2022 Week 30 and 31 Security News Roundup

-

 

Summary

A lot of activity in the general SCADA world as well as healthcare, education, and city government.  We also have news of legislation as the budget year ramps up for its start of the year activities.  


News

IBM's Cost of Data Breach report for 2022 has been released.  It indicates that last year the average cost of a data breach is $4.35 million.  It also reports that 83% of the organizations in the report have been a victim more than once.  80% of infrastructure organizations did not have a zero trust model in place.  Also of note is that paying the ransom only saved about $600,000 overall as most of the costs are associated with civil suits and addressing the fallout of the incident.  


SLTT

There has been a data breach of the retirement system of the City of Detroit.  PII including social security numbers appears to have been exposed.  The issue was a misconfiguration that allowed others to view the data for multiple retirees.  

The State of New York has pledged to help local governments counteract ransomware and other cyber threats.  The $30 million program seeks to make the services of the state's Joint Security Operations Center available to all local government entities and to provide Crowdstrike free of charge to the same.

The City of Newport, Rhode Island has notified present and past employees of a potential data breach.  This is in the wake of a phishing email that was thought to be behind suspicious network activity discovered on June 9th.  The city indicated they are using the resources of federal law enforcement in their investigation.

St. Marys, Ontario is being held ransom by LockBit.  The town indicated it had outside help to assist in their response.  Currently, internal operations are being affected, but they indicated that citizen services are still operating with no effect.  

Wooton Upper Schoo in Bedfordshire England and the associated Kimberly college for 16-19 year olds are being held ransom by Hive.  The ransomware group is demanding £500,000,  The ransomware group has allegedly reached to parents and students informing them of the breach.  

SCADA in General

It is often said that humans are the weak link in security platforms.  SCADAfence released its annual report and it indicates that 75% of security experts believe that the OT security risk level is high and that 79% believe that human error is their principal risk.  Additionally, 83% felt that there is a significant shortage of OT security workers.  The latter is believed to be because of the extra duties imposed on these individuals and the relatively low pay.

Dr. Mordechai Guri the head of R&D in the Cyber Security Research Center at the Ben Gurion University of the Negev in Israel has developed a new SCADA attack called SATAn that uses a SATA cable as an antenna.  This attack does require placing a device to capture the data, but it then uses the cable as the antenna.    

As IT and OT systems continue to merge the risk of cyber attacks is being more and more of a concern (a good thing {the concern, not the integration}).  Security magazine has a good overview of the need for extending your physical and cyber security plans to the OT network.  It does this by leveraging the information gained from the 2022 Allianz-Risk Barometer (linked below).  It is a good read for those who have operational devices as part of their business process.


TSA has updated its Security Directive for oil and natural gas pipeline operators to extend the requirements for another year.  The requirements include:
1.  Establish and execute a TSA-approved Cybersecurity Implementation Plan that includes a description of the specified measures the pipeline owners and operators are using to achieve the outcomes
2.  Develop and maintain a Cybersecurity Incident response plan that includes measures the owners and operators will take in the event of disruption or business degradation cussed by a cybersecurity incident.
3.  Establish a Cybersecurity Assessment Program to test and regularly audit the effectiveness of the measures and resolve any vulnerabilities identified.

Threat Actors will target even small critical infrastructure entities according to CISA Executive Director Brandon Wales.  He made the statement at the recent CyberSare event.  

Taiwan-based industrial networking and automation company Moxa released information about 2 vulnerabilities in their NPort product.  The two security issues are tracked as CVE=2022=2043 and CVE-2022-2044.  They report that the issues can be exploited by remote attackers to deny access.



Healthcare

St. Luke's health system, which serves most of Idaho, announced that a 3rd party vendor, Kaye-Smith, had a data breach.  At this time it is unknown how many patients have been affected.  The data exposed included PII and payment information.  The breach in question occurred in late May of 2022.  

The National Institute of Standards and Technology (NIST) has updated the cybersecurity guidance for health care providers and the related support functions.  They say that their goal was to make this version much more of a resource guide.  Additionally, it is coming more in line with the other NIST guidelines that have been released lately

GlobalData has estimated that up to 22 million US health records have already been breached in 2022.  They also project spending on cybersecurity in the healthcare sector will increase by $400 million globally in the next 3 years.  

Hartland, Wisconsin, OneTouchPoint offers business services to those in the healthcare sector.  They have notified customers that they found encrypted files on some systems in April.  

Legislative Actions

The United States Senate is debating the Quantum Computing Cybersecurity Preparedness Act.  The bill has broad support.  It would basically direct agencies to be making plans for the post-quantum computing world.  

Bill



The Senate Armed Services Committee is seeking to help the U.S. Department of Defense to meet the needs of cyber forces in the new National Defense Authorization Act.  The act hopes to help the DOD to address readiness shortfalls in organizing, training and presenting forces to the U.S. Cyber Command.  

Act:



The U.S. House of Representatives passed an $840 billion bill that included provisions to better identify and secure critical infrastructure.  

Bill



Comments

Post a Comment

Popular posts from this blog

2021 Week 11 Security Roundup

-
  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   News Windows Outlook Vulnerability The 0-Day for Microsoft Exchange Server keeps making news.  Over the course of the week threat actors outside of the Haifum Chinese cyber espionage group started to take advantage of the exploit.  Many new breaches were identified over the weekend as organizations large and small rushed to update vulnerable servers.  From the briefings I have sat through over the last week or so, I can only add my echo to the chorus saying that you should immediately patch your on-premises version of Outlook.  Here are some of the developments that we have seen: ZDNet a
Read more

2021 Weeks 32-40 Security Roundup

-
  Summary Let me apologize for the long delay right upfront.  First, we had a round of Covid in the household in a person who is immune-compromised.  Next, I started a new semester in college and the workload was far greater than I expected.  Lastly, this is the start of the budget year for us and I had several projects that have demanded almost every second of my work time.  I hope to get back to weekly updates by November. Lots of news that covers:  health care, education, infrastructure, and SLTT governments around the world.  Since I am hitting the length limitations of Blogger, I will simply invite you to read and try and get caught up yourself.  News UC San Diego Health sued over breach In what is becoming a growing trend UC San Diego Health is being sued for failure to have proper data protection protocols.  The suit is citing breach of contract, negligence, and violating California consumer and medical privacy laws.  Specifically, the suit alleges failure to adequately train em
Read more

2021 Week 29 Security Review

-
  Summary Sorry, this was late this week.  I was in training on Friday with the good folks at the LSU Academy of Counter-Terrorist Education.  If you are a Tribal or other American first responder or researcher in the field of terrorism and not taking advantage of their amazing resources, please check them out at  https://www.ncbrt.lsu.edu/ . Not a lot of new things this week.  There was an update from the City of Tulsa and their breach.  We also saw REvil disappear from both the Web and the dark Web.  Lastly, CIS tools are taking the forefront in the defensive posture of the SLTT landscape. News City of Tulsa Oklahoma breach Tulsa, which was breached back in May ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ), has announced that at least 27 people had their Social Security number accessed.  The city said they have attempted to reach out to those affected.  To date, more than 18,000 files from the hack have been released to the dark web. https://www.securit
Read more