Copy
Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 6-3-2021

Massachusetts Steamship Authority hit by ransomware attack
The Steamship Authority said because of the attack, cash was preferred for all transactions on Wednesday. "The availability of credit card systems to process vehicle and passenger tickets, as well as parking lot fees, is limited," the company said.
https://www.wcvb.com/article/massachusetts-steamship-authority-hit-by-ransomware-attack/36607299
 
Siemens PLC vulnerability is cyber-attackers’ ‘holy grail’
Cyber-researchers have found a vulnerability in Siemens’ Simatic S7-1200 and S7-1500 PLCs that could give attackers read and write access anywhere on the PLC, allowing them to execute malicious code remotely. The researchers at Claroty describe such unrestricted and undetected code execution as the “holy grail” for cyber-attackers, allowing them to hide code deep inside the PLC undetected by the operating system, or any diagnostic software.
https://drivesncontrols.com/news/fullstory.php/aid/6736/Siemens_PLC_vulnerability_is_cyber-attackers_92__91holy_grail_92.html
 
Rise in Ransomware Requires Strong Government Response, Executives Say
President Biden, in his June 16 summit with Russian President Vladimir Putin, must push for an agreement to rein in ransomware gangs, Mr. Mandia said. To fight the cybercrime wave, the U.S. should pursue economic sanctions, technology protections and diplomacy, he said. “You gotta pull every lever on this one,” he said. “We have to impose repercussions and costs.”
https://www.wsj.com/articles/ransomware-is-an-intolerable-situation-fireeye-ceo-says-11622649180
 
Sensitive medical, financial data exposed in extortion of Massachusetts hospital
A hospital in Massachusetts quietly paid off a ransomware gang after a February hack that exposed patients’ sensitive medical and financial data, the hospital said in a May 28 statement. [...] “In exchange for a ransom payment, we obtained assurances that the information acquired would not be further distributed and that it had been destroyed,” Sturdy Memorial said.
https://www.cyberscoop.com/hospital-ransomare-payment-sturdy-memorial/
 
Cyberattack 'destroyed' HSE's IT systems
Dr Hamilton wrote on her Twitter account: “The #cyberattack didn’t switch off the hospital computer system, it destroyed the IT system. This is not a check, firewall and switch on, this is a complete rebuild. The work and the pace of it is intense.”
https://www.irishexaminer.com/news/arid-40304705.html
 
The M.T.A. Is Breached by Hackers as Cyberattacks Surge
The breach was the third — and most significant — cyberattack on the transit network, North America’s largest, by hackers thought to be connected to foreign governments in recent years, according to transit officials. The M.T.A. is one of a growing number of transit agencies across the country targeted by foreign hackers and the breach comes during a surge in cyberattacks on critical American infrastructure, from fuel pipelines to water supply systems.
https://www.nytimes.com/2021/06/02/nyregion/mta-cyber-attack.html
 
Cyber insurers hike rates, tweak coverage as loss ratio rises again in '20
Cyber liability insurance premiums continued to climb by double digits in 2020, but the industrywide loss ratio grew at a faster pace, forcing underwriters to adjust coverage and hike rates to cover escalating costs from breaches and ransomware attacks. [...] The industry's loss ratio rose for the third straight year, climbing more than 25 percentage points year over year in 2020 to 72.8%.
https://www.spglobal.com/marketintelligence/en/news-insights/latest-news-headlines/cyber-insurers-hike-rates-tweak-coverage-as-loss-ratio-rises-again-in-20-64492433
 
Industry paper calls for liability protection, small business support in potential DOD threat hunting program
"Companies participating in a threat hunting program should be provided liability protections to insulate them from lawsuits related to disclosure of third-party data; such protection, however, would likely require further legislative action," INSA's Cyber Council said in a paper released last week.
https://insidedefense.com/insider/industry-paper-calls-liability-protection-small-business-support-potential-dod-threat
 
JBS cyberattack: From gas to meat, hackers are hitting the nation, and consumers, where it hurts
For a hacker whose objective in a ransomware attack is to force payment, a food manufacturing and processing company like JBS, a centralized node in a consolidated industry, makes for a good target. If successfully attacked, the hack can result in widespread problems from the cattle on the pasture to the feedlots and into the grocery store.
https://www.cnbc.com/2021/06/02/from-gas-to-burgers-hackers-hit-consumers-where-it-hurts.html
 
U.S. seizes two domains used in cyber attacks that mimicked USAID communications
The Justice Department said that it seized two command-and-control (C2) and malware distribution domains on May 28 after winning a court order to do so. The seizure was done in hopes of identifying groups that had been victimized and stopping future victimization.
https://www.reuters.com/technology/us-seizes-two-domains-used-cyber-attacks-that-mimicked-usaid-communications-2021-06-01/
 
