Spring4Shell patching is going slow but risk not comparable to Log4Shell

Read Time:41 Second

Businesses have been at work since last week investigating whether their applications or third-party software products are vulnerable to Spring4Shell, a critical remote code execution (RCE) vulnerability impacting Spring Framework, one of the most popular development frameworks for Java applications. While exploitation attempts have already been observed in the wild, the rate at which developers are updating their Spring instances appears to be slow going.

According to Sonatype, the company that maintains Maven Central, the biggest repository of Java components and libraries, 80% of Spring downloads since March 31 when the flaw was confirmed have continued to be for vulnerable versions of the framework. Maven Central integrates with many development tools, so the data suggests that developers are not in a rush to upgrade their Spring instances.

To read this article in full, please click here

Read More

Cold Wallets, Hot Wallets: The Basics of Storing Your Crypto Securely

Read Time:9 Minute, 46 Second

If you’re thinking about crypto, one of the first things you’ll want to do is get yourself a good wallet.  

Topping the several important things a new cryptocurrency investor needs to think about is security. Rightfully so. Cryptocurrency is indeed subject to all kinds of fraud, theft, and phishing attacks, just like the credentials and accounts we keep online.  

But here’s the catch. Lost or stolen cryptocurrency is terrifically difficult to recover. By and large, it doesn’t enjoy the same protections and regulations as traditional currency and financial transactions. For example, you can always call your bank or credit card company to report theft or contest a fraudulent charge. Not the case with crypto. With that, you’ll absolutely need a safe place to secure it. Likewise, in the U.S. many banks are FDIC insured, which protects depositors if the bank fails. Again, not so with crypto. 

So, when it comes to cryptocurrency, security is everything. 

What makes crypto so attractive to hackers? 

Cryptocurrency theft offers hackers an immediate payoff. It’s altogether different from, say, hacking the database of a Fortune 500 company. With a data breach, a hacker may round up armloads of personal data and information, yet it takes additional steps for them to translate those stolen records into money. With cryptocurrency theft, the dollars shift from the victim to the crook in milliseconds. It’s like digital pickpocketing. As you can guess, that makes cryptocurrency a big target. 

And that’s where your wallet will come in, a place where you store the digital credentials associated with the cryptocurrency you own. The issue is doing it securely. Let’s take a look at the different wallets out there and then talk about how you can secure them. 

Hot wallets and cold wallets for crypto 

Broadly, there are two general categories of wallets. First, let’s look at what these wallets store. 

A wallet contains public and private “keys” that are used to conduct transactions. The public key often takes the form of an address, one that anyone can see and then use to send cryptocurrency. The private key is exactly that. Highly complex and taking many forms that range from multi-word phrases to strings of code, it’s your unique key that proves your ownership of your cryptocurrency and that allows you to spend and send crypto. Needless to say, never share your private key.  

With that, there are two ways to store your keys—in a hot wallet or a cold wallet. 

 

Hot Wallets: 

 

These wallets store cryptocurrency on internet-connected devices—often a smartphone, but also on computers and tablets—all of which allow the holder to access and make transactions quickly. 

 

Think of a hot wallet as a checking account, where you keep a smaller amount of money available for day-to-day spending, yet less securely than a cold wallet because it’s online. 

  

Cold Wallets: 

 

These wallets store cryptocurrency in places not connected to the internet, which can include a hard drive, USB stick, paper wallet (keys printed on paper), or physical coins. 

 

Think of the cold wallet like a savings account, or cold storage if you like. This is where to store large amounts of cryptocurrency more securely because it’s not connected to the internet. 

Hot wallets for cryptocurrency 

As you can see, the benefit of a hot wallet is that you can load it up with cryptocurrency, ready for spending. However, it’s the riskiest place to store cryptocurrency because it’s connected to the internet, making it a target for hacks and attacks.  

