2021 Week 29 Security Review
Summary
Sorry, this was late this week. I was in training on Friday with the good folks at the LSU Academy of Counter-Terrorist Education. If you are a Tribal or other American first responder or researcher in the field of terrorism and not taking advantage of their amazing resources, please check them out at https://www.ncbrt.lsu.edu/.
Not a lot of new things this week. There was an update from the City of Tulsa and their breach. We also saw REvil disappear from both the Web and the dark Web. Lastly, CIS tools are taking the forefront in the defensive posture of the SLTT landscape.
News
City of Tulsa Oklahoma breach
Tulsa, which was breached back in May (https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html), has announced that at least 27 people had their Social Security number accessed. The city said they have attempted to reach out to those affected. To date, more than 18,000 files from the hack have been released to the dark web.
REvil taken down?
REvil suddenly disappeared from the web this week. Some have speculated that a nation-state actor did it, but the growing consensus is that they are the ones who pulled their own plug. The current theory among those in the intelligence and dark web community is that the group is simply regrouping and will emerge as another entity. One thing that did come of the investigation into them was an even more clear linkage between REvil and the Russian Federation. It could be that this may have been the reason for the takedown, as more and more investigators were digging into the back end of the company in an attempt to get to those ultimately involved in the organization.
The Biden Administration recommends schools take advantage of MS-ISAC
With the increase in attacks from k-12 schools in the United States, the Biden administration is pushing for schools to join the MS-ISAC so they can take advantage of the free tools offered there. The bad actors have identified schools as prime targets as they are opening up their networks to remote services and have incentives to pay to get data back or keep it from being disclosed.
If you are not familiar with MS-ISAC they are part of the greater Information Sharing and Analysis Centers (ISAC's) are member-driven organizations that collaborate to bring threat intelligence to different segments of ... well everything. There is an ISAC for just about every business and government segment you can imagine. Most are non-profit or not-for-profit and membership can cost anything from free to something based on the size of the member organization. In the case of the MultiState Information Sharing and Analysis Center (MS-ISAC), it is free to join for all State Local Tribal and Territorial government employees. The federal government chips in to make membership free and to pay for member services like a free membership to the Center of Internet Security (CIS) which produces the CIS images and controls that are used throughout the computer world to enforce industry security best practices. For more information about ISAC's in general and the MS-ISAC in particular, check out the links below.
ISAC information
https://www.nationalisacs.org/ National ISAC's
https://www.cisecurity.org/ms-isac/ The Multi-State ISAC
Legislative actions
In another example of the MS-ISAC's growing popularity, Connecticut, Nevada, Idaho, Ohio, and Utah passed laws to encourage the usage of CIS controls. By having more and more SLTT entities hardening their systems and networks, the number of attacks will decrease.
Comments
Post a Comment