Cybersecurity

Ransomware attacks have ubiquitous relevance for all organizations, regardless of targeting set/victimology or targeted system (IT or OT) of the attributed ransomware group/family for any given incident. For every cyber threat group that claims they don’t target particular sectors or types of organizations, there are many more groups that do not espouse similar tenets. For example, while Darkside proclaims to only support targeting high-value victims capable of paying outrageous demands, many other ransomware groups are indiscriminate and opportunistic and project no such illusion.

Given cross-sector dependencies with electric utilities, many water and wastewater utilities are familiar with the North American Electric Reliability Corporation (NERC) and its Critical Infrastructure Protection (CIP) Reliability Standards. Some larger and more resourced water and wastewater utilities reference NERC CIP standards as they are applicable to many cybersecurity practices.

The Cybersecurity and Infrastructure Security Agency (CISA) has released an analysis report and malware analysis report of the FiveHands ransomware, which it reports was used in a a recent, successful cyberattack against an organization. These reports provide analysis of the threat actor’s tactics, techniques, and procedures as well as indicators of compromise (IOCs).  They also provide CISA’s recommended mitigations for strengthening networks to protect against, detect, and respond to potential FiveHands ransomware attacks.

In a heroic feat to maintain operations at a record-setting pace, countless IT and security teams rushed to provide accommodations for a new remote workforce leaving the office behind over one year ago. As we begin inhabiting those abandoned buildings there are bound to be some ghosts lurking around the office due to unintentional oversights when we left. If IT and security staff haven’t been on the premises during the past year, now is a good time to exorcise those ghosts before the masses return.