In addition to that, a hot wallet is connected to a cryptocurrency exchange, which makes the transfer of cryptocurrencies possible. The issue with that is all cryptocurrency exchanges are not created equal, particularly when it comes to security. Some of the lesser-established exchanges may not utilize strong protocols, likely making a target for attack. Even the more established and trusted exchanges have fallen victim to attacks—where crooks have walked away with millions or even hundreds of millions of dollars 

Cold wallets for cryptocurrency 

While the funds in cold wallets are far less liquid, they’re far more secure because they’re not connected to the internet. In this way, cold wallets are more vault-like and suitable for long-term storage of larger sums of funds. But cold wallets place a great deal of responsibility on the holder. They must be stored in a physically secure place, and be backed up, because if you lose that one device or printout that contains your cryptocurrency info, you lose the cryptocurrency altogether. Within the cold wallet category, there are a few different types: 

1. Purpose-built cryptocurrency storage devices 

Several manufacturers make storage devices specifically designed to store cryptocurrency, complete with specific features for security, durability, and compatibility with many (yet not always all) of the different cryptocurrencies on the market. An online search will turn up several options, so doing your homework here will be very important—such as which devices have the best track record for security, which devices are the most reliable overall, and which ones are compatible with the crypto you wish to keep.  

2. Hard drives on a computer or laptop 

Storing cryptocurrency information on a computer or laptop that’s disconnected from the internet (also known as “air-gapped”) is a storage method that’s been in place for some time. However, because computers and laptops are complex devices, they may be less secure than a simpler, purpose-built cryptocurrency device. In short, there are more ways to compromise a computer or laptop with malware that a determined hacker can use to steal information in some rather surprising ways. (Like noise from a compromised computer fan passing information in a sort of Morse Code or generating electromagnetic signals on a compromised computer that nearby devices can use to skim information.) 

3. Paper wallets 

Ah, good old paper. Write down a code and keep it secure. Simple, right? In truth, creating a paper wallet can be one of the most involved methods of all the cold storage options out there. Bitcoin offers a step-by-step walkthrough of the process that you can see for yourself. Once done, though, you’ll have a piece of paper with a public address for loading cryptocurrency into your paper cold wallet, along with a private key. One note: Bitcoin and others recommend never reusing a paper cold wallet once it’s connected to a hot wallet. You should go through the process of creating a new cold paper wallet each time.  

4. Physical coins for cryptocurrency 

Physical coins are a special case and are relatively new on the scene. They’re a physical coin minted with a tamper-resistant sticker that indicates the actual value of the coin. Like other methods of cold wallet storage, this calls for keeping it in a safe place, because it’s pretty much like a wad of cash. And like cash, if it’s stolen, it’s gone for good. Also note that a cryptocurrency holder must work with a third party to mint and deliver the coin, which has its own costs and risks involved. 

Securing your cryptocurrency wallet 

With that look at wallets, let’s see what it takes to secure them. It may seem like there’s plenty to do here. That’s because there is, which goes to show just how much responsibility falls on the shoulders of the cryptocurrency holder. Of course, this is your money we’re talking about, so let’s dive into the details. 

1. Back up your wallet

Whatever form your storage takes, back it up. And back it up again. Cryptocurrency holders should make multiple copies just in case one is lost, destroyed, or otherwise inaccessible. For example, one story that’s made the rounds is of a IT engineer in the UK who accidentally threw away an old hard drive with his cryptocurrency key on it, one that held 7,500 bitcoins, worth millions of dollars. Redundancy is key. Back up the entire wallet right away and then often after that. 

2. Store your wallet(s) securely

With redundant backups in place, store them in places that are physically secure. It’s not uncommon for crypto holders to use fireproof safes and safe deposit boxes at banks for this purpose, which only highlights the earlier point that a wallet is as good as cash in many ways. 

3. Use online protection software

This will help prevent malware from stealing crypto, whether or not your device is connected to the internet. Comprehensive online protection software will give you plenty of other benefits as well, including identity theft monitoring and strong password management, two things that can help you protect your investments, and yourself, even further. 

