Cybersecurity

A recent sensational headline states that “3.2 billion leaked passwords contain 1.5 million records with government emails,” is indeed notable. However, this is not a new development, nor are these newly leaked credentials. This 100GB “database” was published for free this February in an online cybercrime forum. Dubbed “COMB,” or “Compilation of Many Breaches,” this data set is composed of multiple leaks and breaches across different companies that have occurred over the years.

Cybersecurity firm Trend Micro has disclosed that a threat actor began using a vulnerability in its antivirus products to gain admin rights on Windows systems as part of its attacks. The vulnerability, tracked as CVE-2020-24557, affects the company’s Apex One and OfficeScan XG, two advanced security products aimed at enterprise customers. The vulnerability was discovered last year and patched, but Trend Micro said it learned of incidents where this same bug was weaponized to attack some of its customers.

A large energy supplier in New England, Eversource, has reported it suffered a data breach due to customers' personal information, including names, social security numbers, and more, being left exposed on an unsecured cloud server. The company discovered the breach during a security review in mid-March, when it found a cloud data storage folder that was misconfigured so that anyone could access its contents. Eversource immediately secured the folder and has stated that there is no indication that any of the data was acquired or misused by unauthorized people.

It is certainly not impossible to maintain an air gapped control system network, but all too often risk assessments and penetration tests reveal they are a dying breed. Likewise, numerous case studies and research into ICS-focused adversaries reveal many threat groups leveraging IT exploits to traverse into the OT network. Both scenarios confirm the fact that OT and IT cybersecurity need each other for a holistic security posture.