The White House is urging private companies to take the threat of cyberattacks seriously as ransomware hacks ‘have increased significantly’

Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger
Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger speaks about the Colonial Pipeline cyber attack during the daily press briefing at the White House on May 10, 2021 in Washington, DC.

  • The Biden Administration is calling on the private sector to do more in the fight against cybercrime.
  • “The number and size of ransomware incidents have increased significantly,” the administration says.
  • The memo follows an attack on the world’s largest meatpacker, which shut down several US factories.
  • See more stories on Insider’s business page.

The private sector needs to do more to defend itself in the face of a rising cybersecurity threat, the White House said in a memo addressed to corporate executives and business leaders on Wednesday.

“The number and size of ransomware incidents have increased significantly,” wrote Anne Neuberger, Biden’s deputy national security advisor for cyber and emerging technology.

“The private sector also has a critical responsibility to protect against these threats,” she added. “All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location.”

The memo follows the latest attack on a key resource supplier in the US by ransomware attackers said to be based in Russia. Over the weekend, the world’s largest meat processor, JBS, was forced to shut down much of its North American operations after an attack the FBI attributed to a group known as Pinchy Spider.

And in April, the Colonial Pipeline was temporarily shut down when the company’s IT infrastructure was held hostage by the hackers known as Darkside for a ransom worth $4.4 million.

This week, the New York subway system and a Massachusetts ferry operator were each victims of cyber attacks.

Business leaders should immediately discuss their risk exposure and response strategies, the memo said, including following guidance outlined in last month’s Executive Order on improving the country’s cybersecurity.

The “highly impactful steps” include using a multi-factor authentication system instead of relying on passwords, conducting regularly scheduled data backups, keeping systems updated, and segmenting networks so an attack doesn’t bring the whole system down.

“Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat,” the memo said.

Read the original article on Business Insider

Kamala Harris becomes the first woman to deliver a US Naval Academy commencement address

Kamala Harris
Vice President Kamala Harris speaks at the graduation and commission ceremony at the US Naval Academy in Annapolis, Maryland, on May 28, 2021.

  • Vice President Harris became the first woman to give a commencement address at the Naval Academy.
  • She told graduates they would be taking “an oath to support our Constitution and defend it against all enemies.”
  • Harris also paid respects to the late Sen. John McCain, a prominent Naval Academy graduate.
  • See more stories on Insider’s business page.

When Vice President Kamala Harris addressed the graduates of the United States Naval Academy on Friday, she became the first female commencement speaker in its 175-year-history.

At the Navy-Marine Corps Memorial Stadium in Annapolis, Maryland, Harris told the graduates that they would be taking “an oath to support our Constitution and defend it against all enemies.”

“No matter what changes in our world, the charge in this oath is constant,” she emphasized.

Harris spoke of the immense challenges that graduates would face, including the fallout from the COVID-19 pandemic, climate change, and cybersecurity threats.

She called climate change “a very real threat to our national security” and lauded the graduates for being part of the future for tackling the issue.

“I look at you and I know you are among the experts who will navigate and mitigate this threat,” she said. “You are ocean engineers who will help navigate ships through thinning ice. You are mechanical engineers who will help reinforce sinking bases. You are electrical engineers who will soon help convert solar and wind energy into power, convert solar and wind energy into combat power.”

She told the graduates that they would be critical in securing the country’s infrastructure.

“Foreign adversaries have their sights set on our military technology, our intellectual property, our elections, our critical infrastructure,” she said. “The way I see it, midshipmen, you are those experts on the issue of cybersecurity.”

She added: “We must defend our nation against these threats. And at the same time, we must make advances in things that you’ve been learning, things like quantum computing and artificial intelligence and robotics, and things that will put our nation at a strategic advantage. You will be the ones to do it because the United States military is the best, the bravest, and the most brilliant.”

Kamala Harris
Vice President Harris displays her US Naval Academy jacket.

Read more: What we learned about Joe Biden from riding Amtrak with a Senate colleague who has known the president for five decades

Harris also praised the military officers who have helped vaccinate Americans across the country.

The vice president’s speech comes as the Pentagon accelerates the timeline for withdrawing troops from Afghanistan, which will likely occur in mid-July, up from an earlier projected date of September 11, 2021, the 20th anniversary of the terrorist attacks of September 11, 2001.

She told the graduates that the September 11, 2001, attack “shaped your entire life, and it shaped our entire nation,” and said that the COVID-19 pandemic has changed the fabric of American society.

“If we weren’t clear before, we know now: The world is interconnected,” she said. “Our world is interdependent. And our world is fragile.”

Harris also gave a nod to female graduates only 46 years since Congress mandated that women could be admitted to service academies.

“Just ask any Marine today, would she rather carry 20 pounds of batteries or solar panels, and I am positive, she will tell you a solar panel – and so would he,” she laughingly said.

She then paid respects to the late Sen. John McCain of Arizona, a graduate of the academy, whom she called “a great and courageous American.”

McCain, who passed away in August 2018, is buried at the US Naval Academy Cemetery in Annapolis.

“Most people don’t know he wanted to be buried next to his best friend who he met on the yard, Admiral Chuck Larson,” she said. “That is the ultimate example of what I mean, in it together.”

Earlier this month, President Joe Biden gave his first commencement address as commander-in-chief at the US Coast Guard Academy in New London, Connecticut.

“No class gets to choose the world into which it graduates, and demands and the challenges you’re going to face in your career are going to look very different than those who walked these halls before you,” he told the graduates. “You chose, as a class motto – ‘We are the future.’ I don’t think you have any idea how profound that assertion is.”

Read the original article on Business Insider

Colonial Pipeline says it has restored service to ‘normal operations’ following cyberattack that forced a shutdown

Two women fill their cars with gasoline.
A gas station runs out of gasoline after motorists rush to fill up on May 12, 2021 in Arlington, Virginia.

  • Colonial Pipeline said Saturday that it returned its service to “normal operations.”
  • The company began a restart of pipeline operations at 5 p.m. Wednesday.
  • The company, which provides nearly half of all fuel on the East Coast, was the victim of a cyberattack.
  • Visit Insider’s homepage for more stories.

Colonial Pipeline on Saturday announced that it had returned to “normal operations” days after it restarted its pipeline following a cyberattack that resulted in disruptions across the East Coast.

The company made the announcement on Twitter Saturday at 7:30 a.m. It had restarted the pipeline at 5 p.m. on Wednesday.

“Since this incident began, we have been clear that our focus was on the safe and efficient restoration of service to our pipeline system,” Colonial Pipeline said in a tweet. “That is what we have achieved through the commitment and dedication of the many Colonial team members.”

Read more: The Colonial Pipeline hack finally made the ransomware crisis real for America, and Americans got really mad

It continued: “Our team members across the pipeline worked safely and tirelessly around the clock to get our lines up and running, and we are grateful for their dedicated service and professionalism during these extraordinary times.”

The Colonial Pipeline is the largest pipeline of refined oil products in the US. It transports more than 45% of all fuel used on the East Coast to more than 50 million people from New York to Texas.

The Wall Street Journal reported Friday that DarkSide, the hacker group that took responsibility for the ransomware attack, said it planned to disband following pressure from the US and investigations by law enforcement agencies.

Bloomberg first reported that DarkSide received approximately $5 million in untraceable cryptocurrency from Colonial. According to the Bloomberg report, the company paid the ransom within hours of the May 7 attack.

The attack caused governors in several states to declare states of emergency as residents panic bought gasoline and caused gas stations to hike up prices and run out of fuel. Experts said it could take days to weeks for a return to normal in the affected states.

Read the original article on Business Insider

A company told about 2,500 employees they were getting a bonus during COVID-19 – but it was just a phishing test

cybersecurity
A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris April 15, 2014.

