2021 Security for Week 26 Roundup

-

 

Summary:

This week we have an update on the Tulsa Oklahoma Ransomware attack and data breach as well as an update on the Ireland health system breach by the same group.  NBC and others have recaps of water security.  Several groups are doing cybersecurity exercises and this included a grid attack simulation.  

News

Tulsa Oklahoma Ransomware Attack

 As previously noted (https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html) Tulsa was the victim of a Ransomware Attack.  Now it appears that some of the breached data (18,000 + files) has been released.  This again points to the danger of paying the ransom as it appears there is little honor among the hackers.  It should be noted that Conti (the suspected group behind the attack) has a long history of this.


Official press release


Conti attack against Ireland Health system

HSE Chief executive Paul Reid said the overall cost of the attack first reported 6 weeks ago (https://yasb2018.blogspot.com/2021/06/2021-week-20-23-security-roundup.html) could rise to half a billion euro or more.  These costs include the ransom, services, upgrades, and other capital costs.  He also irritated that there will no doubt be ongoing costs both financial and personal for those affected.  In related news, it appears that so far 75% of the servers have been decrypted since paying the ransom.  Again underscoring the slow recovery even when paying the ransom.  

Review of Water cybersecurity

The Water Sector Coordinating Council announced the result of their water and wastewater survey.  
NBC also did a review of the current state of cybersecurity for the U.S. water system 


Electric meters hacked to get outage information

A Texas hacker, frustrated at the refusal to say who was and who wasn't subjected to blackouts, has released information himself.  He was able to get the data by hacking smart meters from 
Landis+Gyr which are used extensively in Texas.  By wardriving, he was able to get the uptime from the meters and then compiled the data to see if there were trends.  While this data may not be too sexy, it does allow a potential attacker to gain insight as to the infrastructure capabilities of buildings and their perceived importance to grid operators.  This could potentially disclose hidden government buildings, R&D firms, or other targets of interest.

National guard performs Electric Grid simulation

National Guardsmen just completed a two-week training exercise called Cyber Yankee.  This is an annual training event that brings guardsmen from throughout the New England region to test their responses and to promote collaboration between the Guard and private/public partners.  This year's scenario was a ransomware attack against the nation's power grid.  This gave the units a chance to exercise the new Cyber 9-Line system that was developed by the U.S. Cyber Commands for cyber units to use as a template for communication of cyber events.  

US Cyber Command leads its annual Cyber Flag competition

The U.S. cyber command held its largest Cyber Flag competition in which 430 cyber professionals on 17 teams from the United States, the United Kingdom, and Canada try and defend against virtual attacks.  While we don't know the actual scenarios, the focus is said to be timely and include things that were likely in the news.  The hope is going forward they will be able to test out-of-the-box attacks to help defend against attacks that have not been tried before.

Workforce West Virginia 

It appears that on April 13, 2021 Workforce West Va learned of a data breach.  Not a lot of information but it appears that they have sent notifications to those affected.  


NSA working with private industry

The United States National Security Agency (NSA) has announced that they were working with government and civilian partners to help harden the networks of systems in the United States.  One of the first initiatives was funding for MITRE's research for the D3FEND protocol to improve upon the existing ATT&CK framework.  D3FEND includes models for countering common attack techniques and gives backing to the defensive techniques to help defenders better understand the technologies and techniques being used.  

NSA Release

Legislative actions 

A group of bipartisan United States House of Representatives lawmakers introduced the American Cybersecurity Literacy Act.  The goal of this act would be to require the National Telecommunications and Information Administration (NTIA) to create a cyber literacy campaign.  The purpose would be to help the American public to stay safe online and hopefully prevent cyber attacks.


Jobs

The city of Enid Oklahoma is looking for a Network Specialist.  Check the link for more information.
Location: Oklahoma City, OK, USA

Comments

Post a Comment

Popular posts from this blog

2021 Week 11 Security Roundup

-
  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   News Windows Outlook Vulnerability The 0-Day for Microsoft Exchange Server keeps making news.  Over the course of the week threat actors outside of the Haifum Chinese cyber espionage group started to take advantage of the exploit.  Many new breaches were identified over the weekend as organizations large and small rushed to update vulnerable servers.  From the briefings I have sat through over the last week or so, I can only add my echo to the chorus saying that you should immediately patch your on-premises version of Outlook.  Here are some of the developments that we have seen: ZDNet a
Read more

2021 Weeks 32-40 Security Roundup

-
  Summary Let me apologize for the long delay right upfront.  First, we had a round of Covid in the household in a person who is immune-compromised.  Next, I started a new semester in college and the workload was far greater than I expected.  Lastly, this is the start of the budget year for us and I had several projects that have demanded almost every second of my work time.  I hope to get back to weekly updates by November. Lots of news that covers:  health care, education, infrastructure, and SLTT governments around the world.  Since I am hitting the length limitations of Blogger, I will simply invite you to read and try and get caught up yourself.  News UC San Diego Health sued over breach In what is becoming a growing trend UC San Diego Health is being sued for failure to have proper data protection protocols.  The suit is citing breach of contract, negligence, and violating California consumer and medical privacy laws.  Specifically, the suit alleges failure to adequately train em
Read more

2021 Week 29 Security Review

-
  Summary Sorry, this was late this week.  I was in training on Friday with the good folks at the LSU Academy of Counter-Terrorist Education.  If you are a Tribal or other American first responder or researcher in the field of terrorism and not taking advantage of their amazing resources, please check them out at  https://www.ncbrt.lsu.edu/ . Not a lot of new things this week.  There was an update from the City of Tulsa and their breach.  We also saw REvil disappear from both the Web and the dark Web.  Lastly, CIS tools are taking the forefront in the defensive posture of the SLTT landscape. News City of Tulsa Oklahoma breach Tulsa, which was breached back in May ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ), has announced that at least 27 people had their Social Security number accessed.  The city said they have attempted to reach out to those affected.  To date, more than 18,000 files from the hack have been released to the dark web. https://www.securit
Read more