Home  /  Privacy and Security  /  US government wants to learn more from recent major hacks
PostedinPrivacy and Security Posted on

US government wants to learn more from recent major hacks

Posted By 

Department of Homeland Security heads up new board examining cybersecurity incidents

The United States Government has formed a new organization that aims to improve the country’s cybersecurity posture and make sure the country learns from previous attacks and incidents.

The new Cyber Safety Review Board (CSRB) is similar in design to the National Transportation Safety Board (NTSB), an organization investigating traffic disasters and similar accidents.

However, unlike NTSB’s five members, CSRB will have 15, with Homeland Security undersecretary for policy Robert Silvers serving as chair, and Google’s security engineering chief Heather Adkins as deputy chair.

Analyzing log4j

The organization hopes its work will “generate many lessons learned for the cybersecurity community,” and also on the board is Rob Joyce, director of cybersecurity at the National Security Agency, Dmitri Alperovitch, co-founder and chairman of Silverado Policy Accelerator, and Katie Moussouris, a bug bounty pioneer who founded and heads Luta Security.

For starters, the board will focus on the log4j vulnerability, which is still being exploited by “a growing set of threat actors”.

In early December last year, a highly potent zero-day vulnerability was discovered in the popular Java logging framework log4j. Tracked as CVE-2021-44228, it allows malicious actors to run virtually any code on an endpoint. The knowledge threshold is very low, meaning even low-skilled attackers can abuse it. 

The flaw is being compared to the 2017 issue which led to the Equifax hack, leading to the personal data of almost 150 million people being exposed. Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) described it as “one of the most serious” flaws she’s seen in her entire career, “if not the most serious”.

So far, experts have discovered multiple use cases for the vulnerability: to install malware, cryptominers, to add the devices to the Mirai and Muhstik botnets, to drop Cobalt Strike beacons, to scan for information disclosure, or for lateral movement throughout the affected network.

Credits: Sead Fadilpašić
Source: TechRadar.com
Featured Image: Shutterstock

About Author

Kerry.Hershey

Related Posts

© Copyright 2019