  • UK train operator West Midlands Trains sent an email to about 2,500 employees offering a bonus.
  • The email was actually a phishing test that “used both the promise of thanks and financial reward.”
  • WMT has since been slammed by the Transport Salaried Staffs’ Association for its “cynical and shocking stunt.”
  • See more stories on Insider’s business page.

UK train operator West Midlands Trains is facing backlash for sending its employees a “crass and reprehensible” cybersecurity test disguised as a bonus announcement for working through COVID-19.

On April 12, about 2,500 West Midlands Trains employees received an email from the company thanking them for their work through the “huge strain placed upon a large number of our workforce as a result of COVID-19,” according to the email posted by Transport Salaried Staffs’ Association, a travel and transportation union that represents some of WMT’s staff.

“This has not been easy for any of us and we would like to offer you a one-off payment to say thank you for all of your hard work over the past 12 months or so,” the email said.

Recipients were instructed to click on a link that had a note from Julian Edwards, the WMT’s managing director, and information about the bonus. But after clicking through, employees received a follow-up email from the company notifying them that they had fallen for a phishing test that “used both the promise of thanks and financial reward,” according to a copy of the follow-up note posted by the TSSA.

“This important test was deliberately designed with the sort of language used by real cybercriminals but without the damaging consequences,” a West Midlands Trains spokesperson told Insider in an email. WMT has “regular” trainings and exercises on cybersecurity, the spokesperson continued, noting that “fraud costs the transport industry billions of pounds every year.”

Read more: Investors sunk billions into these 14 cybersecurity startups as the pandemic and massive hacks like SolarWinds made the industry more vital than ever

However, TSSA has since slammed the train operating company and its “crass and reprehensible” phishing test for being a “cynical and shocking stunt.”

“It’s almost beyond belief that they chose to falsely offer a bonus to workers who have done so much in the fight against this virus,” Manuel Cortes, TSSA’s general secretary, said in a press release. “Our members have made real sacrifices these past twelve months and more. Some WMT staff have caught the disease at work, one has tragically died, and others have placed family members at great risk.”

West Midlands Trains isn’t the only company that has received backlash for sending its employees a phishing email disguised as a bonus. In December 2020, GoDaddy also sent its employees a similar phishing test pretending to offer a $650 holiday bonus. Employees who fell for the scam then had to retake the company’s “Security Awareness Social Engineering training.”

Read the original article on Business Insider

Ransomware attacks hit ‘under-resourced’ city governments hardest, says cybersecurity expert whose kids’ school was shut down by hackers for 4 days

Colonial Pipeline
Trucks line up at a Colonial Pipeline facility.

  • Friday’s DarkSide attack took down a major oil pipeline that supplies the US East Coast.
  • A cybersecurity expert said such ransomware attacks tend to target municipal governments.
  • The expert’s kids were out of school for four days last year after Baltimore’s school system was hacked.
  • See more stories on Insider’s business page.

The hacking of a major US oil pipeline Friday is the latest in a string of cyberattacks under federal investigation.

The stories read like movie loglines: A reportedly Russia-backed group slowly burrowed its way into US digital infrastructure, gaining access to important government accounts. An unknown cyber-assailant tried to poison a Florida town’s water supply. And now, a group of veteran cybercriminals took down an East Coast oil pipeline and held it ransom.

Ransomware attacks are common and are the cyberattack with the most potential to wreak havoc on everyday life, according to Ben Miller, an executive at the industrial cybersecurity firm Dragos Inc.

Miller had firsthand experience with a ransomeware attack in November, when hackers took over Baltimore’s school system and forced it to shut down for four days.

“My kids didn’t have any snow days this year because they had school from home,” Miller told Insider. “They had ransomware days.”

There are two major types of cyberattacks, according to Miller: attacks like the one on US information technology firm SolarWinds, which US intelligence agencies say Russia was behind, that seek some kind of geopolitical advantage. Then there is smaller-scale ransomware, where – normally private actors that may or may not work with tacit government permission – go after companies and other institutions and then extort them to ease up on the attack.

