like the one that hit Colonial Pipelines and which revealed a communication system in disarray. “I really want to send a signal that we are not your lumbering government bureaucracy,” she said adding “We do not normally bring together the federal government and the private sector to do left-of-boom activity.” Left of boom is a military term meaning being on the timeline before an explosion, rather than after an explosion, which is “right of boom.”
## New Hampshire town loses millions to email scammers
The town of Peterborough reported it lost $2.3 million as the result of business email compromise scammers, which redirected bank transfers using forged documents sent to the Peterborough Finance Department. This compromise was achieved using phishing and social engineering techniques. The town first became aware of the issue on July 26th when the ConVal School District reported it didn’t receive its $1.2 million monthly transfer. The US Secret Service Cyber Fraud Task Force is currently investigating the attack, which originated from overseas. It’s unclear if insurance will cover the lost funds, and it’s doubtful the transactions can be reversed.
## Does cyber insurance make ransomware worse?
According to a new study from the cybersecurity firm Talion, 70% of cybersecurity professionals believe cyber insurance payouts to victims exacerbates the issue of ransomware. The study also found that 45% of respondents thought organizations don’t report ransomware attacks to law enforcement because they believe it will slow down recovery, while 37% said it was because a company paid a ransom and wanted to avoid legal trouble as a result. 10% of respondents said they didn’t even know how to report a ransomware incident to law enforcement.
## Microsoft and Google to invest billions to bolster US cybersecurity
During the White House cybersecurity summit with business leaders on Wednesday, President Biden and his cabinet discussed how to better protect US businesses and interests against increasing cyberattacks. Commitments made by attending organizations include working with NIST on open-source software security standards to better protect against supply chain attacks. Additionally, Apple will push for mass adoption of multi-factor authentication, vulnerability remediation, event logging, and security training, while Google committed to investing $10 billion over the next five years to expand security initiatives such as zero-trust programs. Microsoft committed to investing $20 billion over the same period to increase its security solutions including initiatives to improve governmental security protections. Amazon will make their internal security awareness training available to the public for free and offer no-cost MFA devices to AWS customers. Cyber insurers pledged to improve the security posture of policyholders and several organizations committed to security awareness training initiatives, some of which specifically focus on historically excluded groups in technology.
## Ragnarok ransomware releases master decryptor after shutdown
The Ragnarok ransomware gang, who have been in operation since January 2020, appears to have called it quits Thursday, abruptly replacing all victims on their leak site with a master decryption key and brief instructions for using it. The gang left no explanation for shutting down, and its leak site listed 12 recent victims from various countries including France, U.S., Hong Kong, Spain, and Italy, up until early on Thursday. Ransomware expert Michael Gillespie confirmed the legitimacy of the decryptor by successfully decrypting a random Ragnarok file. A universal decryptor for Ragnarok ransomware is currently in the works and will soon be released by Emsisoft, a company famed for assisting ransomware victims with data decryption.
## Verizon has successfully deployed a VPN that could withstand quantum attacks
Verizon is trialing what it describes as a “quantum-safe” virtual private network (VPN) between one of the company’s labs in London, UK and a US-based center in Ashburn, Virginia. According to Verizon, the trial used encryption keys that were generated using post-quantum cryptography methods and demonstrates that it is possible to replace current security processes with quantum-proof protocols. While NIST has been leading an initiative to develop similar algorithms, Verizon has significant amounts of VPN infrastructure and the company sells VPN products, which is why the team is keen to employ post-quantum cryptography sooner.