4. Update your operating system, apps, and devices

Updates often address security issues, ones that hackers will of course try to exploit. Keep everything current and set automatic updates wherever they are available so that you have the latest and greatest. 

5. Make use of multi-factor authentication (MFA) where possible

Just as your bank and other financial accounts offer MFA, do the same here with your crypto. Some extra security-conscious crypto investors will purchase a device for this specific purpose for yet greater protection, such as a separate phone with texting capability. This keeps their crypto transactions separate from the multitude of other things they do on their everyday smartphone, effectively putting up a wall between these two different digital worlds.  

6. Keep your investments to yourself

 Two things fall under this category. One, the less you say about the crypto investments you make, the less word gets around, which can help keep hackers out of the loop. Particularly on social media! Two, consider setting up a unique email account that you only use for crypto. The less you associate your crypto accounts with other financial accounts like your banking and online payment apps, the more difficult it is to compromise several accounts in one fell swoop.  

7. Watch out for phishing scams

Just like hackers send phishing emails with an eye on accessing your bank accounts, credit cards, and so on, they’ll do much the same to get at your crypto accounts. The target may be different, that being your crypto, but the attack is very much the same. An email will direct you to a hacker’s website, using some sort of phony pretense, get-rich-quick-scheme, or scare tactic. Once there, they’ll ask for private key information and then simply steal the funds. And it’s not just email. Hackers have used online ads to phish for victims as well. 

Crypto: security is on you 

As you can see, these security measures rely almost exclusively on you. If something happens to you, that could make recovering your funds a real problem. Consider reaching out to someone you trust and let them know where you’re storing your wallets and information. That way, you’ll have some assistance ready in the event of an emergency or issue. 

The very things that define cryptocurrency—the anonymity of ownership, the lack of banking institutions, the light or non-existent regulation—all have major security implications. Add in the fact that you’re your own safety net here and it’s easy to see that crypto is something that requires plenty of planning and careful through before diving into. Getting knowledgeable about security, how you’ll protect your crypto, should absolutely top your list before investing.  

The post Cold Wallets, Hot Wallets: The Basics of Storing Your Crypto Securely appeared first on McAfee Blog.

Read More

Lock Down & Level Up: Protect Your Online Gaming from Hackers

Read Time:9 Minute, 34 Second

As a gamer, you love the stuff you’ve racked up over the years—that rare Fortnite skin from six seasons ago, a complete set of Tier 20 armor in World of Warcraft, or a Steam account loaded with your favorite titles. Hackers love it too. Because they can make money off it. 

Hackers have been stealing and reselling online gaming accounts for some time now. Yet the recent 400 percent rise in online gaming theft shouldn’t come as a surprise, particularly as so many of us turned to games for entertainment lately. As people leveled up, gathered loot, and filled their libraries with games in the cloud, hackers saw the opportunity.  

The opportunity is this: gaming accounts have a street value. The virtual items and perks we acquire through gaming take time, effort, participation, and sometimes just good luck to build up. In a way, we’ve worked hard to earn our fun. Meanwhile, others out there are willing to take a shortcut. There are those who’ll pay for a well-stocked gaming account that someone else has built up, and hackers are more than willing to hijack accounts from innocent victims and sell them online. 

Put simply, the virtual goods in your gaming accounts are like any other good. They have value. And just like anything else you value, they’re worth protecting. That’s exactly what we’ll help you do here.  

Sanctioned markets, gray markets, and dark markets: Where gaming goods are sold 

First up, let’s take a quick look at the different ways digital goods get moved and sold out there—just to get a sense of the marketplaces that have cropped up around gaming and where hackers fit into the mix. 

And there are several. Over the years we’ve seen all kinds of gaming marketplaces crop up, whether they’re sanctioned marketplaces built inside of online games, gray marketplaces that exist outside of games, and dark marketplaces where stolen accounts and goods are exchanged. 

