Yet Another Security Blog

  Summary A lot of activity in the general SCADA world as well as healthcare, education, and city government.  We also have news of legislation as the budget year ramps up for its start of the year activities.   News IBM's Cost of Data Breach report for 2022 has been released.  It indicates that last year the average cost of a data breach is $4.35 million.  It also reports that 83% of the organizations in the report have been a victim more than once.  80% of infrastructure organizations did not have a zero trust model in place.  Also of note is that paying the ransom only saved about $600,000 overall as most of the costs are associated with civil suits and addressing the fallout of the incident.   https://cyware.com/news/ibm-2022-report-cost-of-a-data-breach-at-an-all-time-high-9303d2b3 https://newsroom.ibm.com/2022-07-27-IBM-Report-Consumers-Pay-the-Price-as-Data-Breach-Costs-Reach-All-Time-High SLTT There has been a data breach of the ...

 Summary News came this week of several new cyber security operation centers.  This is a great idea.  The harder we make it for the bad guys the more likely they are to try and figure out something else to do.  We also have some advisories about issues in Industrial Control Systems(ICS). News SLTT Several Puerto Rico government entities were struck by a cyberattack including the territories Senate.  Still not a lot of information at this time. https://www.securityweek.com/official-says-puerto-ricos-senate-targeted-cyberattack?&web_view=true The Port of Los Angeles has opened its own Cyber Resilience Center (CRC).  This CRC will ensure that the port is protected from cyber threats that might impact cargo shipments that come into one of the world's most active seaports.   https://www.infosecurity-magazine.com/news/la-launches-cyber-resilience-center/ Power The U.S. Federal Energy Regulatory Commission (FERC) is looking at implementing a new regu...

  Summary: This week we have an update on the Tulsa Oklahoma Ransomware attack and data breach as well as an update on the Ireland health system breach by the same group.  NBC and others have recaps of water security.  Several groups are doing cybersecurity exercises and this included a grid attack simulation.   News Tulsa Oklahoma Ransomware Attack  As previously noted ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ) Tulsa was the victim of a Ransomware Attack.  Now it appears that some of the breached data (18,000 + files) has been released.  This again points to the danger of paying the ransom as it appears there is little honor among the hackers.  It should be noted that Conti (the suspected group behind the attack) has a long history of this. https://edition.cnn.com/2021/06/23/us/tulsa-cyberattack-personal-information-dark-web/index.html?&web_view=true https://kfor.com/news/local/ransomware-attackers-relea...

  Summary This week there was quite a bit of activity, including some that hit close to home.  These include ICS security news, more PulseConnect victims, a deep dive at a school system response, and a local hospital that was the victim of ransomware.  Lastly, there is quite a bit of legislative activity with the NATO and G7 summits dominating the news. News SolarWinds hack I have had some who follow my writings here and on social media claim that attributing the SolarWinds attack to Russia is somehow partisan or rash.  The argument seems to be that there is no real proof and instead, the hack was due to some perceived (but unattributed) lack in the operations of the current state of the nation's cyber defense strategy.  If you are one of those, I really implore you to get in to that discussion here.  What can we, the front-line workers in the cyber war front, do to be better at defense, response, and recovery? This week, FireEye, who first identified the h...

  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   Updates on Solar Wind and the Microsoft ProxyLogon issues dominated news again this week.  Breaking news is that as of Thursday night, Defender and System Center Endpoint Protection have added automatic patching for the linchpin of the attack playbook.  This was so successful they evidently broke one of their honey-pot farms.   In other news, we had updates from the US and other Federal governments.  There are even more signs of escalation by nation-state actors, primarily China, in what many are seeing as a global cyberwar.  We also ...