2021 Week 16 Security Roundup

-

 

Summary

While I initially thought this would be a slow news week, several articles of interest came out later in the week.  Probably the biggest thing of note is the Biden administration going all in to point the finger at nation-state actors and their attacks against U.S. and allied targets.  

News

National assessment

Normally I try and skip a lot of reports put out by the national intelligence agencies as they are normally focused on the bigger picture and not on SLTT issues.  I have decided to link to the first worldwide threat assessment report in a couple of years because 1) it has been a while since the U.S. has publically acknowledged that we have a cyberwar going on and 2) they mention specifically the risks to utilities and governments at all levels in the United States (and its allies).  
The main takeaways from the report are that even if the United States may have taken a break (which I suspect regardless of the guidance from the Executive branch it has not) the major threat actors have not passed.  They mention specifically: 
Russia and their use of backdoors in Windows Exchange and Active Directory to gain access to government and infrastructure organizations.  
North Korea and its attacks against financial institutions and use of cyber fraud to fund offensive weapons programs.  It warns that even if there is no evidence that they have attacked infrastructure organizations, they do have the experience and capabilities that are at least a match for Russia and have the potential to pivot to infrastructure attacks.
Iran has shown a really strong ability to launch influence campaigns against U.S. elections at all levels.  Mostly they are doing this through a network of social media influencers.
Lastly, and for the first time officially, they list China as a major operator.  The report mentions that China viewed the tariff increases in 2018 as a point of stress in U.S. China relations and increased their attack posture accordingly.  The report warns that Chana has the ability to launch cyberattacks that can cause local disruptions to critical infrastructure in the United States.  Of special note to SLTT's is the fact that China has focused on attacks on managed service providers.  While not linked to China actors, the attacks against the Texas SLTT's last year and the attacks this winter against several schools which turned out to be managed service providers that had access to the systems but were themselves breached.

The Report


Biden Administration to focus on Cyber Security

The incoming head of the Department of Homeland Security (DHS) gave a speech outlining his agenda for the department in regards to cybersecurity.  While there were several things of national interest, he also said he is pushing for enhanced funding for the Cybersecurity and Infrastructure Security Agency (CISA) to allow them to enhance their services to state and local governments.  


Russian Foreign Intelligence (SVR) officially named as Solarwinds and Outlook threat actor

While none in the intelligence or cyber defense worlds had any question, in a new twist, the United States officially named Russia and even expelled diplomats over probably 2 of the biggest hacks in recent history (among others) and attempts to interfere with free elections.  In the past, it seems everyone winked and nodded at the hacking names used by some of the world's highest-profile threat actors, and much like James Bond, everyone in the community knew who these groups work for.  It is unclear what effect this public naming will have, but the Biden administration has shown they are not afraid to name names and keep it real.  It should also be noted that soon after the US made such a public declaration, many allies to include the United Kingdom, Canada, the European Union, and NATO also added their names to the list of complainants.



Official Bulletins 




Water Security

Fitch Ratings (one of America's major credit rating organizations) is warning that threats against water and sewer utilities are high enough to impact their ability to repay debt.  This is another reason why cybersecurity needs to be taken seriously in the utility sector.  


Power Security

The EI-ISAC has warned us of a massive uptick in cyber attacks of various kinds in the last year.  They outline many reasons, but at the core, it is back to threat actors taking advantage of the fear and confusion caused by the disruptions that have happened in response to COVID-19.  There is also a continued emphasis by nation-state actors to target the United States and its allies' critical infrastructure to include power distribution, transmission, and billing services.

911 Security

Palm Beach County, Florida is testing a technology that will seek to use AI to detect vulnerabilities and any intrusions.  Over the coming months the project, which is under the guidance of the Department of Homeland Security's Science and Technology Directorate (S&T), will be expanded to several other emergency communications centers.  S&T is contracting SecuLore Solutions as the commercial partner.  It is hoped that they can use the intelligence and lessons from this experiment and come up with a plan that can be used to secure legacy communications systems nationwide.

Bugs in OpENer

The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory (link below) that warns of vulnerabilities in the OpENer stack that exposes Industrial Control Systems (ICS) to denial-of-service (DoS) attacks.  It should be noted that none of these exploits have yet been seen to have been used in the wild.  These CVE's are:  CVE-2021-27478, CVE-2021-27482, CVE-2021-27500, and CVE02021-27498.  The advisory warns all users to update to the latest version and to examine their security posture.

Bulletin




Legislative actions 

Representative Yvette Clarke is once again pushing to include cybersecurity wording in infrastructure bills.  This time it is the American Jobs Plan, the $2.25 trillion infrastructure package championed by the Biden administration.  The bill would direct money to modernized and expand our nation's power grid, among other initiatives, but it currently has no money nor guidance about the cyber defense of those pieces. Her proposal would be to simply add guidance that allowed for the inclusion of cyber defense to the expenditures.  

The heads of several intelligence agencies in the US added their names to the growing lists of those supporting a mandatory breach notification law mentioned in Week 14 (https://yasb2018.blogspot.com/2021/04/2021-week-14-security-summary.html).   This bill would make it mandatory for businesses in several key sectors to make notices of breaches public in a timely manner.   The compelling argument for the law is that around 90% of key infrastructure in the United States is under the control of private entities.


Jobs

The city of Enid Oklahoma has a Network Specialist position open.  To find out more about it and apply check out the link here:

Location: Oklahoma City, OK, USA

Comments

Post a Comment

Popular posts from this blog

2021 Week 11 Security Roundup

-
  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   News Windows Outlook Vulnerability The 0-Day for Microsoft Exchange Server keeps making news.  Over the course of the week threat actors outside of the Haifum Chinese cyber espionage group started to take advantage of the exploit.  Many new breaches were identified over the weekend as organizations large and small rushed to update vulnerable servers.  From the briefings I have sat through over the last week or so, I can only add my echo to the chorus saying that you should immediately patch your on-premises version of Outlook.  Here are some of the developments that we have seen: ZDNet a
Read more

2021 Weeks 32-40 Security Roundup

-
  Summary Let me apologize for the long delay right upfront.  First, we had a round of Covid in the household in a person who is immune-compromised.  Next, I started a new semester in college and the workload was far greater than I expected.  Lastly, this is the start of the budget year for us and I had several projects that have demanded almost every second of my work time.  I hope to get back to weekly updates by November. Lots of news that covers:  health care, education, infrastructure, and SLTT governments around the world.  Since I am hitting the length limitations of Blogger, I will simply invite you to read and try and get caught up yourself.  News UC San Diego Health sued over breach In what is becoming a growing trend UC San Diego Health is being sued for failure to have proper data protection protocols.  The suit is citing breach of contract, negligence, and violating California consumer and medical privacy laws.  Specifically, the suit alleges failure to adequately train em
Read more

2021 Week 29 Security Review

-
  Summary Sorry, this was late this week.  I was in training on Friday with the good folks at the LSU Academy of Counter-Terrorist Education.  If you are a Tribal or other American first responder or researcher in the field of terrorism and not taking advantage of their amazing resources, please check them out at  https://www.ncbrt.lsu.edu/ . Not a lot of new things this week.  There was an update from the City of Tulsa and their breach.  We also saw REvil disappear from both the Web and the dark Web.  Lastly, CIS tools are taking the forefront in the defensive posture of the SLTT landscape. News City of Tulsa Oklahoma breach Tulsa, which was breached back in May ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ), has announced that at least 27 people had their Social Security number accessed.  The city said they have attempted to reach out to those affected.  To date, more than 18,000 files from the hack have been released to the dark web. https://www.securit
Read more