The DarkSide attack against the Colonial Pipeline was a ransomware attack. The hacking group shut down a major pipeline that runs from Texas to New York, demanding money in order to restore its service in what Miller said was an example of how cyberattacks are increasingly affecting the “real world.”

Some of the most common targets of ransomware are municipal governments that are “under-resourced and under-managed” when it comes to cybersecurity, Miller said. Several other school systems in the US were hit by ransomware attacks in the past year. In April, the Justice Department announced a new task force to address ransomware attacks across the US.

Ransomware gangs also go after hospitals, as in the 2017 Wannacry hack that shut down parts of Britain’s National Health Service.

The hackers typically want to cause as much pain as possible so that they can get paid quickly, Miller said, making critical infrastructure an appealing target.

“When they can have a direct impact on their business – like shutting down a pipeline or impact to some facility – it does ring a chord with the victims and how they respond to that,” Miller said.

Miller said cyberattacks are so commonly directed at US companies because they’re wealthy enough to pay off ransomware attackers. Ransomware hacking groups view themselves as businesses, he said, and target companies and institutions in countries where they’re likely to make money: The United States, Britain, and Germany.

“The industry in the US would be more likely to pay an extortion of a couple of hundred thousand dollars or whatever,” Miller said. “Not to say that they should, or do – but they’re perceived that way, compared to firms in South America or Africa where that would literally, in many cases, put these firms out of business.”

Read the original article on Business Insider

I’m a former hacker and I believe the current round of digital vaccine passports pose real security risks. But a safe, effective vaccine passport is possible.

international travel guide
Vaccine passports

  • Vaccine passports are not yet safe and secure enough to be widely distributed.
  • Many of the options available today present security risks for sensitive personal information.
  • To successfully implement vaccine passports, data-tracking guidelines, government policies, and online behavior must change.
  • Mary Writz has 19 years’ experience in the field of cyber security and is the vice president of product at ForgeRock.
  • This is an opinion column. The thoughts expressed are those of the author.
  • See more stories on Insider’s business page.

I am a former ethical hacker, and because of my more than 20 years of experience in security, my friends and family often come to me with cyber security questions. On their minds lately is the question of whether digital COVID vaccine passports are safe.

The short answer is not yet. While I believe it is possible to build a safe and secure digital vaccine passport, there are serious hurdles that make it difficult to deliver an app that can stand up to the security and privacy rigors that would meet my, or my peers’, standards.

Anyone considering downloading one of the existing applications should proceed with caution – some of the options today present too great a risk to people’s identity. Many of these hastily-created applications can expose sensitive personal and health information, which can be sold and used in malicious ways. Tech companies need to keep working to create a safe digital vaccine passport.

A digital passport even a hacker could trust

Before we can debate the possibilities a vaccine passport can unlock, we need to address safety and it’s clear a new approach to vaccine verification is needed. Currently, the technology community does not have the right solution in front of them – it is more of a buffet of options, some riskier than others.

Ideally, companies should aim to create a single, universally-accepted physical or digital passport recognized by all governments and businesses while preserving our privacy and securing our health information. Think of it as the ultimate passport to life that speeds our return to normal when the next global health crisis emerges.

A universal passport could also include verification data for other documents we carry separately today, like driver’s licenses, passports, social security cards, membership cards, and credit card information. But we cannot place big bets on improving access to the digitally-connected world without also investing in security solutions first.

Technical challenges and public buy-in

Technically speaking, the challenge will be to get a bunch of technologists to agree on a standard approach to vaccine tracking. A universal standard will require alignment on what constitutes evidence of vaccination or how data should be collected and stored from the start – without leaking users’ personal information.

Without a widely-adopted set of standards, people will be downloading myriad, potentially dangerous mobile apps to do things we all desperately miss doing now like going to a movie or a concert.

