2021 Week 13 Security Roundup

-

 

Summary

This week there was not a lot of activity.  We did see quite a bit of news from the SCADA front.  A ransomware campaign has leaked some information in an attempt to get the victims to pay.

News

Power security

The U.S. Department of Energy (DOE) Office of Cybersecurity, Energy Security and Emergency Response (CESER) is pledging to help US energy system operators from the growing cyber and physical threat to their systems.  Some of the announced programs include testing of SCADA systems to assess their vulnerabilities against nation-state actors, research into electromagnetic and geomagnetic protective technologies, and a focus on researching cybersecurity with a goal of fostering well-trained university graduates.  

Dragos warns that they have seen the emergence of new threat actors specifically targeting Industrial Control Systems (ICS) and/or Operational Technology (OT) networks to include power and water systems.  One of these STIBNITE has been found in the wild actively targeting wind generator companies in Azerbaijan.  They gain access via spearphishing campaigns, which use tainted Microsoft documents to install PoetRAT.  

GE's universal relays have vulnerabilities that could allow attackers to access information, reboot the device, gain privileged access or deny access.  The affected relays include:  B30, B90, C30, C60, C70, C95, D30, D60, F35, F60, G30, G60, L30, L60, L90, M60, N60, T35 and T60.  There is an updated version of the UR here:  https://www.gegridsolutions.com/app/viewfiles.aspx?prod=urfamily&type=7&sort=date
The collection of vulnerabilities have been given CVE's of:  CVE-2021027418, CVE-2021-27420, CVE-2021-2742, CVE-2-21-27424, CVE-2-21-27426, CVE-2021-27428, and CVE-2021027430.

 

Clop Ransomware Gang release information from victims    

The data released includes grades and social security numbers (SSN)'s for students at the University of Colorado.  They also released patient information from the University of Miami.  The data was harvested from Accellion FTA servers over the winter.  At this time the data released has been just screenshots of the data with a demand for 10 million dollars worth of bitcoin.  At the time of the initial Accellion attacks, it was announced that affected customers included state and local governments and universities from around the world.


California agency phished

The California State Controllers Office (SCO) Unclaimed Property Division {you know it has to be a government agency with a name like that} was the victim of a successful phish.  The attacker used the credentials harvested to send emails to all the people (~9,000) in the contact list of the victim to attempt to gain more credentials and PII.  The SCO stated that the breach was discovered quickly and remediation was enacted.  It just serves as a reminder that it only takes one person to fall for a credential harvesting phish for the threat actors to gain a foothold. 


Legislative actions 

Oklahoma

Oklahoma's anti-Ransomware law proposal has made national news.  This also includes a discussion of the Ransomware attack on The Village (for those readers outside the OKC area, this is a small town enveloped within Oklahoma City).  There is also reporting on discussions with Matt Singleton who is Oklahoma's CSO.  He points out the need for good relations with state, federal, and local partners and the layered defensive approach to cybersecurity. 


Jobs:

Shawnee Oklahoma:

Under general supervision is responsible to assist in maintaining the computer systems for the City.  Work varies, often requiring individual judgment within well-defined industry standards and procedures.


Comments

Post a Comment

Popular posts from this blog

2021 Week 11 Security Roundup

-
  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   News Windows Outlook Vulnerability The 0-Day for Microsoft Exchange Server keeps making news.  Over the course of the week threat actors outside of the Haifum Chinese cyber espionage group started to take advantage of the exploit.  Many new breaches were identified over the weekend as organizations large and small rushed to update vulnerable servers.  From the briefings I have sat through over the last week or so, I can only add my echo to the chorus saying that you should immediately patch your on-premises version of Outlook.  Here are some of the developments that we have seen: ZDNet a
Read more

2021 Weeks 32-40 Security Roundup

-
  Summary Let me apologize for the long delay right upfront.  First, we had a round of Covid in the household in a person who is immune-compromised.  Next, I started a new semester in college and the workload was far greater than I expected.  Lastly, this is the start of the budget year for us and I had several projects that have demanded almost every second of my work time.  I hope to get back to weekly updates by November. Lots of news that covers:  health care, education, infrastructure, and SLTT governments around the world.  Since I am hitting the length limitations of Blogger, I will simply invite you to read and try and get caught up yourself.  News UC San Diego Health sued over breach In what is becoming a growing trend UC San Diego Health is being sued for failure to have proper data protection protocols.  The suit is citing breach of contract, negligence, and violating California consumer and medical privacy laws.  Specifically, the suit alleges failure to adequately train em
Read more

2021 Week 29 Security Review

-
  Summary Sorry, this was late this week.  I was in training on Friday with the good folks at the LSU Academy of Counter-Terrorist Education.  If you are a Tribal or other American first responder or researcher in the field of terrorism and not taking advantage of their amazing resources, please check them out at  https://www.ncbrt.lsu.edu/ . Not a lot of new things this week.  There was an update from the City of Tulsa and their breach.  We also saw REvil disappear from both the Web and the dark Web.  Lastly, CIS tools are taking the forefront in the defensive posture of the SLTT landscape. News City of Tulsa Oklahoma breach Tulsa, which was breached back in May ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ), has announced that at least 27 people had their Social Security number accessed.  The city said they have attempted to reach out to those affected.  To date, more than 18,000 files from the hack have been released to the dark web. https://www.securit
Read more