1. Sanctioned marketplaces 

As a gamer, you’re likely familiar with any number of sanctioned auction houses and marketplaces that are built right into online games, all designed and supported by the game’s developers. A classic example is the long-running auction house in World of Warcraft where players can buy and sell items with in-game currency, the World of Warcraft gold piece. And as marketplaces can go, the rarer and more coveted the item, the higher the price the seller can get for it. In fact, there are plenty of articles on how to play the markets for profit, in a quasi-stock market-like fashion, and all within the legitimate boundaries of the game.  

In recent years, we’ve also seen the rise of in-game currencies that players can purchase for cash, again by design and with the support of the developer. A couple of examples are the World of Warcraft Tokens and Minecraft tokens and coins. What you can do with such tokens and coins varies from game to game, yet players can use them to acquire in-game currency, items, or paid to play time. 

Increasingly common are in-game stores that allow players to purchase items and perks with cash, just like any other online store. Taken together with all the other ways a player can round up items in a game, it’s easy to see how a gamer’s account can grow into something somewhat unique and valuable over time, simply by playing and participating in the game. 

2. Gray market “boosters” and other services for cash 

With the time it takes for a player to level up a powerful character and acquire the items that can come along with it, there are out-of-game organizations that will, for a fee, do that work for a player in return for payment. Essentially it involves a player starting a gaming account, rolling up a character, and then handing over the account to a “booster” who will play the game on the owner’s behalf. When the agreed-upon level is reached, the booster hands back the character to the owner. 

Of course, there are all kinds of potential problems with this. Strictly from a security standpoint, this means an account owner is handing over their credentials to a stranger, with no real guarantee that this stranger simply won’t change the account password, never hand back the account, and simply walk away with any funds that may have been paid upfront. 

Further, “boosting” and other similar services may be against the user agreement the player signed when joining up for the game. For example, World of Warcraft recently updated its policy, stating that they now, 

[P]rohibit organizations who offer boosting, matchmaking, escrow, or other non-traditional services, including those offered for gold. World of Warcraft accounts found to be in violation of this policy are subject to account actions. These actions can include warnings, account suspensions and, if necessary, permanent closure of the disruptive World of Warcraft account(s).  

So while “boosting” services may not be illegal themselves, they can run counter to user agreements and may lead to cases of fraud when a booster service fails to fulfill its commitment or simply locks a player out of their own account. 

3. Dark market sale of stolen gaming accounts and goods 

Then there’s the theft and resale of online game accounts, clear examples of digital goods illegally changing hands. Stolen accounts make their way into dark web marketplaces and ads on chat platforms and social media, thanks to hackers who’ve cracked previously legitimate accounts and then packaged them up for sale. In some instances, cybercriminals will sell entire game collections, such as online gaming platform accounts where gamers may have purchased and have access to dozens and dozens of games stored in the cloud. 

The method behind this theft is much like a credit card or bank account hack. Often using credentials lifted from a data breach, hackers will take known usernames and passwords and feed them into a credential stuffing application—which can then attempt to access hundreds, even thousands, of accounts through automated login requests.  

Given that many users out there use the same passwords across their accounts makes them an easy target for this practice and can reap a large harvest of cracked accounts. From there, the account can be accessed, have its password changed, and then made ready for advertising and sale, where an account can be resold for a few dollars, or for potentially thousands depending on what the account contains.  

Protecting your online gaming account from getting hacked 

There’s plenty you can do. A few simple steps on your part can drop some serious roadblocks in the way of a hacker who’s looking to crack your account or target you for a scam. 

1. Passwords, passwords, passwords

Each of your accounts should have its own strong, unique password. No repeats. And if you have some sixty-plus accounts across all the shopping, banking, gaming, and forum posting you do, not to mention your apps, that sounds like a lot of work. Because it is. Although it doesn’t have to be. A password manager can do the work for you by creating and storing strong, unique passwords for you. 

