Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week: CISA’s newest office is working to operationalize cyber supply chain risk management (C-SCRM). Also: a GuLoader malware campaign is targeting the global e-commerce industry.
This Week’s Top Story
CISA's newest office to offer guidance on cyber supply chain security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is making arrangements to build a new office centered on cyber supply chain risk management (C-SCRM), says Federal News Network. The office is being created in an effort to assist government and industry entities in putting C-SCRM into practice, based on the various guidelines and policies put into effect in recent years.
The idea for the C-SCRM office grew out of the Federal Acquisition Security Council (FASC), a new council created by the 2018 SECURE Act and responsible for developing government-wide policies and criteria for securing IT supply chains.
Shon Lyublanovits, a former General Services Administration official, has been tapped to lead the new office. During her speech at a recent GovExec event, she noted that agencies are struggling to implement proper C-SCRM because they don’t know where to start, or how to get their leadership on board with implementing these recommended policy changes. Lyublanovits also stressed that she hopes to create a “roadmap” that entities can use to make improvements moving forward.
For one of its first initiatives, CISA’s C-SCRM office is planning to release training courses on supply chain risk management, as well as a series of roundtables focused on “operationalizing C-SCRM,” according to Lyublanovits. The programming will offer different tracks for a variety of stakeholders: federal employees, industry, and all levels of government (state, local, etc.).
Here are the stories we’re paying attention to this week…
E-commerce firms in South Korea and the U.S. are at the receiving end of an ongoing GuLoader malware campaign, cybersecurity firm Trellix disclosed last month. The malspam activity is notable for transitioning away from malware-laced Microsoft Word documents to NSIS executable files for loading the malware.
The UK's Royal Mail is facing a threat from the ransomware group LockBit. This ransomware attack comes on the heels of another “cyber incident” at the Royal Mail, which was reported in January.
"Over the past decade, all industries—including the aviation industry—have seen a large increase in the amount of open-source software being used in applications... However, it often comes with hidden security and maintenance risks including internal open-source security and maintenance and external open-source software supply chain resilience challenges."
A global ransomware outbreak has scrambled servers belonging to Florida's Supreme Court and several universities in the U.S. and Central Europe. Those organizations are among more than 3,800 victims of a fast-spreading digital extortion campaign that locked up thousands of servers in Europe over the weekend.
"The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying the ransom," SentinelOne researcher Antonis Terefos said in a report shared with The Hacker News.