2021 Week 14 Security Summary

-

 

Summary

There was not a lot of activity of general interest this week.  Industrial control systems (ICS) security kind of had a spotlight on it.  ICS security is included in this blog as many local governments are responsible for power and water production and/or distribution.  Another hot topic was educational security, and I outline a couple of individual cases as well as general information.


News

Kansas water utility hack

The DOJ announced they were inditing Wyatt Travnichek for hacking the Ellsworth Rural Water District No. 1 (AKA Post Rock Rural Water District) in Ellsworth County, Kansas In March 2019.  The DOJ is claiming that Travnichek tampered with the water purification and disinfecting systems via computers with the intent of causing harm.  If found guilty on all charges he faces 25 years in prison.  It appears that he was a former employee that had remote access privileges.  Apparently, when his employment ended in January 2019, his remote access was not revoked, which allowed him to remotely access the services from a Samsung smartphone.  A representative for the water utility indicated that there were no safety impacts as other processes caught the tampering.

 

NIST Election Security Guidance

The National Institutes of Science and Technology (NIST) has a draft of election security recommendations for government entities.  NISTIR 8310 ranges from polling paces procession to cyber threats that can affect voter registration, machines, and networks used during the voting process.  NIST will accept comments on the draft until May 14, 2021.  The guidance is tied to the Cybersecurity Framework version 1.1.  (Will link the framework and the draft below).  This is part of the ongoing process by the government at all levels to defend the election infrastructure of the United States against foreign actors who wish to subvert the process.

NIST documents:



Universities under attack

Several groups have identified an uptick in attacks targeting universities.  This continues the trend seen over the last few weeks.  In one announcement this week the IRS said they had seen an increase in phishing attacks using refund adjustment phishing emails to get credentials to then perform identity theft or gain access to networks.  It was also announced this week even more universities have had data stolen and are being extorted to ensure the data is not released to the world.  Following similar extortion attempts in the last few weeks, the request for payment was sent along with screenshots of sensitive information.  It appears this is part of the same Clop activities, but it was noted that they are not the only actors active.  



The DeKalb County School District announces a 3rd party breach

PCS Revenue Control Ssytems, Inc. sent letters to parents of the school district of a breach that exposed records of school meal programs.  The data included names, id numbers, dates of birth, and social security numbers.  

Broward County Public School (BCPS) attack update

A screenshot was leaked by the Conti gang that shows that the attackers demanded $40,000,000 ransom.  For those not familiar with US public schools, that is an impossible sum.  


Industrial Control Systems (ICS) security news

ICS security was in the news this week.  One survey discovered that there are still challenges in securing the interface between IT and OT networks.  It was also disclosed that A41APT has been implanting back doors into ICS hardware in Japanese manufacturing facilities.  It was also reported this week that attacks using USB devices have nearly doubled.  



Legislative actions 

The U.S. breach disclosure bill is moving forward.  This bill will require any company that is serving critical infrastructure to disclose any cybersecurity breaches.  

President Biden extended Executive Order 13694, first issued in 2015 by Obama, which allows authorities to block the property of groups engaging in "significant malicious cyber-enabled activities."  It would seem that if we have had this EO since 2015, it may be worthwhile to encode it in our legal framework.


Comments

Post a Comment

Popular posts from this blog

2021 Week 11 Security Roundup

-
  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   News Windows Outlook Vulnerability The 0-Day for Microsoft Exchange Server keeps making news.  Over the course of the week threat actors outside of the Haifum Chinese cyber espionage group started to take advantage of the exploit.  Many new breaches were identified over the weekend as organizations large and small rushed to update vulnerable servers.  From the briefings I have sat through over the last week or so, I can only add my echo to the chorus saying that you should immediately patch your on-premises version of Outlook.  Here are some of the developments that we have seen: ZDNet a
Read more

2021 Weeks 32-40 Security Roundup

-
  Summary Let me apologize for the long delay right upfront.  First, we had a round of Covid in the household in a person who is immune-compromised.  Next, I started a new semester in college and the workload was far greater than I expected.  Lastly, this is the start of the budget year for us and I had several projects that have demanded almost every second of my work time.  I hope to get back to weekly updates by November. Lots of news that covers:  health care, education, infrastructure, and SLTT governments around the world.  Since I am hitting the length limitations of Blogger, I will simply invite you to read and try and get caught up yourself.  News UC San Diego Health sued over breach In what is becoming a growing trend UC San Diego Health is being sued for failure to have proper data protection protocols.  The suit is citing breach of contract, negligence, and violating California consumer and medical privacy laws.  Specifically, the suit alleges failure to adequately train em
Read more

2021 Week 29 Security Review

-
  Summary Sorry, this was late this week.  I was in training on Friday with the good folks at the LSU Academy of Counter-Terrorist Education.  If you are a Tribal or other American first responder or researcher in the field of terrorism and not taking advantage of their amazing resources, please check them out at  https://www.ncbrt.lsu.edu/ . Not a lot of new things this week.  There was an update from the City of Tulsa and their breach.  We also saw REvil disappear from both the Web and the dark Web.  Lastly, CIS tools are taking the forefront in the defensive posture of the SLTT landscape. News City of Tulsa Oklahoma breach Tulsa, which was breached back in May ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ), has announced that at least 27 people had their Social Security number accessed.  The city said they have attempted to reach out to those affected.  To date, more than 18,000 files from the hack have been released to the dark web. https://www.securit
Read more