Information Technology

New York state governor Kathy Hochul unveiled a new centralized cybersecurity center after White House officials met with her on Friday to discuss their concerns about potential cyberattacks.  Hochul announced the new statewide Joint Security Operations Center alongside mayors from New York City, Albany, Buffalo, Rochester, Syracuse, and Yonkers on Tuesday afternoon. 

The cybersecurity hub, located in Brooklyn and called the first of its kind in the nation, will serve as a centralized location for state officials to turn in times of cybercrisis.  Officials said the Joint Security Operations Center will be comprised of experts from federal and state law enforcement entities, representatives from local and county governments, and NYC3. NYC3 was created in 2017 as a body coordinating New York City’s cyber defenses across more than 100 agencies and offices.The mayors said the command center will strengthen the state’s threat detection capability “by centralizing telemetry data — allowing officials to assess and monitor potential threats in real time.” The center will also help officials “streamline threat intelligence and responses in the event of a significant cyberattack.”Hochul explained that she had been working throughout the weekend after federal officials held meetings warning of the potential for cyberattacks coming in response to sanctions against senior officials in the Russian government. Cybersecurity and Infrastructure Security Agency director Jen Easterly said there are no specific or credible threats to the US but wrote that “Russia may consider taking retaliatory action in response to sanctions that may impact our critical infrastructure.”

Easterly lauded the New York effort, writing that collaboration between local, state, federal, and private sector players is how they can successfully ensure the resilience of businesses and organizations.”In light of current geopolitical uncertainty, earlier today I convened cabinet members from relevant areas to review our ongoing cybersecurity preparedness efforts and make sure that New Yorkers, our institutions, and our critical infrastructure are protected from cyber-facilitated disruptions. We are in regular touch with the White House and the US Department of Homeland Security to ensure coordination,” Hochul said. 

“The reality is that because New York State is a leader in the finance, healthcare, energy, and transportation sectors, our state is an attractive target for cyber criminals and foreign adversaries. My Administration has taken significant steps to prepare for what have become increasingly sophisticated cyberattacks, including my recent budget proposal to invest $62 million in our cybersecurity protections, which is more than double from last year. Cabinet leaders will continue reviewing their cyber-risk management readiness and communicate with relevant industry and government partners to ensure threat intelligence is being relayed as quickly as possible,” Hochul added. 

ZDNet Recommends

The best security key

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

At the event, local mayors spoke at length about the trouble they face in defending government offices against waves of sophisticated attacks.  “There is no greater threat to the day-to-day operations of city and state government, then cybersecurity,” Syracuse mayor Ben Walsh said. Albany’s mayor spoke about their ordeal with a ransomware attack in 2019 while New York City mayor Eric Adams said his predecessor, former mayor Bill de Blasio, told him cybersecurity was one of the biggest crises the city was facing. New York City announced its own slate of measures designed to protect the city from cyberattacks. Adams released an executive order requiring each city agency to designate a cyber command liaison who will work with the Office of Cyber Command to share information, monitor threats, and adopt best practices around cybersecurity.

“Technology runs our water, controls our electricity, and notifies us during an emergency, so cyber attacks have the ability to bring our entire city to a halt if we are not prepared. Our city is a prime target for those who want to cause destruction, and while New York City Cyber Command is already a national model for impeding these threats, it’s time our cybersecurity gets moved to the next level,” Adams said. “The new Joint Security Operations Center will take an integrated and holistic approach to hardening our cyber defenses across the city and the state, building on the robust cyber infrastructure New York City has developed in recent years.”New York City Chief Technology Officer Matthew Fraser said the creation of the Joint Security Operations Center was a transformational moment for cybersecurity in the state because it could make New York “the most cyber-resilient state in the nation.”State officials also noted that the Joint Security Operations Center will work with local educational institutions like CUNY to build out cyber curriculums and expand talent pipelines.  More

Security technology titan Palo Alto Networks this afternoon reported fiscal Q2 revenue and profit that both topped Wall Street’s expectations, and raised its outlook for the year. The report sent Palo Alto Networks shares up over 5% in late trading. CEO Nikesh Arora remarked that Palo Alto “continued to benefit from strength across our three security platforms, driven by strong cybersecurity demand, organizations architecting for hybrid work and growing their hyperscale cloud footprints.”Added Arora, “On the back of this strength, notably in our next-generation security offerings, we are raising our guidance for the year across revenue, billings, and earnings per share.”CFO Dipak Golechha remarked, “Total shareholder return was at the forefront of our Q2 results as we continued to deliver on accelerated revenue growth and strong cash flow generation as well as returned capital to shareholders.”Revenue in the three months ended in December rose 30%, year over year, to $1.3 billion, yielding a net profit of $1.74 a share, excluding some costs.Analysts had been modeling $1.28 billion and $1.65 per share.

