16th Annual National Cybersecurity Awareness Month – Own IT. Secure IT. Protect IT.
October is not just for pumpkin spice. For the 16th year in a row, October is recognized as National Cybersecurity Awareness Month (NCSAM).
Cybersecurity
Centralized Incident Response System Set Up in Advance Credited for Texas’ Recovery After Ransomware Attack
Despite the ransomware attacks in Texas representing the largest coordinated attack on government entities, the cooperation of federal, state, and local resources characterizes effective incident response – an effective and efficient response that would have never been possible if the system was not set up in advance. An article posted in HSToday, What Incident Responders Can Learn from the Lilu Ransomware Attacks on Texas Government Entities, covers valuable lessons learned from the attacks on 16 August 2019.
Disruptionware – A Cyber-Physical Threat to Operational Technology Environments
A new collaborative report between cybersecurity firm Forescout and cybersecurity think tank Institute for Critical Infrastructure Technology (ICIT) explores what they are coining “disruptionware” – a category of cyber attack methods using unsophisticated, IT-based commodity malware that can be devastating to critical infrastructure firms. The most widespread form of disruptionware is ransomware.
Threat Update – Government and Utility Payment Portal Click2Gov Targeted Again
Researchers with dark web intelligence firm Gemini Advisory discovered a new campaign targeting Click2Gov. Click2Gov is a web-based, interactive self-service bill-pay software solution developed by Superion. It includes various modules that allow users to pay bills associated with local government services, including utilities.
Threat Update – LookBack RAT Still Targeting U.S. Utilities
As WaterISAC shared in its August 6 Security and Resilience Update, the LookBack remote access trojan has a penchant for targeting U.S. utilities. Likewise, WaterISAC is aware of at least one member utility that received an email consistent with activity described in the LookBack campaign. The email purported to be from a state water sector association, Florida Rural Water Association (FRWA).
Security Awareness – Emotet Uses Snowden’s New Book as a Current Lure
As WaterISAC shared in its September 17 Security and Resilience Update, Emotet has resumed spear phishing activity. Specifically, last week Emotet was observed using similar tactics from late spring 2019 by hijacking old email threads designed as invoices. This week it adds a different tactic to its arsenal of lures – NSA whistleblower Edward Snowden’s new book, Permanent Record.
Microsoft Releases Out-of-Band Security Updates for IE 11 and Microsoft Defender
Microsoft has released security updates to address vulnerabilities in Internet Explorer 11 and Microsoft Defender. The updates include a cumulative security update for Internet Explorer. A remote attacker could exploit these vulnerabilities to take control of an affected system.
New CISA Insights Products Available
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published four new documents on its CISA Insights page. Each product provides a description of the threat, lessons learned, recommendations, and additional relevant resources. The new products are:
Another Installment of 15 Cybersecurity Fundamentals Revisited – Cyber Incident Response Planning
Developing plans for how utilities will respond to cyber incidents is critical for quick recovery and restoration from such events. An effective cyber incident response (IR) plan will limit damage and reduce recovery time and costs. Most importantly, the IR plan needs to be in place and tested before a cyber incident occurs; nonetheless, research reveals cyber incident response plans are still largely ineffective.
15 Cybersecurity Fundamentals Revisited – Advanced Training for Technical Staff & Practice Makes Proficient
Awareness training is a key organizational risk strategy component to create and maintain a culture of cybersecurity, all personnel should receive regular, ongoing cybersecurity awareness training. Likewise, technical IT and OT personnel should participate in advanced training, and include red team/blue team exercises to practice and reinforce cybersecurity defense concepts and strategies.
Pages
