US government wants to learn more from recent major hacks

(Image credit: Shutterstock)

The United States Government has formed a new organization that aims to improve the country’s cybersecurity posture and make sure the country learns from previous attacks and incidents.

The new Cyber Safety Review Board (CSRB) is similar in design to the National Transportation Safety Board (NTSB), an organization investigating traffic disasters and similar accidents.

However, unlike NTSB’s five members, CSRB will have 15, with Homeland Security undersecretary for policy Robert Silvers serving as chair, and Google’s security engineering chief Heather Adkins as deputy chair.

Analyzing log4j

The organization hopes its work will “generate many lessons learned for the cybersecurity community,” and also on the board is Rob Joyce, director of cybersecurity at the National Security Agency, Dmitri Alperovitch, co-founder and chairman of Silverado Policy Accelerator, and Katie Moussouris, a bug bounty pioneer who founded and heads Luta Security.

For starters, the board will focus on the log4j vulnerability, which is still being exploited by “a growing set of threat actors”.

In early December last year, a highly potent zero-day vulnerability was discovered in the popular Java logging framework log4j. Tracked as CVE-2021-44228, it allows malicious actors to run virtually any code on an endpoint. The knowledge threshold is very low, meaning even low-skilled attackers can abuse it.

> Log4j attacks are still a major threat, warns Microsoft

> Yet another Log4j patch hoovers up new remote code execution bug

> White House calls summit on open source security following Log4j attacks

The flaw is being compared to the 2017 issue which led to the Equifax hack, leading to the personal data of almost 150 million people being exposed. Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) described it as “one of the most serious” flaws she’s seen in her entire career, “if not the most serious”.

So far, experts have discovered multiple use cases for the vulnerability: to install malware, cryptominers, to add the devices to the Mirai and Muhstik botnets, to drop Cobalt Strike beacons, to scan for information disclosure, or for lateral movement throughout the affected network.

Also check out our list of the best firewalls right now

Via: TechCrunch

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.