The Week in Security: CISA operationalizes software supply chain security, GuLoader targets e-commerce

This week: CISA’s newest office is working to operationalize cyber supply chain risk management (C-SCRM). Also: a GuLoader malware campaign is targeting the global e-commerce industry.

This Week’s Top Story

CISA's newest office to offer guidance on cyber supply chain security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is making arrangements to build a new office centered on cyber supply chain risk management (C-SCRM), says Federal News Network. The office is being created in an effort to assist government and industry entities in putting C-SCRM into practice, based on the various guidelines and policies put into effect in recent years.

The idea for the C-SCRM office grew out of the Federal Acquisition Security Council (FASC), a new council created by the 2018 SECURE Act and responsible for developing government-wide policies and criteria for securing IT supply chains.

Shon Lyublanovits, a former General Services Administration official, has been tapped to lead the new office. During her speech at a recent GovExec event, she noted that agencies are struggling to implement proper C-SCRM because they don’t know where to start, or how to get their leadership on board with implementing these recommended policy changes. Lyublanovits also stressed that she hopes to create a “roadmap” that entities can use to make improvements moving forward.

For one of its first initiatives, CISA’s C-SCRM office is planning to release training courses on supply chain risk management, as well as a series of roundtables focused on “operationalizing C-SCRM,” according to Lyublanovits. The programming will offer different tracks for a variety of stakeholders: federal employees, industry, and all levels of government (state, local, etc.).

News Roundup

Here are the stories we’re paying attention to this week…

GuLoader malware using malicious NSIS executables to target E-commerce industry (The Hacker News)

E-commerce firms in South Korea and the U.S. are at the receiving end of an ongoing GuLoader malware campaign, cybersecurity firm Trellix disclosed last month. The malspam activity is notable for transitioning away from malware-laced Microsoft Word documents to NSIS executable files for loading the malware.

Royal Mail faces threat from ransomware group LockBit (Reuters)

The UK's Royal Mail is facing a threat from the ransomware group LockBit. This ransomware attack comes on the heels of another “cyber incident” at the Royal Mail, which was reported in January.

Matthew Arnow, Head of Public Sector Solutions at Tidelift, warned that the increasing reliance on open source software poses security risks to avionics (Avionics International)

"Over the past decade, all industries—including the aviation industry—have seen a large increase in the amount of open-source software being used in applications... However, it often comes with hidden security and maintenance risks including internal open-source security and maintenance and external open-source software supply chain resilience challenges."

Ransomware outbreak hits Florida Supreme Court, U.S. and European universities (Reuters)

A global ransomware outbreak has scrambled servers belonging to Florida's Supreme Court and several universities in the U.S. and Central Europe. Those organizations are among more than 3,800 victims of a fast-spreading digital extortion campaign that locked up thousands of servers in Europe over the weekend.

Linux variant of Clop ransomware spotted, but uses faulty encryption algorithm (The Hacker News)

"The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying the ransom," SentinelOne researcher Antonis Terefos said in a report shared with The Hacker News.