Yet Another Security Blog

  Summary Slowly trying to bring this back since I have found no other place that collects this exact information.  My also add a podcast feature around the first of the year. News CISA is exploring becoming a managed service provider of cybersecurity services to critical infrastructure entities.  This is part of the ongoing efforts by the U.S. to take an expansive approach to cybersecurity.  https://securityboulevard.com/2023/11/cisa-to-provide-cybersecurity-services-to-critical-infrastructure-entities/ https://therecord.media/cisa-launches-pilot-program-offering-services-to-critical-infrastructure?&web_view=true SLTT The City of Long Beach, California is deciding whether to declare a state of emergency in regards to their cyber incident that struck systems on the 14th.  The attack affected public-facing services as well as some business operations but appears to have spared the public safety systems. https://www.govtech.com/security/long-beach-calif-mulls-emergency-declaration-ov

  Summary A lot of activity in the general SCADA world as well as healthcare, education, and city government.  We also have news of legislation as the budget year ramps up for its start of the year activities.   News IBM's Cost of Data Breach report for 2022 has been released.  It indicates that last year the average cost of a data breach is $4.35 million.  It also reports that 83% of the organizations in the report have been a victim more than once.  80% of infrastructure organizations did not have a zero trust model in place.  Also of note is that paying the ransom only saved about $600,000 overall as most of the costs are associated with civil suits and addressing the fallout of the incident.   https://cyware.com/news/ibm-2022-report-cost-of-a-data-breach-at-an-all-time-high-9303d2b3 https://newsroom.ibm.com/2022-07-27-IBM-Report-Consumers-Pay-the-Price-as-Data-Breach-Costs-Reach-All-Time-High SLTT There has been a data breach of the retirement system of the City of Detroit.  PI

 Summary Almost all tracked areas had some news this week.  It appears that there is again an uptick in activity targeting infrastructure at all levels.   News SLTT Puerto Rico partnered with the Multi-State Information Sharing and Analysis Center (MS-ISAC) to get 24/7 Security Operations Center (SOC) monitoring of its networked assets.  This will supplement the SOC they staffed in 2021 after a string of cyber attacks. https://www.govinfosecurity.com/puerto-rico-commits-76m-to-boost-cybersecurity-a-19550 Sophos reports that ransomware attacks on education institutions rose in the last year.  Some key points are that 56% of lower education respondents had been victims, 64% for higher education. and 60% of all education institutions had some kind of successful attack which is 44% higher than last year.   https://www.infosecurity-magazine.com/news/ransomware-attacks-education-rise/ https://assets.sophos.com/X24WTUEQ/at/pgvqxjrfq4kf7njrncc7b9jp/sophos-state-of-ransomware-education-2022-wp.

  Summary I am experimenting with releases on Mondays.  We will see how this works. Continues to be pretty slow news on the SLTT and Infrastructure fronts.  The biggest newsmaker was MI5 and the FBI giving a joint warning about China's efforts to steal intellectual property from the West. News In a first-of-its-kind announcement, Great Britain's MI5 and the United States' FBI have released a joint warning on China's threat to industry and academia.  They pointed out that Communist China leaders have made establishing China as a world economic powerhouse by acquiring intellectual property from the rest of the world a primary goal.  The FBI in particular has been warning of this in recent years as they have made several high-profile arrests that I have covered in previous posts.   https://www.infosecurity-magazine.com/news/fbi-mi5-bosses-warn-massive-china/?&web_view=true https://www.theguardian.com/world/2022/jul/06/fbi-mi5-china-spying-cyberattacks-business-economy

  Summary Mostly SCADA stuff the last two weeks.  It seems that the bad guys like to coordinate and cycle.  On a positive note, Biden signed 2 cybersecurity bills in to law! News SCADA/IOC general Researchers with Forescout have announced 56 issues in 26 devices from 10 different companies (enough numbers for you?).  They have named the collective issues  OT:ICEFALL (link below).  The devices all suffer from poor design practices that made them insecure out of the box.  To keep from having more numbers, I will reframe from too deep a dive into the different issues, but if you have any of the affected devices, you should remediate them to the best of your ability. ( https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj0y073EMjXAssRTlpNziUUmiFxyzSK0i0GB-nY48yG2x90XiNqXt2YfNYZ2DAc4zpyvKeU1vSUF7Z1Cior65QiVpZMGgYkgY-tIIVdDaPQ5uGwlssXoIwzydDptaGdUGjlKfgqI-mfr4qxyu3LxmBrCNcLzdTaETnJIqay2H1tgZEuITeT3Hf1U2l_/s728-e100/flaws.jpg ) Here are the CVE's so it is easy to find: CVE-2022-2995