Palo Alto said its “remaining performance obligation,” a measure of the total value of contracts with customers, rose by 36% to $6.3 billion.For the current quarter, the company sees revenue of $1.345 billion to $1.61 billion, and EPS in a range of $1.65 cents to $1.68. That compares to consensus for $1.35 billion and a $1.63 profit per share.For the full year, the company sees revenue in a range of $5.425 billion to $5.475 billion, and EPS of $7.23 to $7.30. That is above an outlook offered in November for $5.35 billion to $5.4 billion, and $7.15 to $7.25 per share. The forecast compares to consensus of $5.39 billion and a $7.23 profit per share.

Tech Earnings More

Security technology titan Palo Alto Networks this afternoon reported fiscal Q2 revenue and profit that both topped Wall Street’s expectations and raised its outlook for the year. The report sent Palo Alto Networks shares up over 5% in late trading. 

CEO Nikesh Arora remarked that Palo Alto “continued to benefit from strength across our three security platforms, driven by strong cybersecurity demand, organizations architecting for hybrid work and growing their hyperscale cloud footprints.”Added Arora, “On the back of this strength, notably in our next-generation security offerings, we are raising our guidance for the year across revenue, billings, and earnings per share.”CFO Dipak Golechha remarked, “Total shareholder return was at the forefront of our Q2 results as we continued to deliver on accelerated revenue growth and strong cash flow generation as well as returned capital to shareholders.”Revenue in the three months ending in December rose 30%, year over year, to $1.3 billion, yielding a net profit of $1.74 a share, excluding some costs.Analysts had been modeling $1.28 billion and $1.65 per share.

Palo Alto said its “remaining performance obligation,” a measure of the total value of contracts with customers, rose by 36% to $6.3 billion.For the current quarter, the company sees revenue of $1.345 billion to $1.61 billion, and EPS in a range of $1.65 cents to $1.68. That compares to consensus for $1.35 billion and a $1.63 profit per share.For the full year, the company sees revenue in a range of $5.425 billion to $5.475 billion, and EPS of $7.23 to $7.30. That is above an outlook offered in November for $5.35 billion to $5.4 billion, and $7.15 to $7.25 per share. The forecast compares to consensus of $5.39 billion and a $7.23 profit per share.

Tech Earnings More

Peloton’s outages have ended after a morning of complaints from customers who could not access classes or pages on the web. Also: The best peloton alternatives for your home gymThe problem stopped users from accessing their logins, live classes, on-demand classes, and leaderboards. Peloton users also could not activate their services on Peloton bikes or treadmills. 

We are currently investigating an issue with Peloton services. This may impact your ability to take classes or access pages on the web. We apologize for any impact this may have on your workout and appreciate your patience. Please check https://t.co/Dxcht2tQB0 for updates.— Peloton (@onepeloton) February 22, 2022

Peloton said the issue began around 10:45 am ET and was resolved by about 2 pm ET, and it took place amid other unexplained outages on Tuesday. Slack also experienced widespread outages, and reports surfaced of problems on other platforms like GitHub. By Tuesday afternoon most services had returned to normal. The Peloton outages came at a time of turmoil for the company, which recently removed co-founder and CEO John Foley, announced about 2,800 layoffs, and canceled plans for a new factory in Ohio. For Q2, Peloton reported a net loss of $439 million on a revenue of $1.14 billion. This pushed its guidance for the full fiscal year down by nearly $1 billion. 

Despite the lack of positive news, The Wall Street Journal reported that Amazon has expressed interest in acquiring Peloton while The Financial Times said Nike is also interested. The BBC added that Disney, Sony, and Apple have similarly shown interest in Peloton.   More

GitHub announced on Tuesday that their Advisory Database for security data is now open to contributions from experts. GitHub senior product manager Kate Catlin explained that the company has teams of security researchers that review all changes and help keep security advisories up to date. 

