All Articles by Jack Hall
Kaspersky Reports on Evolving Threat Landscape of Industrial Control Systems
The Russian multinational cybersecurity company Kaspersky released it's analysis of the “Threat Landscape for Industrial Automation Systems” for the first half of 2021, based on statistics gleaned from it's antivirus software deployed on industrial control systems computers such as SCADA servers and process data historians. Kaspersky claims that: • 33% of ICS computers with it's software blocked objects in the first half of 2021 -- down from a high of 41% in 2018. • Kaspersky products deployed in building automation systems were the most likely to have blocked an object • The largest class of blocked objects were requests to access suspicious Internet resources The report provides useful data in assessing a variety of risks faced by industrial control systems throughout the world.
CISA Announces November as Infrastructure Security Month
The Cybersecurity and Infrastructure Security Agency (CISA) announced that it had designated November as Infrastructure Security Month. Each week CISA will emphasize a significant aspect of infrastructure security, and release free guidance and awareness materials [1]. Weekly topics will be: * Interconnected and Interdependent Critical Infrastructure: Shared risk means building in shared responsibility. * Plan for Soft Target Security: Build in security for mass gatherings starting with your planning. * Build Resilience into Critical Infrastructure. * Secure our Elections: Build resilience into our democratic processes [2].
CISA Helps Organizations Plan for Emergency Response Situations
The Cybersecurity and Infrastructure Security Agency (CISA) held a training to help the Chevron Salt Lake Refinery, along with other local partners around the state [1]. The training reviewed CISA’s Tabletop Exercise Package (CTEP), which would help businesses protect themselves from incidents, as well as establish a solid emergency response plan. CTEP includes the following things: • Overview • Background • Resource Access • Scenarios • Program Materials o Exercise Planner Guidance o Exercise Design Templates • Impact and Resilience • Access to HSIN-CI [2]. We recommend those involved in the critical infrastructure sector be active in training events like CISA’s. Trainings and exercise packages could help an organization develop and improve policies and procedures.
Mandiant Releases Information About UNC2190 Ransomware Group
Mandiant released details about the UNC2190 ransomware group, also called Sabbath, Arcane, or Eruption. UNC2190 has been targeting critical infrastructure in both the US and Canada. Targeted sectors include health, education, and natural resources. This threat actor uses a complex extortion model where ransomware deployments are limited, but data is stolen in large amounts as they actively try to destroy backups [1]. We recommend that critical infrastructure sectors continuously backup their data and exercise incident response plans. For more information on contingency planning, refer to NIST SP 800-34 [2].