2022 Week 6 Security Summary

-


Summary

This week we saw a wide array of news about cyber security.  

News

SLTT

Pellissippi State Community College was the victim of a ransomware attack that apparently was trying to encrypt data.  They report they did not pay the ransom and are working to figure out the extent of data that was accessed.

Infosec Institute is offering scholarships to 15 people from underrepresented groups in the infosec/cybersecurity industry.  It expands on their Accelerate Scholarship Program.  

Clario researchers discovered an unsecured Microsoft Azure blob repository that was searchable on the web that held over 144K student records.  

The Biden administration is creating a task force to review cybersecurity issues affecting government at all levels and businesses.  Their first task will be reviewing the Log4J issue.

Operational Technology (OT)  General

Researchers have outlined the kinds of data being released to the Web and Dark Web and conclude that the technical information about (OT) network devices and programmable industrial devices can give valuable intelligence for future attacks.  While security through obscurity is never ideal, the very nature of OT networks has led to a bit of a knowledge gap with 'script kiddies' and even some sophisticated actors.  This proves once again why we in the defense side of the house are all in this together.

A new report from Claroty indicated that Industrial Control Systems (ICS) and OT networks are affected by ransomware attacks more often than previously believed.  From there survey ~ 80% of respondents said they had a ransomware-type attack and of those, 50% said their ICS or OT networks had suffered.  

Power

The United States Department of Homeland Security (DHS) has released a bulletin warning of indicators that Domestic Violent Extremists (DVE's) have "developed credible, specific plans to attack electricity infrastructure since at least 2020, identifying the electric grid as a particularly attractive target given its interdependency with other infrastructure sectors..."  They note that this is more an issue at the individual operator level than to the grid itself, but it reminds us that the bad guys are still out there and could be closer to home than expected.

Water

The U.S. Environmental Protection Agency (EPA) has released a 100-day game plan to help protect water systems from cyber-attacks.  Named Industrial Control Systems Cybersecurity Initiative – Water and Wastewater Sector Action Plan gives guidelines on the highest impact acts that can be performed in 100 days to strengthen the posture of water and wastewater systems.

Healthcare

As a follow-up to last week's report about hospital-based IoT devices (https://yasb2018.blogspot.com/2022/01/2022-week-5-summary.html), Kaspersky Labs reports 33 vulnerabilities were found last year in home-based medical IoT devices.  The issue was tracked to MQTT that is a data transfer protocol used by many medical IoT devices.  

Joy Forsythe, makes an argument that security medical data is not just a regulatory or business best practice, but is essential to human health.  Her presentation hit on a lot of topics that I have also argued over the years to make her point.

Aerospace

A misconfigured Amazon Web Services S3 bucket exposed the details of an unknown number of airport staff from throughout South America.  Researchers were able to access about 3TB of PII on airport workers dating back to 2018.

Swissport, a Swiss airport management services company, reported a ransomware attack on its IT systems.  So far not much information is being released.

Legislative actions 

California criminalizes "cyber flashing".  SB 53, also known as the FLASH Act would make it against the law for someone to transmit unsolicited sexually explicit images or videos without the recipient's express consent.  


Comments

Post a Comment

Popular posts from this blog

2021 Week 11 Security Roundup

-
  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   News Windows Outlook Vulnerability The 0-Day for Microsoft Exchange Server keeps making news.  Over the course of the week threat actors outside of the Haifum Chinese cyber espionage group started to take advantage of the exploit.  Many new breaches were identified over the weekend as organizations large and small rushed to update vulnerable servers.  From the briefings I have sat through over the last week or so, I can only add my echo to the chorus saying that you should immediately patch your on-premises version of Outlook.  Here are some of the developments that we have seen: ZDNet a
Read more

2021 Weeks 32-40 Security Roundup

-
  Summary Let me apologize for the long delay right upfront.  First, we had a round of Covid in the household in a person who is immune-compromised.  Next, I started a new semester in college and the workload was far greater than I expected.  Lastly, this is the start of the budget year for us and I had several projects that have demanded almost every second of my work time.  I hope to get back to weekly updates by November. Lots of news that covers:  health care, education, infrastructure, and SLTT governments around the world.  Since I am hitting the length limitations of Blogger, I will simply invite you to read and try and get caught up yourself.  News UC San Diego Health sued over breach In what is becoming a growing trend UC San Diego Health is being sued for failure to have proper data protection protocols.  The suit is citing breach of contract, negligence, and violating California consumer and medical privacy laws.  Specifically, the suit alleges failure to adequately train em
Read more

2021 Week 29 Security Review

-
  Summary Sorry, this was late this week.  I was in training on Friday with the good folks at the LSU Academy of Counter-Terrorist Education.  If you are a Tribal or other American first responder or researcher in the field of terrorism and not taking advantage of their amazing resources, please check them out at  https://www.ncbrt.lsu.edu/ . Not a lot of new things this week.  There was an update from the City of Tulsa and their breach.  We also saw REvil disappear from both the Web and the dark Web.  Lastly, CIS tools are taking the forefront in the defensive posture of the SLTT landscape. News City of Tulsa Oklahoma breach Tulsa, which was breached back in May ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ), has announced that at least 27 people had their Social Security number accessed.  The city said they have attempted to reach out to those affected.  To date, more than 18,000 files from the hack have been released to the dark web. https://www.securit
Read more