2023 Week 47

-

 

Summary

Slowly trying to bring this back since I have found no other place that collects this exact information.  My also add a podcast feature around the first of the year.


News

CISA is exploring becoming a managed service provider of cybersecurity services to critical infrastructure entities.  This is part of the ongoing efforts by the U.S. to take an expansive approach to cybersecurity. 


SLTT

The City of Long Beach, California is deciding whether to declare a state of emergency in regards to their cyber incident that struck systems on the 14th.  The attack affected public-facing services as well as some business operations but appears to have spared the public safety systems.

VMware Carbon Black researchers are seeing an uptick in infections related to NetSupport RAT that is targeting government and educational institutions.  This is a further continuation of threat actors using legitimate remote access software to do attacks.  In this case, it is normally done as a drive-by attack from compromised WordPress sites displaying bogus web browser updates. 

Clark County Washington state detected on October 21, 2023 a cyber attack.  Currently, they do not believe any citizen data was stolen or disclosed.  This is the second network breach of the county networks in two years.  The investigators are not 100% certain at this point if the current incident is related to the previous one.




Power

An element of the Bipartisan Infrastructure Law is providing $70 million of funding to help electric cooperatives, small investor-owned, and municipal utilities strengthen their cyber security posture.  The funding is managed by the Office of Cybersecurity, Energy Security and Emergency Response (CESER) and the Rural and Municipal Utility Cybersecurity (RMUC).  Information can be found on the program's page linked below.
https://www.securityweek.com/us-announces-70-million-cybersecurity-boost-for-rural-municipal-utilities/?web_view=true
https://infrastructure-exchange.energy.gov/Default.aspx#FoaIdcc9bd5a9-00e0-438d-9225-873fb1f4dffa


Water

Service public de l`assainissement francilien (SIAAP) which manages 275 miles of wastewater pipes in and around Paris, France was affected by a cyberattack on the 17th of November.  An emergency order was issued that allowed the team to hire outside cyber experts and purchase any hardware needed to address the situation.  As of now they are not disclosing who was responsible and no group has taken credit.
https://therecord.media/paris-wastewater-agency-hit-cyberattack?&web_view=true
https://www.siaap.fr/presse-publications/publications/detail/actualites/cyberattaque-dampleur-au-siaap/
https://www.siaap.fr/fileadmin/user_upload/attaque_informatique/arrete_urgence_imperieuse.JPG


Healthcare

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a mitigation guide tailored to Healthcare and Public Health entities.  It focuses on vulnerability management.  
https://www.securityweek.com/cisa-releases-cybersecurity-guidance-for-healthcare-public-health-organizations/?web_view=true


Welltok posted a data breach notification with Main's attorney general that sensitive data of over 1.6 million people.  the information includes name, dob, address, and health information.  Once again, a vendor makes for a ripe target.

The cybersecurity researchers at SafetyDetectives discovered a data breach that affected over 2 million Turkish citizens.  The data seems to be vaccination records from 2015 to 2023.  It is worth noting that the same place where this database was found also had a database of over 49 million Turkish citizens, meaning that linking the two data sets should be trivial.
https://www.hackread.com/hacker-leaks-turkish-citizens-vaccination-records/?web_view=true
https://www.safetydetectives.com/news/turkish-vaccinations-leak-report/

The Chief Operating Officer of Securolytics had pleaded guilty to compromising the systems of two hospitals to create business opportunities.  In this case, it was the hospital's ASCOM phone system and it rendered more than 200 phones inoperable.  He also stole the personal information of over 300 patients.  This just goes to underscore the need to have a good vendor policy but also that sometimes non-data systems might be the critical system that gets attacked.
https://www.infosecurity-magazine.com/news/cybersecurity-executive-guilty/
https://storage.courtlistener.com/recap/gov.uscourts.gand.291147/gov.uscourts.gand.291147.102.1.pdf
https://www.bleepingcomputer.com/news/security/cybersecurity-firm-executive-pleads-guilty-to-hacking-hospitals/?&web_view=true


Education

The US FCC is proposing a 3-year pilot program to look at how the Universal Service Fund could be used to help schools and libraries strengthen their cybersecurity posture.  They are currently accepting public comment.  
The GoveTech article linked below goes into much more background on the threats and links to similar initiatives that have similar goals.  They also go on to explain some of the attack profiles.  This includes malware but also banking trojans.  They point out that employee education and creating a security culture is still the best defense as most of the threat actors get support from often uninformed insiders.



The Record has an article summarizing several attacks against schools at all levels.  It hints that minority-serving schools are being specifically targeted, but my one (unprofessional) belief is that is not the case, and schools in general are being targeted more now than before 2020.




Comments

Post a Comment

Popular posts from this blog

2021 Week 11 Security Roundup

-
  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   News Windows Outlook Vulnerability The 0-Day for Microsoft Exchange Server keeps making news.  Over the course of the week threat actors outside of the Haifum Chinese cyber espionage group started to take advantage of the exploit.  Many new breaches were identified over the weekend as organizations large and small rushed to update vulnerable servers.  From the briefings I have sat through over the last week or so, I can only add my echo to the chorus saying that you should immediately patch your on-premises version of Outlook.  Here are some of the developments that we have seen: ZDNet a
Read more

2021 Weeks 32-40 Security Roundup

-
  Summary Let me apologize for the long delay right upfront.  First, we had a round of Covid in the household in a person who is immune-compromised.  Next, I started a new semester in college and the workload was far greater than I expected.  Lastly, this is the start of the budget year for us and I had several projects that have demanded almost every second of my work time.  I hope to get back to weekly updates by November. Lots of news that covers:  health care, education, infrastructure, and SLTT governments around the world.  Since I am hitting the length limitations of Blogger, I will simply invite you to read and try and get caught up yourself.  News UC San Diego Health sued over breach In what is becoming a growing trend UC San Diego Health is being sued for failure to have proper data protection protocols.  The suit is citing breach of contract, negligence, and violating California consumer and medical privacy laws.  Specifically, the suit alleges failure to adequately train em
Read more

2021 Week 29 Security Review

-
  Summary Sorry, this was late this week.  I was in training on Friday with the good folks at the LSU Academy of Counter-Terrorist Education.  If you are a Tribal or other American first responder or researcher in the field of terrorism and not taking advantage of their amazing resources, please check them out at  https://www.ncbrt.lsu.edu/ . Not a lot of new things this week.  There was an update from the City of Tulsa and their breach.  We also saw REvil disappear from both the Web and the dark Web.  Lastly, CIS tools are taking the forefront in the defensive posture of the SLTT landscape. News City of Tulsa Oklahoma breach Tulsa, which was breached back in May ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ), has announced that at least 27 people had their Social Security number accessed.  The city said they have attempted to reach out to those affected.  To date, more than 18,000 files from the hack have been released to the dark web. https://www.securit
Read more