The problem with a fragmented approach is most people do not know how to spot a good app from a less trustworthy option. We can count on Google and Apple to filter out a lot of the garbage for us, but without checks and balances, it’s virtually impossible to ensure the digital safety of these apps. As non-technical consumers, it would be even harder to avoid being tricked into downloading a copycat version or an app that was not developed securely.

Additionally, even if the technology is sound and secure, some folks may not feel comfortable with vaccine verification apps initially. The reason my friends and family come to me for my opinion on the security of technologies is because they feel unqualified to ascertain if these applications are safe. For widespread adoption to take hold, we need time to educate citizens and get their buy-in.

In the meantime, if someone needs to use a vaccine passport now, they should only use a link from an actual source like a government agency, employer, or mobile carrier. Scanning a random QR code or clicking a link from an unknown source can be dangerous.

Government policy around vaccine passports can help

A potential solution for the cultural friction that could surface would be to enforce a government policy around vaccine passports, but there are challenges here too. Governments across the world differ in their ability to enforce such policies, and currently the US government indicates a preference to leave it to the private sector. Even if that position changes – or a public-private partnership forms in our country, like European EID schemes – it would take time to determine specifics surrounding vaccine passport enforcement and the infrastructure needed to stand it up.

Historically, legislation has not kept up with the rapidly-shifting technology landscape. In the case of approving COVID-19 vaccines, we have seen the government move quickly and partner with the private sector to help bring a life-saving solution to market fast. That same rule-breaking approach in developing new protocols that sidesteps traditional processes could go a long way in helping to deliver a universal vaccination passport. For example, the US could fund and steer a task force aimed at delivering a solution that encompasses thinking across policy, security, and user experience.

And it can be done. The tech community has solved hard problems before, like securing the internet with SSL, and they can do it again. But it does not happen overnight – it takes time, resources, and a mindset shift to find the right solution. If tech and government agencies work together, we can be ready to help society get back to the things we love faster, with more confidence in its safety and security.

Mary Writz is the Vice President of Product at ForgeRock. Mary has 19 years’ experience in the field of cyber security. Prior to ForgeRock, Mary held product and leadership positions at Hewlett Packard and IBM in domains such as threat detection, machine learning, penetration testing, security intelligence, distributed denial of service, and targeted attack protection. Mary holds two patents and a Master of Engineering degree in telecommunications.

Read the original article on Business Insider

4 unanswered questions about the mysterious company that began managing a big chunk of the internet minutes before Biden was sworn in

pentagon US washington DC
  • Global Resource Systems LLC began managing about Pentagon IP addresses in January.
  • The company has no online presence and currently manages about 6% of usable internet space.
  • Here are the biggest questions about the Pentagon’s decision to activate nearly 175 million dormant IP addresses.
  • See more stories on Insider’s business page.

A mysterious company from Florida took over managing a large portion of the internet owned by the Pentagon mere minutes before Joe Biden was sworn into office.

The company, which was identified as Global Resource Systems LLC, now oversees nearly 175 million IP addresses – managing more cyberspace than some of the world’s largest internet providers, including Comcast and AT&T.

The mysterious startup’s new role spawned several questions regarding the internet space and the Pentagon’s plans for it. Here are some of the biggest unanswered questions about the unknown company that is now managing nearly 6% of usable internet space.

What exactly is the Pentagon looking for?

The Pentagon made its first statement regarding its decision on Friday. Brett Goldstein, the chief of the Pentagon’s defense digital service, said federal officials are working to “assess, evaluate and prevent unauthorized use of DoD IP address space” and hopes to “identify potential vulnerabilities” in its fight to curb cyberattacks of US networks.

Despite its response, the Pentagon left more questions regarding its intentions than answers.

Mike Hamilton, former chief information security officer of Seattle and CISO of cybersecurity firm CI Security, told Insider one of the biggest questions people should be asking is, “Are they looking for something specific?” He said it seems unlikely that the pentagon would initiate a contract of that size without a probable cause or inciting incident.