Ransomware: A Guide to Practical, Regulatory, and Reputational Risk Management
Entities should implement a risk-based compliance program to mitigate exposure to cyber risks. OFAC has also stated that such a program is a factor it may consider when determining the extent of its enforcement activities. The core elements an entity should consider include (a) management commitment, (b) risk assessment, (c) internal controls, (d) testing and auditing, and (e) training.
https://www.natlawreview.com/article/ransomware-guide-to-practical-regulatory-and-reputational-risk-management
 
US: Russian threat actors likely behind JBS ransomware attack
"The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals. The FBI is investigating the incident and CISA is coordinating with the FBI to offer technical support to the company in recovering from the ransomware attack," the spokeswoman added.
https://www.bleepingcomputer.com/news/security/us-russian-threat-actors-likely-behind-jbs-ransomware-attack/
 
Security News This Week: US Soldiers Exposed Nuclear Secrets on Digital Flash Cards
The information includes information like where weapons are likely stored within bases, patrol schedules, security camera locations, attributes of ID badges, and even safe words that guards are supposed to use if they’re being threatened to warn others. The Bellingcat researchers were able to find the cards by searching for “terms publicly known to be associated with nuclear weapons.”
https://www.wired.com/story/nuclear-secrets-flashcards-citizen-app-japan-hack-security-news/
 
Amazon Sidewalk Poised to Sweep You Into Its Mesh
It probably should surprise no-one that the impending mesh network turn-on date in seven days has triggered fear, uncertainty and doubt, for a few reasons. First, the initiative involves a brand-new, untested Wi-Fi protocol that’s going live without having been beta tested. Also, it’s being turned on by default, making it opt-out only.
https://threatpost.com/amazon-sidewalk-to-sweep-you-into-its-mesh/166581/
 
A U.S. privacy law seemed possible this Congress. Now, prospects are fading fast.
Even amid a surge in Covid-related scams stealing consumer data and a recent Facebook leak that exposed the personal information of half a billion users, privacy legislation shows signs of having stalled. Lawmakers have held no hearings on a comprehensive national privacy law and have no plans to hold one anytime soon, while disagreement grows over what such legislation should include.
https://www.politico.com/news/2021/06/01/washington-plan-protect-american-data-silicon-valley-491405
 
This is how attackers bypass Microsoft's AMSI anti-malware scanning protection
Microsoft's security solution is a barrier that today's Windows malware developers often try to circumvent -- either by methods such as obfuscation, steganography, or by preventing a file from being scanned and detected as malicious in initial attack stages.
https://www.zdnet.com/article/this-is-how-attackers-bypass-microsoft-antimalware-scan-software-amsi/
 
SolarWinds hackers using NativeZone backdoor against 24 countries
Microsoft has disclosed that the SolarWinds hackers or SolarWinds supply chain attack-fame threat actors are back in action. This time, they are targeting government agencies, consultants, think tanks, and non-governmental organizations across 24 countries. [...] According to Microsoft’s Corporate VP for Customer Security and Trust, Tom Burt, the latest wave of attacks has affected 150 different organizations and targeted approx. 3,000 email accounts.
https://www.hackread.com/solarwinds-hackers-return-nativezone-backdoor/
 
For the advancement of theft: Black hat cons issue call for papers as part of criminal forum
The entry period just ended for a Russian criminal hacker forum’s call for papers to advance the science of stealing, with the best submissions receiving cash prizes. [...] The contest initially offered $100,000 to the winners, though a forum member added an additional $15,000 to the prize pool. Entries closed mid May.
https://www.scmagazine.com/home/security-news/cybercrime/black-hat-cons-issue-call-for-papers-as-part-of-criminal-forum/
 
Your future sex robot could be hacked and programmed to murder you
At the moment, the technology behind sex cyborgs is rather primitive, but there’s no telling what the future could hold. If we reach a point where such robots are capable of lifelike movements — and their “brains” can be tweaked via software updates — it’s certainly not out of the realm of possibility that “death by sex robot” ends up on some unfortunate soul’s tombstone.
https://bgr.com/lifestyle/sex-robot-hack-security-cyborg-5589262/

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of Critical Insight Inc, DBA CI Security.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2021 CI Security. All rights reserved.


 

CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 


We host NEVER BORING free security awareness training 
 every other Friday.
Register and/or send your colleagues and friends. Let's educate users together! 

Add this Email to Your Address Book





unsubscribe