2. News of a data breach? Change your password

Data breaches happen all the time now, striking businesses both large and small. If a business or organization where you have an online account gets breached, change your password right away. Related to the above, make sure the passwords across your other accounts are strong and unique. It’s not uncommon for hackers to try breaching passwords in other accounts, all in the hope that the victim is using the same or a similar password on other accounts as well. 

3. Multifactor your defense

Several gaming services offer multi-factor authentication (MFA) as a means of protecting accounts. In addition to requiring a username and password to log in, MFA further verifies account activity by sending a unique code to the email address or text to a device you own, which makes gaining illegal access that much tougher for hackers. Some gaming platforms even support an authentication app, such as the Battle.net Authenticator, offered by Blizzard. In all, the occasional extra clicks required by MFA can really save you some massive headaches by preventing theft. If you have MFA as an option, strongly consider using it. 

4. Don’t feed the phish  

Phishing attacks have made the jump from email to bogus ads on social media and in search too. In short, a phishing attack involves the hacker posing as a well-known company or organization with the intent of fooling you into providing your username and password. With that, they can drain your account, whether it’s money from your bank account or goods in your gaming account. Spotting phishing attacks can call for a sharp eye nowadays because some hackers can make the phishing emails and sites they use look like the real thing. Comprehensive online protection software will include web protection that can spot bogus links and sites and warn you away from them, even if they look legit. 

5. Watch out for “spearphishers”, too

Spearphishers are a special sort, in that they make more targeted attacks. While a phisher will send out an email blast or attempt to rope in a high volume of victims with an ad, a spearphisher will send a direct message to specific, potential victims. You may have seen or heard of this in massively multiplayer online games where an otherwise unknown player sends a message to another with a link to a website, complete with the promise of loot, in-game currency, or services to level up characters. Ignore and don’t visit that link. Chances are it’s a scammer, or at least someone who may be breaking the game’s user agreement by offering such services.  

6. Mods and malware

Whether you’re downloading a mod, an expansion, or a new game itself, go with a reputable online store or source. Hackers will drop malware into all kinds of files and applications, games included. Given that such malware could log keystrokes that steal login info, inject ransomware code to hold your device and data hostage, or simply wreak havoc on your files and things, it can have implications for more than just your gaming accounts and the virtual assets you have with them. 

Play defense 

Hackers know there’s good money in gaming accounts. They wouldn’t bother with them otherwise. Realizing that your gaming account has value is the first step to protecting it. 

In addition to taking the steps above, consider comprehensive online protection software. It offers defense in breadth and depth, covering everything from device security, privacy, and identity protection. However, if you want an even faster and safer gaming experience, gamer security is worth looking into. In addition to strong security features, it also offers performance-enhancing technologies that prioritize system resources and keep your gameplay going smooth. 

In all, keep in mind that gaming accounts are serious business for hackers. Put up your defenses. Then get out and enjoy yourself, knowing that you have made it far, far tougher for them to ruin your fun. 

The post Lock Down & Level Up: Protect Your Online Gaming from Hackers appeared first on McAfee Blog.

Read More

Borat RAT: New RAT with Ransomware Capability

Read Time:55 Second

FortiGuard Labs is aware of a report that a new Remote Access Trojan (RAT) called “Borat” is sold in underground forums. The RAT provides not only typical RAT capabilities such as keylogging, audio and webcam recording, and browser credential stealing to cybercriminals, but also offers file encryption and decryption capability as well as creating a ransom note on the victim’s machine.Why is this Significant?This is significant because Borat RAT not only enables cybercriminals to perform typical RAT activities but also provides ransomware capabilities as well.What Functionalities Does Borat RAT Provide?Borat RAT allows an attacker to perform the following activities:KeyloggingRansomware activities such as encrypting and decrypting files as well as creating a ransom note on the victim’s machineDistributed Denial of Service (DDoS)Audio and webcam recordingRemote desktopReverse proxySteals device infoProcess hollowingCredential stealingDiscord token stealingPlay audioSwap mouse buttonsHold mouseShow and hide the Desktop and the taskbarEnable and disable webcam lightHang systemTurn off the monitorDisplay blank screen What is the Status of Coverage?FortiGuard Labs provides the following AV coverage for Borat RAT:MSIL/Agent.CFQ!trMSIL/Keylogger.DUS!trMalicious_Behavior.SB

Read More

Securing Critical Infrastructure: It’s Complicated

Read Time:7 Minute, 4 Second

In his testimony before the U.S. House Committee on Homeland Security on April 5, Amit Yoran, Tenable’s chairman and CEO, highlighted real-world challenges and offered guidance on how government can help.

