DHS Provides Details on Russian Intrusion into U.S Grid
The Department of Homeland Security hosted a webinar series in late July to describe a multistage Russian cyber intrusion into the U.S. electric grid. The webinar was based on US-CERT Alert TA18-074, which described details about ongoing Russian intrusions into U.S critical infrastructure. While not providing specific company names, DHS did provide significant details on the tactics, techniques, and procedures (TTP) used by Russian hackers. In a classic case of computer network espionage, the hackers patiently and methodically performed reconnaissance on major power supply companies and their vendors. They then gained access to several vendors, described by DHS as “staging targets,” and established an operational infrastructure on two vendor networks. After harvesting credentials from unwitting vendors, the hackers used the trust relationships between the vendors and their customers to get to the “intended targets:” companies in areas of power generation, transmission, and distribution. Once in the networks of these companies, the hackers used more stolen credentials to get past firewalls protecting industrial control systems and into the actual control systems. At that point, they stopped. But they could easily have activated operational controls on power generators or other systems. It was a very stealthy and sophisticated operation and indicates just how vulnerable the U.S. grid can be to a smart and determined attacker. DHS/NCCIC/US-CERT alert TA-18-074A
Supply Chains Pose Biggest Corporate Threat
A new study by Crowd Strike found that 80% of corporate respondents to a survey believe that the biggest cyber threats they will face in the coming year is via corporate supply chains. Two-thirds of respondents experienced a cyber attack via a supply chain in the past year, raising alarms and concern for corporate executives. The report also found that supply chain attacks cost U.S. companies on average about $1.27 million. U.S. companies were able to resolve supply chain attacks within 22 hours, ahead of the global average, according to Crowd Strike. Tech Republic, 23 July 2018
India Spends More on Cybersecurity in Response to Increased Data Breaches
A recent survey report notes that India is second only to Sweden in terms of data breaches although India spends more on cybersecurity than any other country. The global survey, published by Thales eSecurity, included responses from over 100 IT security managers in India. 93% of the respondents planned increases in cybersecurity spending, much higher than the global average of 78%. The spending increase is driven by an upsurge in data breaches, with more than half of the survey respondents reported a successful breach in the past year. However, the report notes that new spending is mostly planned for endpoint and mobile defenses; data protection is among the lowest priorities noted by over half the survey respondents in India. Thales 2018 Data Threat Report
Corporate Email Security Woes Start with C-Suite
Mimecast published a report on “The State of Email Security” that paints an unflattering picture of email security in many corporations. Lack of attention to common cyber threats like phishing, social engineering, and ransomware leads to many corporate cyber attacks. In addition, insider threats including careless employees, compromised accounts, or malicious employees have also increased. Many corporations point to careless C-Suite executives who send sensitive emails to the wrong person, respond to spearphishing attacks, or fall prey to other basic techniques that indicate poor cyber hygiene. While employee training is often cited as the best defense against email attacks, Mimecast points out that many corporate executives believe that their IT departments should handle email security and that it is not something senior executives should have to worry about, setting the tone for the organization’s overall approach to email security. Mimecast
Prisoners Pad Their Accounts with Stolen Credit
More than 350 Idaho prison inmates hacked into the JPay network and added more than $225,000 in credit to their accounts. JPay is a service that provides tablets to prisoners in state and federal institutions. For a fee, prisoners can email loved ones, buy music, or play games, although they can’t use JPay to connect to the Internet. The enterprising prisoners hacked into the JPay data base and added credit to their accounts. Fifty prisoners added at least $1,000 each, one added $10,000. Idaho corrections authorities and JPay were not amused. Prisoners were issued reprimands and lost privileges, and they cannot use any JPay for anything other than email until they return the stolen credits. Help Net Security, 30 July 2018
Return to our HOME PAGE
