Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 2-10-2021

Urgent Panel Discussion TODAY: Water System Breach
Thanks to the 100 of you who have already signed up! 
The breach of a water treatment plant in the Tampa Bay Area raises question about how the attacker got in and whether there will be copycat attacks. Join a panel of InfoSec experts (including me) who have been working with water districts for years and warning of just these types of attacks. The panel will discuss:

  • What we know and its implications
  • Using the AWIA “Emergency Response Plan” to mitigate potential risks and improve situational awareness.
Security gaps in operational tech exposed with hacker attempt to poison Florida city water
“Other compromises of industrial control or ‘SCADA’ systems have manipulated the status screens of the human machine interface, showing that everything was operating normally,” said Hamilton. “The fact that this wasn’t done here is suggestive of a crime of opportunity,” by less sophisticated actors.
Healthcare Breach Report Out Today
Reports of healthcare breaches were up significantly in the second half of 2020. We hated to be right about it, but Drex DeFord and Mike Hamilton predicted the rise. The criminals also went after some different targets so that they could steal more records. We spent weeks combing through the data to better understand the trends. You can download a copy of the Healthcare Breach Report here:
Health CISO Shares Security Strategies for Ransomware, Enterprise Risks
“You really have to make sure you have a good understanding of your internal processes to be able to develop controls that prevent these issues,” he continued. “These good control processes are to make sure you minimize the damage caused by an insider threat by preventing the insider threat from happening in the first place.”
COVID-19-Themed Attacks are Wake-Up Call in Healthcare
[From] emails with malicious attachments to phishing and targeted attacks. The latter involved advanced persistent threat (APT) actors such as Lazarus and Transparent Tribe, which we observed using COVID-19-themed lures to target their victims. Kimsuky, APT27, and others did the same, according to open-source intelligence. These types of threats will remain for as long as the pandemic lasts.
Pharma Cybersecurity Challenges: A Holistic Prescription
The effect of such breaches goes beyond the direct damage from lost data, it also affects the company valuation, erodes patient and consumer trust, resulting in regulatory fines and overall operational disruption. Individuals need to have trust in the pharmaceutical industry to secure their health data, so when these attacks happen, reputation is one of the main aspects that can become tarnished.
Why Boards Will Require Cybersecurity Scrutiny During Financial Audits in 2021 and Beyond
[The] Public Company Accounting Oversight Board (PCAOB) issued a report that suggested while most auditors tried to quantify a financial impact after a breach, they didn’t expand to determine if there were risks of material misstatement. Similarly, the PCAOB suggested auditors didn’t go far enough to assess what types of deficiencies were related to internal controls over financial reporting. The bottom line: organizations aren’t doing enough to determine the risks cybersecurity vulnerabilities create.
Mind the Gap: 3 Ways Corporate Directors Can Improve Their Cyber Fluency
CISOs are often the last item on the agenda, resulting in the proverbial “mad dash” to address even the basic information. How to allocate more time to cybersecurity when meeting agendas are tight? One CISO said the board’s audit committee has invited him to quarterly meetings to educate its members in-depth on cyber topics.
New risks threaten defense industry's cybersecurity, report claims
"American industry faces persistent, increasing threats of intellectual property theft, economic espionage, cybercrime, and other forms of attacks," the report states. Additionally, the drop in an already low score is part of "larger trends in the erosion of industrial cybersecurity despite increasing attention and resources being dedicated to combating the threat."
Cybersecurity experts fear SolarWinds' hack leads to larger attack on unprepared U.S.
“One of the things that we really have to pay attention to is what I call the security of the security systems — sometimes people who make security tools don’t spend as much time protecting their own tool as they should,” Mr. Crowell said. “We’re going to have to double down on how we test cybersecurity software and hardware because it’s part of the kill chain, it can be part of how a system gets attacked.”
Installed Chinese-made transformers can impact the grid today
As mentioned in a previous blog, a pharmaceutical facility had a shadow backdoor network installed in Chinese-made equipment to exfiltrate data and possibly to cause physical impacts. There is also the 5G issue that have led many countries to exclude ZTE and Huawei from their infrastructure. Prudence dictates we take a hard look at Chinese-manufactured equipment not only for the grid but also in other critical sectors.
CISA and CYBER.ORG Partner to Deliver Cyber Safety Video Series
The video series currently includes five videos that provide easy to understand cybersecurity concepts, with more videos to be released in the coming months. In conjunction with CISA’s ransomware awareness campaign, the newest addition to this series provides tips to avoid becoming a victim of a ransomware attack.
Government’s Supply-Chain Vulnerabilities — and What to Do About Them
  • Map your supply chain and identify high-priority vendors most critical to your organization's ability to function.
  • Identify sub-tier suppliers whose critical IT components or software are embedded in your systems.
  • Create diversity in your supply chain so you don't have any single-point-of-failure vendors.
  • Know, without a doubt, what information systems your vendors can access via your own networks.
North Korean hackers stole more than $300 million to pay for nuclear weapons, says confidential UN report
The document accused the regime of leader Kim Jong Un of conducting "operations against financial institutions and virtual currency exchange houses" to pay for weapons and keep North Korea's struggling economy afloat. One unnamed country that is a member of the UN claimed the hackers stole virtual assets worth $316.4 million dollars between 2019 and November 2020, according to the document.
Beijing blocks access to Clubhouse app after surge in user numbers
The invitation-only US app, which only works on iPhones and was released in April 2020, allows users to listen in to discussions and interviews in quasi conference-call style online rooms. It suddenly became popular last week – particularly in China, where people seized the opportunity to discuss taboo topics including Taiwan, Hong Kong, and the persecution of Uighurs.
Attackers Exploit Critical Adobe Flaw to Target Windows Users
The vulnerability (CVE-2021-21017) has been exploited in “limited attacks,” according to Adobe’s Tuesday advisory, part of its regularly scheduled February updates. The flaw in question is a critical-severity heap-based buffer overflow flaw.
Zero-days under active exploit are keeping Windows users busy
The simultaneous patching of CVE-2021-21017 and CVE-2021-1732 and their nexus to Windows raise the distinct possibility that in-the-wild attacks are combining exploits for the two vulnerabilities. Neither Microsoft nor Adobe has provided details that confirm this speculation, however.
Ransomware Demands Spike 320%, Payments Rise
Of the 75 percent of companies which responded to the State of the Phish report saying they were infected by ransomware, more than half decided to pay the ransom to get their data back, Proofpoint said. Of that half who paid, only 60 percent were given back access to their data. The other 40 percent were hit with additional ransom demands, which is up 320 percent over last year.
Ukrainian Police Arrest Author of World's Largest Phishing Service U-Admin
More than 200 active buyers of malicious software have been identified, Ukrainian officials said. U-Admin allowed customers to exfiltrate data entered by victims on compromised websites by injecting malicious code into the browser. The crimeware platform's info-stealing capabilities also extended to capturing two-factor authentication codes.
‘Quad’ nations sign up for meta think-tank to advance ‘Techno-Democratic Statecraft’
As explained at a launch event today, the Quad Tech Network aims to provide “regional Track 2 research and public dialogue on cyber and critical technology issues.” That’s diplo-speak for encouraging think tanks and universities to work on research and policy ideas in the hope that policymakers pay attention.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book