When leaders in government and the private sector speak about critical infrastructure, we tend to describe it as if it were one monolithic entity, funded equally and governed by the same set of rules and regulations. In the United States, the reality is far different.

Heterogeneity among critical infrastructure providers coupled with other factors, such as their prime appeal as targets for cybercriminals and the industry pressure to digitize their operations, make it a challenge to craft a consistent, unified and effective cybersecurity strategy for this sector. It’s a critical issue whose implications extend well beyond the technology realm, as cyber breaches of water treatment facilities, hospitals or power plants can have life-and-death consequences.

It’s an issue Tenable is deeply involved in. Amit Yoran, our CEO and chairman, testified before the U.S. House Committee on Homeland Security on April 5 during the “Hearing on Mobilizing our Cyber Defenses: Securing Critical Infrastructure Against Russian Cyber Threat.’’ Yoran’s testimony provided a comprehensive assessment of the challenges and offered concrete suggestions for improvements.

“Critical infrastructure providers have a duty of care, highlighted in turbulent times, to be responsible stewards of the services that are relied on by millions of Americans,” Yoran said.

Data reveals stark differences in cyber maturity

The Cybersecurity and Infrastructure Security Agency (CISA) has identified 16 critical infrastructure sectors in the U.S., including financial services, energy providers, healthcare, manufacturing, and water and wastewater treatment facilities. Some, like financial services organizations, are privately held, well-funded, for-profit entities, with no shortage of resources to hire the top cybersecurity talents and purchase best-of-breed technologies. Others, like energy and transportation providers, may run the gamut, with some privately operated, others publicly held, and some run as public-private partnerships, with wide variances in the level of funding and resources available to them. Still others, like water and wastewater treatment facilities, are run by local municipalities that often struggle to fund basic services, let alone find the resources to lure top cybersecurity professionals to their teams.

The level of cybersecurity preparedness amongst critical infrastructure providers is concerning. According to a report from the Center for Strategic and International Studies (CSIS) and Trellix— based on survey results from 800 IT decision makers from several countries around the world, including the United States — 9% of critical infrastructure operators don’t even have a cybersecurity strategy in place, despite the fact that 85% of respondents believe they have been targeted by a nation-state cyberthreat.

Tenable’s own vulnerability data reveals stark differences in cybersecurity maturity levels among key critical infrastructure sectors. According to Tenable data, the average number of critical vulnerabilities per device found in financial services organizations and in organizations in the energy sector — which includes providers of electricity, oil, gas and other consumable fuels — is about the same. Our data indicates both sectors are relatively mature in their cybersecurity practices. It takes a median of 12 days for organizations in the financial services and energy sectors to remediate a critical vulnerability. Contrast that with organizations in the healthcare and manufacturing sectors, which average twice as many critical vulnerabilities per device as their financial services and energy counterparts. Vulnerability remediation takes a median of 29 days for manufacturing organizations and 32 days for healthcare organizations, respectively. The more time a vulnerability is left unpatched, the greater the advantage it presents to attackers.

As Yoran stated in his written testimony: “There is no singular defense paradigm that could effectively be applied across all the sectors. Some critical infrastructure providers have a high degree of cybersecurity preparedness, strong risk understanding and risk management practices, and very strong security programs. Others are woefully ill-prepared.”

