At a glance.

  • The aftermath of an intrusion into US Federal court networks.
  • German prosecutors hunt Berserk Bear.
  • New Zealand works toward greater cyber resilience.

Dealing with the aftermath of the US Federal Court hack.

SC Media reports that following a recent hack of the Federal judiciary’s document management system, it was determined that the breach dates back to early 2020, with House Judiciary Chairman Jerry Nadler saying that the full scope of the breach was only discovered in March. Some press reports indicated a connection with the infamous SolarWinds hack, however, Nadler says otherwise, stating that it was a separate attack. Assistant attorney general of the Justice Department’s National Security Division, Matthew Olsen, would not identify the nation-states believed to be involved, but did say that cases involving Russia, China, Iran, and North Korea are being investigated. Sam Curry, chief security officer at Cybereason, told SC Media that he believes nobody knows the full scope of the breach. “Estimating the full scope of this breach is difficult,” he said. “It’s likely to be iceberg-like: only a fraction is above the waterline and visible. Was this breach part of an elaborate cover story from a nation-state that has other intentions and targets? Again, only time will tell.”

Karen Crowley, director of solutions marketing at Deep Instinct, said that beyond the impact of system disruption, it puts a lot of pressure on the IT and security teams to get to a fix quickly. “The chance of reinfection is high, even when they think the threat is eradicated, and they must be on alert for the next cyberattack that could be around the next corner. Unfortunately, this pressure is taking a toll. Recent research shows that 45% of professionals have considered leaving the industry due to stress, with the primary issue being the constant threat posed by ransomware. At a time when labor is already tight, this highlights that our attitude must shift when it comes to security.”

Andrew Hay, COO at LARES Consulting, said that the amount of time that passed between the breach and its reveal was unjustified, saying, “The only thing I can think of that would justify the time that has passed is that this was an active FBI investigation, so no news could be communicated.”

German prosecutors are after Berserk Bear.

German prosecutors have issued a warrant for the arrest of Russian national Pawel A in connection with the Berserk Bear hacking group within Russia’s Federal Security Service (FSB), The Record reports. Pawel is accused of engineering an attack on Netcom BW in 2017, the company that manages the routers for the EnBW energy company, as well as an attack on electric company E.ON. German public broadcasters BR and WDR report that the warrant was not made public, but that the hackers used a vulnerability in Netcom BW’s routers to break into the management system of the company’s public telecommunications network. 36-year-old Pavel Aleksandrovich Akulov could possibly be Pawel A, as he was one of four Russian hackers indicted by the US Justice Department last year for attacks against global energy companies, and he was also identified in the indictment as a member of the Berserk Bear group.

New Zealand works to shore up national cyber resilience.

Newsroom reports that New Zealand’s 2022 budget included a $30 million investment in cyber resilience. The country’s cyber minister, David Clark, said that cyber threats are increasingly common, saying, “The public has been alerted through events like the Reserve Bank, the NZX and particularly the Waikato DHB to the dangers of cyber crime. And as time goes on, more and more New Zealanders have their individual stories of friends and family who’ve been the victims of cyber crime. And, over time, the threats are growing.” 

Among other things, the budget has been used to create the “cyber resilience measurement framework” initiative, which takes a broad view of cyber resilience, and attempts to measure it. A prototype framework has been developed, revealing difficulty in quantifying certain aspects of cyber resilience. Clark said that the framework will play a part in improving the country’s resilience, saying “It’s a building block that I hope will continue to be looked upon over time. Government currently is subject to hundreds of thousands of attacks a day. When you’ve got hundreds of thousands of attacks a day, you’ve got a serious situation. Only one of those needs to succeed to have often dire consequences. That’s true across our whole population. We’ve got to continue to build on what we’re doing. We’ve got to continue to seize the opportunity.”