“If they’re going to the extent of 175 million IP addresses, chances are they’re not just looking for “vulnerabilities,” Hamilton said. “The kind of computing power a company would need to be able to analyze 175 million IP addresses and the technology they would have to deploy, likely means this decision had to have been planned a long time ago.”

The government could be motivated by any number of reasons. Cybersecurity experts told Insider the Pentagon could be working to lure hackers or build up their defense by analyzing threats online, as well as planning to launch infrastructure for surveillance or even its own targeted cyber attacks against other countries.

Why did the Pentagon choose an unknown startup?

Global Resource Systems LLC was created in September and has no prior government contracts. The company also does not have an online presence or a business license where it is registered in Plantation, Florida, though the company filed paperwork in October, for incorporation in Delaware, as shown by Florida state records.

Cybersecurity experts told Insider the company’s anonymity puts an extra layer of protection over the government and makes it even easier to hide what the Pentagon is doing with the IP addresses.

“I can only speculate that ‘Global Resource Systems LLC’ is a DBA / Delaware Fictitious Name,” Scott Schober, CEO of cybersecurity firm Berkeley Varitronics Systems, told Insider. “They can then operate under an alias company name so they can stay off the radar and avoid scrutiny. Global Resource Systems can function as an extension of the government without direct connection allowing them to monitor activities without the overwhelming presence of the Pentagon nor the scrutiny of public opinion.”

Who is behind the Florida company?

The name on the company’s business papers, Raymon Saulino, matches a name tied to Packet Forensics, a company that has worked with the government before, according to a report from Associated Press. Packet Forensic had nearly $40 million in federal contracts over the past 10 years. It currently sells lawful intercept equipment – a process that allows law enforcement agencies to selectively wiretap individuals via a court order.

The company received national attention in 2011 when a Wired story reported Packet Forensics was selling an application to the federal government that could spy on people’s online browsers.

Global Resource Systems LLC also has the same name as a firm that shut down over 10 years ago and was sending out email spam, internet fraud researcher Ron Guilmette told Associated Press. The company had the same street address and used the same internet routing identifier. The only difference between the two companies is that this one operates as a limited liability corporation.

The company has no real history, but the people behind the company undoubtedly have government connections, Morgan Wright, the chief security officer of SentineOne, told Insider.

Wright told Insider the startup is likely a shell for a bigger company due to the computing power needed to manage nearly 175 million IP addresses.

“It would be like trying to eat an elephant,” Wright said. “Not many companies can do that.”

Why did the handover happen moments before Trump left office?

The shift in management of the IP addresses was revealed via an announcement in the internet-routing messaging system of Border Gateway Protocol (BGP). Messages arrived about three minutes prior to Biden’s inauguration that the previously dormant IP addresses that had been assigned to the Pentagon had begun accepting internet traffic that would be routed through the new company. Overtime, the company increased its management to nearly 175 million unused ranges on the IPv4 internet space.

While the timing seems noteworthy, many cybersecurity experts told Insider that the decision was probably not politically motivated.

Wright said the deal had likely been in the works for some time. It probably made sense for the Pentagon to put it into action before it would have to go through the scrutinization process of a whole new administration.

Read the original article on Business Insider

4 possible explanations for why a mysterious Florida company is managing a huge chunk of Pentagon internet addresses, according to cybersecurity experts

cyber attack hacker
  • Moments before the inauguration, a Florida company began managing nearly 175 million Pentagon IP addresses.
  • The Department of Defense said it is using the addresses to “identify vulnerabilities” in DoD space.
  • Here are four possible explanations for the Pentagon’s decision, according to cybersecurity experts.
  • See more stories on Insider’s business page.

A mysterious startup in Florida with no online presence or history with the government captured public attention this week after it was revealed that it was managing nearly 175 million of the Pentagon’s Internet Protocol addresses.

What’s more, the deal was announced about three minutes before former US president Donald Trump left office and it encompasses almost 6% of usable internet space.