Attacks on interconnected systems have sweeping impact

At the same time, all critical infrastructure organizations face the same pressure to pursue digital transformation in their quest for efficiency and to accommodate the needs of a remote workforce. The changes are impacting not only the information technology (IT) systems and infrastructure but also the operational technology (OT) systems upon which critical infrastructure organizations rely.

While the notion of digital transformation is nothing new for those working in IT, the pace of change has quickened dramatically in the past two years as the global pandemic forced organizations to quickly ramp up a variety of cloud and remote access solutions in order to keep their businesses functioning. In OT, connectivity to IT systems and networks is a comparably new phenomenon and often involves updating legacy industrial systems with modern connectivity solutions in order to improve efficiency. Such IT/OT convergence is rapidly transforming how critical infrastructure organizations operate — and increasing risk in the process.

Taken together, the disparities in funding and the increasing interconnectedness of systems can significantly increase risk. To illustrate the real-world implications when a small municipality is targeted, Yoran’s testimony explored a February 2021 incident in which a water treatment plant was breached in Oldsmar, FL, a town of 15,000. In this incident, the attacker attempted to change the alkaline levels in the water to a level that would severely damage human tissue. It’s a striking example of the risks of IT/OT convergence; the attacker gained access to a remote IT management software called Team Viewer, and from there “accessed the system by exploiting cybersecurity weaknesses including poor password security, and an outdated Windows 7 operating system,” according to the FBI. This attack demonstrates the significance of proper system hygiene.

As alarming as the water treatment example is, another recent case even more starkly illustrates the potential negative outcomes of IT/OT convergence. On May 7, 2021, Colonial Pipeline was hit with a ransomware attack that caused the company to shut its operations for six days, prompting the President of the United States to issue a state of emergency. The compromise affected business systems located in the organization’s IT environment. The OT systems that control the pipeline itself were not directly accessed in the attack. Yet, the fear and uncertainty of the possible reach of the attack contributed to Colonial Pipeline’s decision to shut down pipeline operations. Colonial Pipeline ultimately ended up paying the hacking group DarkSide a total of 75 bitcoins ($4.4 million) for the ability to unlock its systems and get fuel back out to a majority of the East Coast.

Ransomware attacks against critical infrastructure providers represent a profitable enterprise for cybercriminals, as demonstrated by the Conti ransomware data leaks. The Conti bitcoin wallet data showed more than $1 billion had been paid, creating a massive funding method for Russian actors. It also clearly demonstrates the importance of vulnerability management as a core tenet of strong cybersecurity practice. The Conti group and its affiliates reportedly made use of over 30 known vulnerabilities, some of which were first disclosed in 2018.

While these challenges may seem daunting, Yoran’s testimony outlined four concrete steps the U.S. government can take to improve the cyber preparedness of critical infrastructure providers.

Establish baseline cybersecurity standards of care for critical infrastructure that align with international standards and the National Institutes of Standards and Technology (NIST) Cybersecurity Framework, based on effective cyber hygiene practices.

Finalize and implement the proposed SEC rule that requires public companies to disclose their policies and practices to address their cybersecurity risks.

Implement the cyber incident reporting requirements included in the FY 2022 Omnibus Appropriations bill.

Support and strengthen value-added engagement between the private sector and public sector.

Yoran’s testimony also included guidance on actions the U.S. government can take to protect its own networks and systems. These include:

Strengthening government networks by including protection of federal OT and Active Directory services in the Continuous Diagnostics and Mitigation (CDM) Program.
Implementing Section 1505 of the FY 2022 National Defense Authorization Act.
Establishing metrics for transparency and accountability.
Ensuring sufficient funding for CISA and the Office of the National Cyber Director to ensure they can meet mission requirements.

For more detail on these recommendations, access the full testimony here.

Learn more

Download Tenable’s 2021 Threat Landscape Retrospective
Read the blogs, You Can’t Modernize Critical Infrastructure Without Cybersecurity and Unpacking the U.S. National Security Memorandum on Improving Cybersecurity for Critical Infrastructure
Download the whitepaper, Prediction of an OT Attack

Read More