Yet Another Security Blog

  Summary: This week we have an update on the Tulsa Oklahoma Ransomware attack and data breach as well as an update on the Ireland health system breach by the same group.  NBC and others have recaps of water security.  Several groups are doing cybersecurity exercises and this included a grid attack simulation.   News Tulsa Oklahoma Ransomware Attack  As previously noted ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ) Tulsa was the victim of a Ransomware Attack.  Now it appears that some of the breached data (18,000 + files) has been released.  This again points to the danger of paying the ransom as it appears there is little honor among the hackers.  It should be noted that Conti (the suspected group behind the attack) has a long history of this. https://edition.cnn.com/2021/06/23/us/tulsa-cyberattack-personal-information-dark-web/index.html?&web_view=true https://kfor.com/news/local/ransomware-attackers-release-18000-city-of-tulsa-files-on-dark-web/ ht

  Summary This week there was quite a bit of activity, including some that hit close to home.  These include ICS security news, more PulseConnect victims, a deep dive at a school system response, and a local hospital that was the victim of ransomware.  Lastly, there is quite a bit of legislative activity with the NATO and G7 summits dominating the news. News SolarWinds hack I have had some who follow my writings here and on social media claim that attributing the SolarWinds attack to Russia is somehow partisan or rash.  The argument seems to be that there is no real proof and instead, the hack was due to some perceived (but unattributed) lack in the operations of the current state of the nation's cyber defense strategy.  If you are one of those, I really implore you to get in to that discussion here.  What can we, the front-line workers in the cyber war front, do to be better at defense, response, and recovery? This week, FireEye, who first identified the hack, released information

  Summary Cybersecurity is getting a lot of attention because of the rash of high-profile attacks.  This week saw more information about some of those attacks as well as new attacks against schools.  We also are starting to get word of past attacks that have had their investigations completed or that were declassified.    News Colonial Pipeline Hack Evidence is mounting that the United States government was the group behind the dismantling of servers operated by the DarkSide hacking group.  The Federal Bureau of Investigations (FBI) announced that they had worked with Colonial Pipeline to recover about $2.3 million worth of bitcoin.  This marks the first such seizure by the newly created Department of Justice digital extortion taskforce (what?  No acronym?  Our federal partners are falling down on the game...).  This is part of the reason, in my opinion, that several of the global hacking organizations are making a change to avoid critical infrastructure.  In effect, we have had a dete

  Summary Sorry for the delay.  I had training for work and a class that I thought would be 6 weeks that turned out to be 3 weeks which took up all my time.  This is longer than normal for that reason and also because there was a lot of news.  I also want to apologize for some formatting issues.  Somehow I managed to break the blogger editor on this post.  It might be because of the size.  Hopefully, all will be back to normal next week. A lot of different topics to cover this week.  Both old and new.  This includes more information on the Darkside attack, several new attacks on local governments, and emerging techniques used by threat actors. News Colonial Pipeline Ransomware Hack We are learning more and more about this and the Monday morning quarterbacks are starting to second-guessing everything.  One thing that has come out is that much like the Ireland HSE attack earlier this year, the decryptor was produced so slowly that Colonial was allegedly able to restore systems without it