The previous month in cybersecurity:
- Glowworm Attacks Let Your LEDs Spy On You
- U.S. Senate Moves to Protect Water and Power Grids
- Accenture Gets Hit by LockBit Ransomware
- $600 Million Crypto Heist Nearly Resolved
- U.S. Navy Struggles to Keep Up with “RMF of Tomorrow”
A new paper released this month from the Ben-Gurion University of the Negev detailed an impressively frightening new form of cyber spying. An attack called Glowworm allows hackers to listen in to conversations through the LEDs on speakers. While this attack certainly sounds like a nightmare, the paper did reveal that there are limitations.
Glowworm attacks don’t pick up the actual audio – instead, they pick up the vibrations from the device that affect LED power indicators. As the power indicator flickers due to the electric current caused by a conversation, an electrical signal can be converted and played back. It isn’t perfect and requires specific circumstances to be effective.
However, the researchers did prove that as a crude spy tactic, it does have potential. Its defeat would be simple, but would it be detectable? The full white-page paper is online for further explanation on the researcher’s website (https://www.nassiben.com/glowworm-attack).
This month, the Senate passed a bill allocating one trillion dollars to the U.S. water and power infrastructure – and part of that budget is focused on protecting the grids from cyberattacks. After the Colonial Pipeline ransomware attack that caused havoc for millions of Americans earlier this year, Congress is aware of how devastating access to essential utilities can be. The new bill will allow the Federal Highway Administration to respond to cyber-attacks and allocates funds for emergency grants to help deal with these situations. Almost two billion dollars will be funneled towards cybersecurity initiatives, including creating a cyber director office to coordinate responses.
This month, Accenture was the latest big company to be hit by a ransomware threat. The consulting firm did confirm that they had a cybersecurity “incident” but didn’t comment on the nature of the attack. According to spokesperson Stacey Jones, “There was no impact on Accenture’s operations, or on our clients’ systems.”
LockBit has been operating since 2019 but saw a spike in activity in 2020. In a twist of irony, Accenture published a report just days before the attack, listing ransomware as a significant threat in 2021. The group threatened to release multiple terabytes of data unless paid 50 million dollars. However, despite their earlier report, Accenture has not commented on this attack specifically and has not addressed the demand publicly.
Clients affected by the Kaseya attack in July have spoken out, asking Accenture to explain how they will respond.
If you got away with the equivalent of 600 million USD in crypto coins, would you return them? That seems to be what the culprit of one of the largest crypto heists to date has done – sort of. The platform PolyNetwork reported this month that most of the money had been returned. As of reporting, 33 million USD still had yet to be transferred back, and some $268 million was still locked in a password-protected fund.
PolyNetwork is a DeFi system using blockchain to allow trading activities like a traditional banking service. The hacker, who reportedly did this “just for fun”, exploited a vulnerability in the code to transfer the crypto coins to their own anonymous account – and always planned to return the money. As for when PolyNetwork could expect to have the final amount released? The hacker said that they would do so “when everyone is ready”.
The director of the Navy’s cybersecurity division, Rear Adm. Susan BryerJoyner, said this month that it had been a challenge to move from “RMF of yesterday to RMF of tomorrow, where I have cloud-based environments.” This comment comes after a panel on cyber threats in early August, where the Navy’s cyber resilience was described as lagging behind the pace of rapidly changing needs. The biggest problem, according to BryerJoyner, is the mindset of DevSecOps. Modernization has been a challenge with both the infrastructure and the approach. Part of the solution has been a “Rapid Assess and Incorporate Software Engineering process”, which has led to the creation of more teams to test weak spots as threats are spotted.
We hope you found something of interest from this roundup. Did we miss anything for August? If another story caught your eye this month, let us know what you want us to cover. Check back in next month for the latest cybersecurity news roundup.