It is largely unknown what the Pentagon is planning to do with the IP addresses, as well as why the government chose the unknown startup, Global Resource Systems LLC. Cybersecurity experts told Insider the Pentagon could be looking to do anything from lure in hackers and build up online government defenses to surveillance of US citizens and reconnaissance on foreign countries.

When contacted for comment, a government spokesperson pointed Insider to a Friday statement from the Pentagon’s chief of defense digital service, Brett Goldstein, who said federal officials are working to “assess, evaluate and prevent unauthorized use of DoD IP address space” and hopes to “identify potential vulnerabilities” in its fight to curb cyberattacks of US networks. The Pentagon confirmed that the government has maintained ownership of the internet addresses while Global Resource Systems LLC is managing them.

The Pentagon could be using the newly advertised internet space as a “honeypot”

Honeypots are spaces on the internet with obvious vulnerabilities that are designed to draw in hackers or other bad actors. Scott Schober, the CEO of cybersecurity firm Berkeley Varitronics Systems, told Insider an effective honeypot would allow the Department of Defense (DoD) to study hackers’ tactics and identify the vulnerabilities that they are targeting.

Read more: The Pentagon’s mysterious move to start using inactive internet space could help it see into the networks of big companies

“This would allow the government to observe the hackers without any trace of surveillance in order to anticipate future moves,” Schober said.

The move would be particularly poignant in light of recent threats to the government’s system, including the SolarWinds hack.

While Schober and founder of cyber analytics company ExtraHop Jesse Rothstein agreed a honeypot is a likely explanation for the move, other cybersecurity experts expressed doubts regarding the theory.

Morgan Wright, the chief security officer of Sentinel One, said it could be difficult to set up the space for a honeypot, as it has been so heavily publicized that the IP addresses belong to the DoD. Similarly, Mike Hamilton, former CISO of Seattle and CISO of cybersecurity firm CI Security, told Insider the government wouldn’t need nearly that much space on the internet to set up a trap.

The government could be setting up a surveillance system to scour internet traffic

Hamilton told Insider that the Pentagon could be piloting software and servers to identify suspicious activity on the internet, whether from outside countries and hackers or internal internet chatter in the US.

About 175 million IP addresses could encompass the internet footprint of the entire US, according to Hamilton, who says the government could be practicing the scaling required to analyze large portions of US internet use. The data gathered could help prevent organized crime in the US – instances like the US Capitol siege, which first came together online.

While privacy laws deter internet surveillance, Hamilton said the involvement of a private company could create plausible deniability for the government. He pointed to similar internet surveillance in China and even the UK – which has been testing online surveillance technology for the past two years, logging and storing the web browsing history of every individual in the country.

“I can see that as an outcome because the alternative would be legislation making it okay for the NSA to surveill internally and nobody’s going to do that,” he said, calling the new company a “relic of the Trump administration.”

To date, the NSA’s “upstream” surveillance program allows the organization to search the international online activity of Americans, but it requires a type of warrant from a special court and does not aggregate and analyze entire data sets.

While Hamilton said the company could use BGP route injections (a process that allows outside sites to hijack a route) to collect data on US citizens, as well as foreign organizations, Rothstein told Insider he doesn’t see any evidence for BGP interception.

However, the government could easily scarf up extra data as the Pentagon’s IP addresses include significant addresses. Even though internet connections in residential areas, enterprise environments, and office spaces should be using private IP addresses under address allocations in RFC1918, many do not, according to Rothstein. He said some of the Pentagon’s IP prefixes could be in use by outside parties.

Many cybersecurity experts were optimistic that the government would be more focused on external traffic from other countries than collecting data from within the US.

The government could be preparing to launch a series of cyber attacks

The decision to activate the formerly dormant IP addresses could be a way for the US to keep up with other countries, including Russia, China, and North Korea, that use high level cyber intelligence.

The Pentagon has recently been making strides to protect its digital presence and compete with other countries in cyberspace. The government created the Defense Digital Service unit in 2015 to solve emergency problems and make technological advancements for the US military. The Pentagon’s IP address decision spawned from the DDS team that is characterized as a “SWAT team of nerds.”