But with the amount of new vulnerabilities and different attack vectors emerging each day, the company believes members of its community may be able to share additional insights and intelligence on CVEs.”GitHub is publishing the full contents of the Advisory Database to make it easier for the community to benefit from this data. We’ve also built a user interface for making contributions… The data is licensed under a Creative Commons license, and has been since the database’s inception, making it forever free and usable by the community,” Catlin said. “The GitHub Advisory Database is the largest database of vulnerabilities in software dependencies in the world. It is maintained by a dedicated team of full-time curators and powers the security audit experience for npm and NuGet, as well as GitHub’s own Dependabot alerts. By making it easier to contribute to and consume, we hope it will power even more experiences and will further help improve the security of all software.”GitHub has built a “suggest improvements for this vulnerability” workflow into security advisories in the database. This allows researchers from GitHub Security Lab and the maintainer of the project who filed the CVE to review your request. The form allows you to suggest changes or to provide more context on packages, affected versions, impacted ecosystems, and more.
GitHub

Catlin added that the advisories in the GitHub Advisory Database repository will use the Open Source Vulnerabilities (OSV) format. Oliver Chang, software engineer for Google’s Open Source Security Team, said in order for vulnerability management in open source to scale, security advisories “need to be broadly accessible and easily contributed to by all.” “OSV provides that capability,” Chang said. GitHub repeatedly pushed its users to enable two-factor authentication last year and, in August, announced that it would stop accepting account passwords when authenticating Git operations. The platform began requiring people to use stronger authentication factors like personal access tokens, SSH keys, and OAuth or GitHub App installation tokens for all authenticated Git operations on GitHub.com. In January GitHub announced that two-factor authentication will be available to all users through GitHub Mobile.  More

Logistics and freight forwarding giant Expeditors International announced a cyberattack on Sunday that crippled some of their operating systems and continues to slow their operations around the globe. The Seattle-based freight company, which brought in $10.1 billion in revenue last year, said they shut down most of their operating systems globally after discovering the cyberattack. 

“The situation is evolving, and we are working with global cybersecurity experts to manage the situation. While our systems are shut down, we will have limited ability to conduct operations, including but not limited to arranging for shipments of freight or managing customs and distribution activities for our customers’ shipments,” the company said in a statement. “We are conducting a thorough investigation to ensure that our systems are restored both promptly and securely, and on a parallel track, evaluating ways with our carriers and service providers to mitigate the impact of this event on our customers. Since it is extremely early in the process, we cannot provide any specific projections on when we might be operational. Still, we will provide regular updates when we are able to do so confidently. We are incurring expenses relating to the cyber-attack to investigate and remediate this matter and expect to continue to incur expenses of this nature in the future. Depending on the length of the shutdown of our operations, the impact of this cyber-attack could have a material adverse impact on our business, revenues, results of operations and reputation.”The company did not say whether it was a ransomware attack and did not respond to requests for comment. On Sunday, they said systems may be unavailable as they try to secure their system, noting that “backup procedures are being implemented.”Another update was released on Monday explaining that the company’s global operations were still being affected by the attack. Expeditors said it was working through its crisis management and business continuity response plans but was still struggling to recover. Expeditors have thousands of employees across 350 locations in more than 100 countries. It has become just the latest logistics company to be hit with a cyberattack over the last month. 

Earlier this month, Swiss airport management service Swissport reported a ransomware attack affecting its IT systems that were later attributed to the BlackCat ransomware group. Another cyberattack on two German oil suppliers forced energy giant Shell to reroute oil supplies to other depots over the last month. The German Federal Office for Information Security (BSI) said the BlackCat ransomware group was also behind the incident, which affected 233 gas stations across Germany.Multiple ports in Belgium and the Netherlands reported issues after a cyberattack affecting IT services in early February. Terminals operated by SEA-Tank, Oiltanking, and Evos in Antwerp, Ghent, Amsterdam, and Terneuzen were all dealing with issues related to their operational systems. In a statement to ZDNet, Oiltanking said it “declared force majeure” due to the attacks. A spokesperson from Evos told ZDNet at the time that they were continuing to operate their terminals but were having some delays after the attack disrupted IT services at terminals in Terneuzen, Ghent, and Malta. Prosecutors in Antwerp opened an investigation into the cyberattacks.Billion-dollar German logistics firm Hellmann Worldwide Logistics was also hit with ransomware in December. More

Slack confirmed widespread outages on Tuesday morning, writing that some customers may be “experiencing issues” with loading the platform.

