04 January 2019

IRM Weekly Cybersecurity Roundup: NIST shutdown and more

Here it is – the first cybersecurity news roundup of 2019! We hope you had a good Christmas and New Year? Get up to scratch with the news you’ve missed by reading this week’s summary. If you want the weekly roundup delivered straight to your inbox, sign up to the IRM newsletter.

US newspaper printer cyber-attack halts printing

Tribune Publishing are responsible for printing titles including The Los Angeles Times and The Wall Street Journal. Last week they experienced a malware attack which affected printing deadlines.

Implemented security patches were unable to hold the virus, which re-infected the network. This delayed the printing of many newspapers. It is thought that the intention of the attack was to purposefully delay logistics rather than steal information.

You can read more here.

NIST shutdown due to lack of funding

The National Institute of Standards and Technology’s (NIST) funding expired after the 21st December 2018. This has forced the Department to reduce their operations.

NIST is a non-regulatory government agency driving innovation and economic competition in US organisations. As part of its operation, NIST produces guidelines and standards to help businesses protect their information systems. This means NIST is often a key part of the info security industry.

The shutdown of Government agencies due to funding is not unheard of. Despite this, there are concerns over the delay of upcoming security standards and guidelines NIST is due to publish.

You can read more here.

UK Government publishes strategy to address cyber-skills gap

The UK Government has published a paper “Initial National Cyber Security Skills Strategy” to address the growing cyber-skills gap.

The aim of the strategy is to ensure that the UK has a “sustainable supply of home-grown cyber skilled professionals”. They aim to achieve this by increasing cybersecurity capacity across sectors. The strategy sets out four objectives to work towards. These include setting up the education system to support cyber talent and ensuring the public sector leads by example in developing cybersecurity capability.

You can read the full strategic paper here.

Quick Fire Updates 

New cybersecurity standard published for autonomous vehicles – The British Standards Institute has issued a standard to help guide leading car manufacturers on cybersecurity. New guidance includes how to protect self-driving cars from hacking. You can purchase access here.

Luas travel operator victim to Bitcoin hack – The Irish tram/light rail operator has confirmed its website was compromised on Thursday 3rd January. A malicious message was posted on the homepage, asking for one bitcoin within five days in payment for not publishing Luas’ sensitive data. Whilst the hack didn’t affect travel, Luas told customers not to use the website until technicians solved the issue. Read more here.

The future of automated cyber-attacks – Many cyber professionals predict that 2019 will see an increase in automated cyber-attacks. These attacks are evolving to involve techniques such as “credential stuffing”, using previously stolen passwords to break into online accounts; a technique used for Dunkin’ Donuts recent attack. Hacker bots, malicious chatbots and shapeshifter malware are just a few of the other techniques covered. Read more here.

To receive this blog direct to your inbox every week, sign up to our newsletter.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM.