Yet Another Security Blog

 Summary News came this week of several new cyber security operation centers.  This is a great idea.  The harder we make it for the bad guys the more likely they are to try and figure out something else to do.  We also have some advisories about issues in Industrial Control Systems(ICS). News SLTT Several Puerto Rico government entities were struck by a cyberattack including the territories Senate.  Still not a lot of information at this time. https://www.securityweek.com/official-says-puerto-ricos-senate-targeted-cyberattack?&web_view=true The Port of Los Angeles has opened its own Cyber Resilience Center (CRC).  This CRC will ensure that the port is protected from cyber threats that might impact cargo shipments that come into one of the world's most active seaports.   https://www.infosecurity-magazine.com/news/la-launches-cyber-resilience-center/ Power The U.S. Federal Energy Regulatory Commission (FERC) is looking at implementing a new regu...

  Summary: This week we have an update on the Tulsa Oklahoma Ransomware attack and data breach as well as an update on the Ireland health system breach by the same group.  NBC and others have recaps of water security.  Several groups are doing cybersecurity exercises and this included a grid attack simulation.   News Tulsa Oklahoma Ransomware Attack  As previously noted ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ) Tulsa was the victim of a Ransomware Attack.  Now it appears that some of the breached data (18,000 + files) has been released.  This again points to the danger of paying the ransom as it appears there is little honor among the hackers.  It should be noted that Conti (the suspected group behind the attack) has a long history of this. https://edition.cnn.com/2021/06/23/us/tulsa-cyberattack-personal-information-dark-web/index.html?&web_view=true https://kfor.com/news/local/ransomware-attackers-relea...

  Summary Spent a week driving around the western US then had to get caught up with work and school, so didn't have the time nor ability to post an update.  Here is what has happened over that time frame. For such a long time period there really is not too much actual news.  In my scanning of sites, it appears that the focus has returned to financial sectors and work from home attacks.  One of the things I have noted over the years is that these things tend to be cyclic, which could indicate that there is some dark web coordination that security practitioners are not yet privy to (though nation-state experts might be).   News Washington D.C. police server hacked by Russian group A Russian hacking group named Babuk posted screenshots that seek to prove that they have accessed several databases by the Washington D.C. police department.  The group left a text document on their network outlining how to pay the ransom to get locked files back and to bribe t...

  Summary While I initially thought this would be a slow news week, several articles of interest came out later in the week.  Probably the biggest thing of note is the Biden administration going all in to point the finger at nation-state actors and their attacks against U.S. and allied targets.   News National assessment Normally I try and skip a lot of reports put out by the national intelligence agencies as they are normally focused on the bigger picture and not on SLTT issues.  I have decided to link to the first worldwide threat assessment report in a couple of years because 1) it has been a while since the U.S. has publically acknowledged that we have a cyberwar going on and 2) they mention specifically the risks to utilities and governments at all levels in the United States (and its allies).   The main takeaways from the report are that even if the United States may have taken a break (which I suspect regardless of the guidance from the Executiv...

  Summary This week there was not a lot of activity.  We did see quite a bit of news from the SCADA front.  A ransomware campaign has leaked some information in an attempt to get the victims to pay. News Power security The U.S. Department of Energy (DOE) Office of Cybersecurity, Energy Security and Emergency Response (CESER) is pledging to help US energy system operators from the growing cyber and physical threat to their systems.  Some of the announced programs include testing of SCADA systems to assess their vulnerabilities against nation-state actors, research into electromagnetic and geomagnetic protective technologies, and a focus on researching cybersecurity with a goal of fostering well-trained university graduates.   https://www.energy.gov/articles/doe-announces-cybersecurity-programs-enhancing-safety-and-resilience-us-energy-sector https://www.infosecurity-magazine.com/news/new-cybersecurity-programs-to/?&web_view=true https://defensesystems.co...