Cyber Daily: Federal Law Enforcement Seeks to Fill the Holes Revealed by Jan. 6 Attack - The Wall Street Journal
Hello. U.S. law-enforcement and intelligence agencies are grappling with online chatter promoting violence, along with threats against lawmakers, inspired in part by the Jan. 6 attack on the U.S. Capitol, officials say.
As the anniversary of the Capitol attack approaches, anonymity in the cyber realm leaves holes in threat assessments. So does the difficulty of making sense of disparate data points—a task that corporate cyber-threat analysts deal with daily.
The FBI said that it has put greater emphasis on “swift information sharing” with other law-enforcement groups and made improvements to help investigators and analysts in the field.
Analysts are receiving new training on how to evaluate online messages. Homeland Security in May announced a new domestic-terrorism branch within its Office of Intelligence and Analysis to focus on producing such intelligence.
More below.
Your Firewall May Be Your Downfall
The pandemic may have weakened global supply chains, but there’s no shortage of DDoS attacks. In fact, without taking these countermeasures, your connectivity supply chain may be at risk.
Read More
Homeland Security and other law-enforcement agencies last week warned state and local officials of a heightened potential for violence on the anniversary of the Capitol breach, noting they knew of no specific or credible threats.
An intelligence assessment said “threat actors will try to exploit the upcoming anniversary” to promote or commit violence, according to a person familiar with it.
The U.S. Capitol Police force is seeking to hire more analysts to monitor the rise in menacing communications, said J. Thomas Manger, chief of the force since July. The torrent of social-media posts also can make it difficult to distinguish online bravado from a genuine threat.
The force has issued every officer a cellphone and sends daily intelligence briefings, Mr. Manger said. It also has been holding daily calls to share intelligence with other law-enforcement agencies in the region.
Read the full story.
Cybersecurity Business
Google’s cloud unit said Tuesday it has acquired Siemplify, a startup that provides security-operations tools. Siemplify, founded in 2015 and based in Ramat Gan, Israel, builds tools in a category called security orchestration, automation and response, or SOAR, aimed at helping companies recover from cyberattacks. Neither company disclosed financial terms. Google paid about $500 million in cash for the company, Reuters reported, citing a person familiar with the matter.
New York-based Human Security Inc. said it has raised $100 million in funding, led by investor WestCap. Human Security provides technology to detect fraud and counter bot attacks. (Security Week)
More Cyber News
Cyber analysts warn of potential hacks by Russia against Ukraine. As Russian troops gather at the border with Ukraine, cybersecurity researchers have identified a surge in hacking activity. Ukraine wouldn’t be able to defend against a major onslaught that pairs cyber offensives with physical ones, they say. (Washington Post)
Related: Russia’s military buildup near Ukraine is an open secret. Satellite images, social-media posts and flight-tracking data allow private analysts to track details governments once classified.
Video used as hacking vector. A group of hackers has targeted the real-estate sector with ploys that use a cloud-based video service to insert malicious code into video players, according to Palo Alto Networks Inc.’s Unit42 cyber-research arm. The malware seeks out names, email addresses and credit-card data, Palo Alto Networks said. More than 100 real-estate sites have been hit. (Bleeping Computer)
December ransomware attack on Kronos continues to disrupt payroll for customers. Employees of Penn Highlands Healthcare might be overpaid or underpaid, the Pennsylvania-based hospital chain warned, as payroll service provider UKG Inc. works to restore tech systems after a ransomware attack affecting its Kronos service. UKG said it became aware of the hack on Dec. 11. Healthcare groups in several states have been affected. (SC Media)
Kronos users span industries, including retail, government services, manufacturers and numerous healthcare systems. More here on the attack.
New from WSJ Pro Research
2021 in Review: Takeaways for the CEO
There is no such thing as security, only degrees of insecurity. This report captures the key incidents of 2021 and the thematic takeaways chief executives and other company leaders would do well to keep in mind.
Privacy
Alleged insider breach: New York-based investment firm Off Road Capital Partners LLC said a now-former employee, prior to resigning last year, took business and personal data between April 27 and May 2. Off Road didn’t specify the business information it said the former employee downloaded.
Compromised client information includes names, dates of birth, Social Security numbers, tax and bank account data, and wire instructions, the company said in a notification letter filed with Vermont regulators and signed by founders Gideon King and Robert Kramer.
Off Road offered to reimburse individuals up to $250 for two years of credit-monitoring services.
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
source: https://www.wsj.com/articles/cyber-daily-federal-law-enforcement-seeks-to-fill-the-holes-revealed-by-jan-6-attack-11641392425
Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.