Dragos Year in Review Webinars
ICS security company Dragos has announced a series of upcoming webinars on recent annual reports it issued.
Cybersecurity
Annual IBM Threat Intelligence Report Finds More than Half of Cyber Criminal Attacks Pivot Away from Ransomware and Towards Cryptojacking and BEC Campaigns
In its just released X-Force Threat Intelligence Index, IBM summarizes the most prominent threats raised by its research teams from over the past year Some of the major shifts IBM observed include decreased reliance on malware, and on ransomware in particular, and increased numbers of cryptojacking attacks - the illegal use of an organization's or individual's computing power without their knowledge to mine cryptocurrencies - and business email compromise (BEC) scams.
Dragos Offers Its Perspectives on ICS Security, State of Cybersecurity in the Water Sector
In a recent article, threat analysts from Dragos respond to a series of questions they received from members of the information security and IT communities on the topic of industrial control systems (ICS) security. The analysts answered questions about the differences between IT and OT security operations skill sets, how to scan ICS environments during assessments, and the ICS threats that keep them up at night, among others.
Hacked? Unplug Networks, Not Power
An article from F-Secure cautions cyber attack victims from following the natural urge to turn machines off and then on. Killing the power wipes out any data stored on the RAM, which in invaluable to investigators. “Turning off the computer is like destroying evidence – evidence that can help uncover who the attackers are and what they’ve done,” says Janne Kauhanen, a member of F-Secure’s Cyber Security Services team. Instead, F-Secure recommends disconnecting all networks, including Ethernet, Wi-Fi, Bluetooth, NFC, and Mobile Data Network connections.
Mobile Device Security Guidance from NIST
The National Institute of Standards and Technology has released Special Publication 1800-5, Mobile Device Security Cloud and Hybrid Builds, a guide for how organizations can secure mobile devices used for work. As observed by the guidance, while mobile devices like smartphones and tablets have enabled employees to do their jobs more effectively and efficiently, the security controls that go along with them have not kept pace with the risks they can introduce.
Poor Password Practice – Some Utilities Use Service that Sends Passwords in Plain Text
After a concerted attempt at responsible disclosure to the vendor who designed his power company’s website, an anonymous security researcher shares his September 2018 discovery of poor password practices. According to ArsTechnica, the researcher reached out to SEDC, an Atlanta firm that provides utility software solutions, after the troubling discovery that his power company’s website was sending plain-text passwords in-lieu of a reset for forgotten credentials.
Password Manager Flaws Can Expose Data on Compromised Devices
Researchers at Independent Security Evaluators (ISE) examined five popular password managers and found that for each it was possible to extract “trivial secrets” from a locked password manager, which sometimes included the master password. Assessing the underlying functionality of 1Password, Dashlane, KeePass and LastPass on Windows 10, the researchers discovered that in some cases the master password could be found in plaintext in the computer’s memory when the password manager was locked and that they could extract the master password using standard memory forensics.
Siegeware: When Criminals Take Over Your Smart Building
A cybersecurity researcher presents a scenario for the employment of “siegeware,” whereby an adversary holds a building for ransom by hacking into the software that controls its functionality, including room temperature, door locks, and alarms. According to the researcher, this is not an imaginary scenario, as he claims to have met someone who was the victim of a siegeware attack. When the person’s company refused to pay the attackers, its use of the targeted building was disrupted. And in his further investigations, the researcher discovered other similar incidents involving siegeware.
Cyber Adversaries Increasingly Using Malware to Destroy Business Operations, according to Symantec’s Annual Report
Cybersecurity company Symantec has just released its Internet Security Threat Report for 2019, which analyzes data captured by Symantec’s global network of 123 million attack sensors. Among other highlights, the report observes that nearly one in ten targeted attack groups now use malware to destroy and disrupt business operations, a 25 percent increase from the previous year.
Horner Automation Cscape (ICSA-19-050-03)
The NCCIC has published an advisory on an improper input validation vulnerability in Horner Automation Cscape. Versions 9.80 SP4 and and prior are affected. Successful exploitation of this vulnerability could crash the device being accessed, which may allow the attacker to read confidential information and remotely execute arbitrary code. Horner Automation recommends affected users update to the latest version of Cscape (Version 9.90). The NCCIC also advises on a series of mitigating measures for these vulnerabilities.
Pages
