2021 Week 28 security roundup

-

 

Summary

Almost all the news this week was dominated by the Kaseya breach which allowed REvil to gain access to and encrypt the systems of 1500+ organizations.  This might end up being even bigger than the Solarwinds attack.  I did not include articles about the PrintNightmare due to it being a more generalized OS Zero-day.  If, you use Microsoft products, however, I strongly encourage you to get up to speed on this issue.

Outside of the Kaseya issue, there was also news of new and old attacks against infrastructure components, most notably a couple of water plants that were breached.  

News

Kaseya breach

The technology services company Kaseya had a backdoor in one of their popular remote access applications that allowed bad actors to gain access to thousands of entities over the long weekend, including governments of all sizes.  The backdoor was a Zero-Day bug that was quickly exploited and timed for the U.S. long holiday weekend.  While not as popular as the Solarwinds software, Kaseya's VSA is still a widely used application platform. More to the point for this event, Managed Service Providers can perform actions on client systems which is why so many organizations were affected.  The Russian hacking group REvil (or at least one of their affiliates) has taken responsibility for the attack and initially demanded $70 to unlock all files worldwide.  It should be noted that in a departure from REvil's normal process, it appears this attack did not allow for data exfiltration nor were their deletion of backups, so early reporting is indicating few victims are paying.  

Company Statement:



Attackers ramping up attacks on Industrial Control Systems (ICS)

Yet another organization that is saying that the bad guys are focusing efforts on the systems that make water, power, and factories work.  If you defend such systems, your work is cut out for you.  Another report indicated that while attacks are up, the vast majority of the public throughout the industrialized world does not even know of the risks to our world.

Wiregrass Electric Cooperative hacked

Wiregrass Electric Coop was breached over the 4th of July weekend, but they say no data was compromised.  

WSSC Water had a Ransomware attack

WSSC Water was attacked by ransomware back in May.  They are now reporting that the attack was repelled and remediated within hours.  What they are now reporting is that several internal files were compromised.  The company credits true air-gapped networks and effective backups that allowed them to quickly restore affected systems.


Legislative actions 

The Federal Cybersecurity Workforce Expansion Act is getting strong by-partisan support.  The bill seeks to strengthen the U.S. Cyber workforce by allowing the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Veterans Affairs to create apprenticeship programs.  The law sets a 2-year timeline to create the program at CISA.  The VA would be granted one year to create a program that would transition military personnel into cybersecurity jobs.



Location: Oklahoma City, OK, USA

Comments

Post a Comment

Popular posts from this blog

2021 Week 11 Security Roundup

-
  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   News Windows Outlook Vulnerability The 0-Day for Microsoft Exchange Server keeps making news.  Over the course of the week threat actors outside of the Haifum Chinese cyber espionage group started to take advantage of the exploit.  Many new breaches were identified over the weekend as organizations large and small rushed to update vulnerable servers.  From the briefings I have sat through over the last week or so, I can only add my echo to the chorus saying that you should immediately patch your on-premises version of Outlook.  Here are some of the developments that we have seen: ZDNet a
Read more

2021 Weeks 32-40 Security Roundup

-
  Summary Let me apologize for the long delay right upfront.  First, we had a round of Covid in the household in a person who is immune-compromised.  Next, I started a new semester in college and the workload was far greater than I expected.  Lastly, this is the start of the budget year for us and I had several projects that have demanded almost every second of my work time.  I hope to get back to weekly updates by November. Lots of news that covers:  health care, education, infrastructure, and SLTT governments around the world.  Since I am hitting the length limitations of Blogger, I will simply invite you to read and try and get caught up yourself.  News UC San Diego Health sued over breach In what is becoming a growing trend UC San Diego Health is being sued for failure to have proper data protection protocols.  The suit is citing breach of contract, negligence, and violating California consumer and medical privacy laws.  Specifically, the suit alleges failure to adequately train em
Read more

2021 Week 29 Security Review

-
  Summary Sorry, this was late this week.  I was in training on Friday with the good folks at the LSU Academy of Counter-Terrorist Education.  If you are a Tribal or other American first responder or researcher in the field of terrorism and not taking advantage of their amazing resources, please check them out at  https://www.ncbrt.lsu.edu/ . Not a lot of new things this week.  There was an update from the City of Tulsa and their breach.  We also saw REvil disappear from both the Web and the dark Web.  Lastly, CIS tools are taking the forefront in the defensive posture of the SLTT landscape. News City of Tulsa Oklahoma breach Tulsa, which was breached back in May ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ), has announced that at least 27 people had their Social Security number accessed.  The city said they have attempted to reach out to those affected.  To date, more than 18,000 files from the hack have been released to the dark web. https://www.securit
Read more