Some customer may be experiencing issues with loading Slack. We’ll provide a status update once we have more information. We’re sorry for the disruption. https://t.co/rd7foQMlhf— Slack Status (@SlackStatus) February 22, 2022

In another message, they apologized for the issue and said they were “digging into the problem with the highest priority.” Slack also confirmed the issues people were reporting on its status site. The situation was a major topic of discussion on social media, as some returned from long holiday weekends to find that they were unable to communicate with team members. AWS, Github and Peloton were among the other sites reporting outages alongside Slack. Downdetector noted that the reports of outages for all of the platforms began around 8:45 am ET. 
Slack
Slack said some users were reporting issues with logging in, messaging, sending files, and getting notifications. Slack previously had a major outage on January 4, 2021, which was the first working day of the year for many. The company later attributed the outage to infrastructure issues that led to a variety of problems. 

Salesforce acquired Slack for $27.7 billion in 2021, with plans to make it the glue of the company’s Customer 360 efforts. More

Many organisations that fall prey to ransomware attacks end up paying a ransom multiple times as cyber criminals exploit weaknesses in cybersecurity to squeeze their victims for as much cash as they can. According to analysis by cybersecurity researchers at Proofpoint, 58% of organisations infected with ransomware paid a ransom to cyber criminals for the decryption key – and in many cases, they paid up more than once. 

ZDNet Recommends

Law enforcement agencies and cybersecurity experts warn organisations against paying ransoms, because not only is there no guarantee that the supplied decryption key will work, giving in to ransom demands just encourages more ransomware attacks as it shows cyber criminals that the attacks work.SEE: Cybersecurity: Let’s get tactical (ZDNet special report)Of those who paid the ransom, just over half – 54% – regained access to data and systems after the first payment. But another third of ransomware victims ended up paying an additional ransom demand before they received the decryption key, while a further 10% also received additional ransom demands but refused the additional payment, walking away without their data. In 4% of cases, organisations paid a ransom or ransoms but still couldn’t retrieve their data, either because of a faulty decryption key, or because the cyber criminals simply took the money and ran. When organisations fall victim to ransomware attacks, the crooks have often been inside that network for weeks or months prior to the attack. That means that even if the ransom is paid, the hackers have the necessary controls and permissions to return and trigger another attack. 

“I don’t think a lot of organisations are aware of the fact that you might pay the ransom once, but if the criminals have been in your infrastructure for eight weeks, you don’t know what else they stole,” Adenike Cosgrove, cybersecurity strategist at Proofpoint, told ZDNet.  Stolen data is commonly used as additional leverage in ransomware attacks, as the cyber criminals threaten to publish it if they don’t receive a ransom payment. While this does force some victims into paying, there’s no guarantee that the cyber criminals won’t return with additional threats to publish the stolen data later. “The first run is ‘give me a ransom so I can give you the decryption key’. The second ransom is ‘give me a ransom or I’m going to put this data on the dark web’,” Cosgrove explained. “Third might be ‘give me a ransom or I’m going to tell media publications about this data breach that you have and tell the regulators that, hey you didn’t notify customers that their privacy was impacted,'” she added. The best way to deal with ransomware attacks is to prevent them from happening in the first place.  According to Proofpoint, 75% of ransomware incidents begin with phishing attacks, which cyber criminals use to steal usernames and passwords, or plant remote access trojans to gain an initial foothold in the network. Being able to detect suspicious activity early on can, therefore, provide a means of preventing a full-scale ransomware attack. “The assumption is that a ransomware attack is the beginning of an incident, but the reality is the incident started weeks ago,” said Cosgrove. Training users to identify and report suspicious emails can help organisations detect ransomware and other malware attacks early.Enabling two-factor authentication can also provide a significant stumbling block to phishing attacks that aim to steal usernames and passwords, because without access to the authentication app, it’s much harder for cyber criminals to leverage compromised login credentials. MORE ON CYBERSECURITY More