2022 Week 29 Security News Roundup

-

 Summary

Almost all tracked areas had some news this week.  It appears that there is again an uptick in activity targeting infrastructure at all levels.  

News

SLTT

Puerto Rico partnered with the Multi-State Information Sharing and Analysis Center (MS-ISAC) to get 24/7 Security Operations Center (SOC) monitoring of its networked assets.  This will supplement the SOC they staffed in 2021 after a string of cyber attacks.

Sophos reports that ransomware attacks on education institutions rose in the last year.  Some key points are that 56% of lower education respondents had been victims, 64% for higher education. and 60% of all education institutions had some kind of successful attack which is 44% higher than last year.  

A ransomware attack disrupted flood monitoring systems in the Indian state of Goa during life-threatening.  The state says their 3rd party firm did not have security configurations and software up to date.  On a personal note, I would say that even if you have 3rd party contractors, you as the owner, have the responsibility to ensure that vendors are living up to their responsibilities. 

Deakin University in the Australian state of Victoria reports that nearly 47,000 students and alumni have had their personal data compromised.  The university says that the Office of the Victorian Information Commissioners and a 3rd party are helping them recover from the breach.

SCADA General

Barracuda released their That of Industrial Security in 2022 report.  It found that more than half of respondents rely on manual patching and few have dual-factor log-on services.  More alarmingly, it found that 94% of respondents had some form of attack on their IoT systems.

Power

Ignitis Group was the victim of what is being described as their "biggest cyber-attack in a decade."  The nature of the attack seems to be a very massive Distributed Denial of Service (DDoS) attack which disrupted its digital services and its website.  A pro-Russian group named Killnet has claimed responsibility for this and a series of attacks against other Lithuania in response to their support  for Ukraine in the war with Russia.

Water

Rhode Island sewer-system was hit with a cyber incident that affected operations in Providence and Blackstone Valley.  At this time they are only saying that data on some systems was encrypted.

A subcontractor of the Colorado Springs water service was evidently the victim of a data breach.  Roughly 200,000 accounts were in the file that was accessed.  They indicate that no sensitive, proprietary, or confidential data was part of the breach.


Aerospace

Aerojet Rocketdyne settled a lawsuit for $9 from a former executive that had alleged that the company was not being responsible with sensitive rocket information.  This is even after they were the victims of a Nation-State breach in 2013 and 2014. 


Legislative actions 

Joe Biden signed an executive order that prevents state or local governments from using information about abortion seeking against those who perform such searches.  

India is vowing to crack down on cybercrime.  Among the actions that were outlined were Stricter actions against cyber criminals, a committee dedicated to strategizing cybercrime efforts, and cybercrime awareness and prevention training.  

The U.S. House Appropriators authorized $15.6 billion in cybersecurity funding with the largest part going to the defense department.  Under the authorization, the DOD would get $11.2B and CISA another $2.9B which is $417 million more than the White House requested for the agency.  


Comments

Post a Comment

Popular posts from this blog

2021 Week 11 Security Roundup

-
  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   News Windows Outlook Vulnerability The 0-Day for Microsoft Exchange Server keeps making news.  Over the course of the week threat actors outside of the Haifum Chinese cyber espionage group started to take advantage of the exploit.  Many new breaches were identified over the weekend as organizations large and small rushed to update vulnerable servers.  From the briefings I have sat through over the last week or so, I can only add my echo to the chorus saying that you should immediately patch your on-premises version of Outlook.  Here are some of the developments that we have seen: ZDNet a
Read more

2021 Weeks 32-40 Security Roundup

-
  Summary Let me apologize for the long delay right upfront.  First, we had a round of Covid in the household in a person who is immune-compromised.  Next, I started a new semester in college and the workload was far greater than I expected.  Lastly, this is the start of the budget year for us and I had several projects that have demanded almost every second of my work time.  I hope to get back to weekly updates by November. Lots of news that covers:  health care, education, infrastructure, and SLTT governments around the world.  Since I am hitting the length limitations of Blogger, I will simply invite you to read and try and get caught up yourself.  News UC San Diego Health sued over breach In what is becoming a growing trend UC San Diego Health is being sued for failure to have proper data protection protocols.  The suit is citing breach of contract, negligence, and violating California consumer and medical privacy laws.  Specifically, the suit alleges failure to adequately train em
Read more

2021 Week 29 Security Review

-
  Summary Sorry, this was late this week.  I was in training on Friday with the good folks at the LSU Academy of Counter-Terrorist Education.  If you are a Tribal or other American first responder or researcher in the field of terrorism and not taking advantage of their amazing resources, please check them out at  https://www.ncbrt.lsu.edu/ . Not a lot of new things this week.  There was an update from the City of Tulsa and their breach.  We also saw REvil disappear from both the Web and the dark Web.  Lastly, CIS tools are taking the forefront in the defensive posture of the SLTT landscape. News City of Tulsa Oklahoma breach Tulsa, which was breached back in May ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ), has announced that at least 27 people had their Social Security number accessed.  The city said they have attempted to reach out to those affected.  To date, more than 18,000 files from the hack have been released to the dark web. https://www.securit
Read more