2021 Week 30 & 31 Security Roundup

-

 Summary

There was almost no news last week and my day job and personal life meant little time to write summaries so this week we have a larger release.  This includes a disinformation campaign launched against several agencies.  We also had a lot of information about the growing war using operational technology devices to disrupt infrastructure and potentially cause physical harm. There was also some news of municipal breaches.  Finally, we had several bills that were passed or discussed this week.

News

Disinformation Campaigns in the spotlight

I have been sitting on this partially because some of it came from a restricted briefing and some because I was unsure how much was conjecture and how much was based on hard intelligence.  That being said:  More and more "influencers" are coming forward with information about an "influencer marketing agency" by the name of Fazze.  These people were asked to push an anti-vax agenda on their channels and were provided flashy, important-sounding information to back up the misinformation.  This is in line with what was seen in the 3rd world during the Soviet era to discredit U.S. efforts in Africa and South America.  What is different now, is that mostly the same playbooks are being used in 1st world countries like the United States, France, the British Isles, and other European Union countries.  Beyond Covid misinformation other "marketing companies" have solicited people to spread political, science, and free-market disinformation.  Taken as a whole it supports the theory that nation-state actors are working to soften western targets for some, as yet unknown, reason.     

Gartner lays out weaponized operational technology (OT) trends

Gartner reports that the trend to use OT to cause physical harm is moving forward.  We know that there have been a few attacks in the last couple of years where safety protocols were first disabled before DoS or ransomware attacks were established.  The working theory so far has been that this is to keep people busy working on the faults so they do not notice the actual pay-day attack.  However, some have warned that this may be just practice runs for weaponizing OT networks to cause mass injury or death events much like has been seen in unplanned disasters like Bhopal.  Only time will tell, but it underscores the need for OT security to be taken more seriously.

Codesys Industrial Automation software flaws

Researchers disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) that could be used to take control of the company cloud OT infrastructure.  The CVE's are:
CVE-2021-29238
CVE-2021-29240
CVE-2021-29241
CVE-2021-34569
CVE-2021-34566
CVE-2021-34567
CVE-2021-34568

University of California San Diego Health breached

The UC San Diego Health system had a data breach that compromised some of the employee's information and accounts.  The attack was launched through the use of a phishing attack.  

Jefferson Health breach

Jefferson Health is the latest healthcare system to announce their customers were victims of the Elekta breach.  It appears that some patients had their Social Security numbers exposed.  

Mobile County Commission data breach

Mobile Country Alabama notified county employees of a breach where employee data and other information were accessed.  They are working with a 3rd party cybersecurity firm to address the issue.

Thessaloniki has a ransomware attack

Greece's 2nd largest city had a ransomware attack that shut down municipal systems.  The Deputy Mayor of Business Planning said that all the municipality's files are being secured but did not elaborate on how.

Over 80 U.S. Municipalities data breached

It appears that PeopleGIS, which provides mapping and other services to municipalities in the U.S. North East left their Amazon S3 Buckets in a state that allowed them to be exposed to the web.  

South Africa's Port Terminals attacked

On July 22 an ongoing attack started that has forced Transnet to switch to manual processes.  The attack has crippled the operations at many of the seaports in South Africa.  This is happening at a time of great civil unrest in the area.  It is hoped that by the first week in August they can again have sea traffic operational.

Chinese Government-Linked Hackers have been in US pipelines for years

23 natural gas pipeline operators were targeted for attack by Chinese hacking groups and at least 13 of those attacks were successful.  

The U.S. Senate hears from water experts

As threats to water treatment plants grow, the Senate Environment and Public Works Committee held a hearing to address concerns and to hear from industry experts.  The Senate was informed of the nature of attacks and the poor information sharing that is prevalent in the water treatment world.  They also heard from Mike Gallagher (R-Wis.) who co-chaired the Solarium Commission which explored water security in 2020.  He related how slow water has been to address cybersecurity in relation to other critical infrastructure areas.

Cybersecurity and Infrastructure Security Agency (CISA) outlines ICS attacks

CISA released a whole bunch of reports on ICS attacks of significance over the last few years.  I will link to each directly after the builtin:

Legislative actions 

US Congress has several Industrial Control Systems (ICS) bills in motion

The United States lawmakers are busy trying to craft legislation to add more teeth to laws against hacking infrastructure to include critical industries and also to hold key businesses responsible for their cybersecurity practices (or lack thereof).  These bills include one to require CISA to respond to ICS threats, staffing of the National Cyber Director's office, 
This is in conjunction with the Biden administration pushing the same agenda with recent Executive Orders and Memoranda.  The latest one this week tasked federal agencies to develop cybersecurity performance goals for critical infrastructure components like pipelines, defense contractors, and those who supply the federal government.  

The Bills



Jobs

The City of Enid has a Network Specialist position open.  Check it out here:
Location: Oklahoma, USA

Comments

Post a Comment

Popular posts from this blog

2021 Week 11 Security Roundup

-
  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   News Windows Outlook Vulnerability The 0-Day for Microsoft Exchange Server keeps making news.  Over the course of the week threat actors outside of the Haifum Chinese cyber espionage group started to take advantage of the exploit.  Many new breaches were identified over the weekend as organizations large and small rushed to update vulnerable servers.  From the briefings I have sat through over the last week or so, I can only add my echo to the chorus saying that you should immediately patch your on-premises version of Outlook.  Here are some of the developments that we have seen: ZDNet a
Read more

2021 Weeks 32-40 Security Roundup

-
  Summary Let me apologize for the long delay right upfront.  First, we had a round of Covid in the household in a person who is immune-compromised.  Next, I started a new semester in college and the workload was far greater than I expected.  Lastly, this is the start of the budget year for us and I had several projects that have demanded almost every second of my work time.  I hope to get back to weekly updates by November. Lots of news that covers:  health care, education, infrastructure, and SLTT governments around the world.  Since I am hitting the length limitations of Blogger, I will simply invite you to read and try and get caught up yourself.  News UC San Diego Health sued over breach In what is becoming a growing trend UC San Diego Health is being sued for failure to have proper data protection protocols.  The suit is citing breach of contract, negligence, and violating California consumer and medical privacy laws.  Specifically, the suit alleges failure to adequately train em
Read more

2021 Week 29 Security Review

-
  Summary Sorry, this was late this week.  I was in training on Friday with the good folks at the LSU Academy of Counter-Terrorist Education.  If you are a Tribal or other American first responder or researcher in the field of terrorism and not taking advantage of their amazing resources, please check them out at  https://www.ncbrt.lsu.edu/ . Not a lot of new things this week.  There was an update from the City of Tulsa and their breach.  We also saw REvil disappear from both the Web and the dark Web.  Lastly, CIS tools are taking the forefront in the defensive posture of the SLTT landscape. News City of Tulsa Oklahoma breach Tulsa, which was breached back in May ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ), has announced that at least 27 people had their Social Security number accessed.  The city said they have attempted to reach out to those affected.  To date, more than 18,000 files from the hack have been released to the dark web. https://www.securit
Read more