Security News
The U.S. government on Tuesday attributed several past attacks involving industrial control systems to Russian, Chinese and Iranian state-sponsored threat actors. "CISA and the FBI assess that these actors were specifically targeting U.S. pipeline infrastructure for the purpose of holding U.S. pipeline infrastructure at risk. Additionally, CISA and the FBI assess that this activity was ultimately intended to help China develop cyberattack capabilities against U.S. pipelines to physically damage pipelines or disrupt pipeline operations," the agencies said.
Today, it is safe to say that Ransomware is dominating the conversation, especially after so many high profile incidents have been part of the news cycle, such as Colonial Pipeline, CD Projekt Red, JBS, the Kaseya supply chain attack, as well as many stories on healthcare providers being victimized by such attacks. What makes Ransomware different than the previous threats that were in the spotlight is that it doesn't represent a capable new threat actor such APTs or a jump in the attacks' sophistication like in IoT security.
A high-severity vulnerability affecting Rockwell Automation's MicroLogix 1100 programmable logic controllers can be exploited to cause a device to enter a persistent fault condition. According to advisories released this month by Rockwell and the U.S. Cybersecurity and Infrastructure Security Agency, a remote, unauthenticated attacker can exploit CVE-2021-33012 to cause a denial of service condition on the targeted controller by sending it specially crafted commands.
Gartner calls this highly-exposed ecosystem your "External attack surface," and has recently recommended adopting an External Attack Surface Management approach. EASM solutions can inventory all of the cloud assets your service is built upon across multiple cloud providers and all of your third-party vendors to aid in your cloud governance processes, as well as cloud security.
Publicly owned rail operator Northern Trains has an excuse somewhat more technical than "Leaves on the line" for its latest service disruption: a ransomware attack that has left its self-service ticketing booths out for the count. A representative for Northern Trains referred further questions on to Flowbird Transport, which provides the ticketing system in question, telling us "It's their system that's been affected."
Automation company Ivanti has surveyed more than 1,000 IT professionals on the effects of phishing at their organizations, and what it has found is grim security news: 74% of companies have fallen prey to phishing in the past year, and 40% became victims in the last month alone. In particular, Ivanti cites the COVID-19 induced shift to remote work as a major reason for increased "Onslaught, sophistication and impact of phishing attacks."
Zscaler released a study examining the state of IoT devices left on corporate networks during a time when businesses were forced to move to a remote working environment. The report analyzed over 575 million device transactions and 300,000 IoT-specific malware attacks blocked over the course of two weeks in December 2020 - a 700% increase when compared to pre-pandemic findings.
So the first vulnerability is based on the fact that the cell around network and the connectivity between cell networks around the world is built in such a way that whenever there is some, some sort of message call or any other message to be others to you. Connected to the, over the set alarm network, but eventually it is connected to the open internet and the like any device connected to the open internet.
Prominent law firm Campbell Conroy & O'Neil said it fell victim to a ransomware attack five months ago that resulted in systems holding sensitive information being compromised. The firm offers services to numerous Fortune 500 and Global 500 companies, including automakers, aviation and aerospace, energy/utilities, industrial machinery, insurance, and transportation organizations, among others.
The Microsoft Exchange Server attacks earlier this year were "Systemic cyber sabotage" carried out by Chinese state hacking crews including private contractors working for a spy agency, the British government has said. Foreign Secretary Dominic Raab said this morning in a statement: "The cyber attack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar pattern of behaviour. The Chinese Government must end this systematic cyber sabotage and can expect to be held to account if it does not."