Wright said the IP addresses could be used to provide foreign intelligence and launch surveillance attacks against other counties. For example, some Chinese companies use similar IP address numbering schemes for their internal networks, and there’s a chance some of their data could be directed to the US.

He said that cyberspace is the next frontier for warfare and the US is lagging behind.

“Unless we get better at defending cyberspace, we will continue to lose our national intelligence information,” Wright said. “We have a massive intelligence failure right now,” he said pointing to the recent SolarWinds hack.

Whether via launching surveillance attacks on other countries or improving its defense, the US needs to prioritize its cyberspace, Wright said.

The pilot program could help prevent attacks on the Pentagon’s IP addresses

Cybersecurity experts agreed the company would be able to identify large scale attacks and, as a result, develop strategies to better protect its system.

“When it comes down to it, it’s all about cybersecurity research,” Rothstein told Insider.

The company could identify worms on the internet, as well as distributed denial of service attacks (intentional disruptions to internet service, often referred to as DDoS attacks).

With the sheer amount of internet space that the company will be able to analyze, it would be able to come up with sophisticated defense mechanisms and generate a greater understanding of the kinds of vulnerabilities hackers and outside countries seek to exploit.

Read the original article on Business Insider

Zscaler and Varonis Systems are among the top 7 cybersecurity stocks this earnings season, Wedbush says

cyber security
  • Wedbush analysts expect cybersecurity spending to jump more than 20% in 2021 alone.
  • Cybersecurity stocks will be buoyed by federal spending and a push towards hosting workloads on the cloud.
  • Varonis Systems, Zscaler, Telos Corp., Sailpoint Technologies, Tenable Holdings, Palo Alto Networks, and Fortinet are the firm’s top cybersecurity picks.
  • Sign up here for our daily newsletter, 10 Things Before the Opening Bell.

Zscaler and Varonis Systems are among Wedbush Securities’ top 7 cybersecurity stocks heading into what the investment firm believes will be a “strong” earnings season for the sector.

In a note to clients on Sunday, analyst Dan Ives and his team said they’re expecting a robust March earnings season for the cybersecurity space due to a growing threat landscape for tech companies and a continued shift to the cloud.

“Cybersecurity sector/stocks have been treading water so far this year, we view a ‘beat and raise’ 1Q as a positive catalyst to move the sector higher for the rest of 2021,” Ives wrote.

The analysts said recent checks on the cybersecurity industry have revealed strong deal flow making them bullish on the sector.

“In particular we are seeing strong deal flow around identity threat detection, privileged access management (PAM), endpoint/ vulnerability security, and a discernible shift to zero trust architecture all gaining steam in the field,” Ives wrote.

Ives and his team also said they believe 44% of workloads will move to the cloud by the end of 2021 and that figure will hit 55% by 2022.

This digital transformation to the cloud is set to buoy cybersecurity names moving forward, according to Wedbush. The firm forecasts cybersecurity spending to increase over 20% in 2021.

Data from Gartner backs up the Wedbush’s stance. Gartner is forecasting the worldwide information security market to reach over $170 billion in net value by 2022 amid a continued push towards cloud hosting.

The shift to cloud for both enterprises and governments is also being accelerated by big tech companies like Microsoft, Amazon, and Google, due to their recent push to enhance cloud offerings.

Ives and his team said they believe the cybersecurity sector could see an additional 300 bps+ lift from President Biden’s federal spending surge in light of recent nation-state attacks from Russia and China as well.

The analysts added that they expect a surge of M&A to take place within cybersecurity from both strategic and financial players in the coming months.

To that point, ThomaBravo announced it acquired the cybersecurity firm Proofpoint for $12.3 billion in cash on Monday.

Ives concluded by laying out his top seven picks for the cybersecurity industry, which included the following: Varonis Systems, Zscaler, Telos Corp., Sailpoint Technologies, Tenable Holdings, Palo Alto Networks, and Fortinet.

Read the original article on Business Insider