“Good faith” hackers will no longer face prosecution under the CFAA
Category Archives: News
Bluetooth Flaw Allows Remote Unlocking of Digital Locks
Locks that use Bluetooth Low Energy to authenticate keys are vulnerable to remote unlocking. The research focused on Teslas, but the exploit is generalizable.
In a video shared with Reuters, NCC Group researcher Sultan Qasim Khan was able to open and then drive a Tesla using a small relay device attached to a laptop which bridged a large gap between the Tesla and the Tesla owner’s phone.
“This proves that any product relying on a trusted BLE connection is vulnerable to attacks even from the other side of the world,” the UK-based firm said in a statement, referring to the Bluetooth Low Energy (BLE) protocol—technology used in millions of cars and smart locks which automatically open when in close proximity to an authorised device.
Although Khan demonstrated the hack on a 2021 Tesla Model Y, NCC Group said any smart locks using BLE technology, including residential smart locks, could be unlocked in the same way.
Another news article.
Modern “Smart” Farm Machinery Vulnerable to Cyber-Attackers
A new report warns hackers could exploit flaws in agricultural hardware used to plant and harvest crops
UK Sextortion Cases Doubled in 2021
The UK’s Revenge Porn Helpline received 1124 reports of sextortion last year, compared to 593 in 2020
“Alarming” Surge in Conti Group Activity This Year
Ivanti observed a 7.6% rise in the number of vulnerabilities tied to ransomware, most of which were exploited by Conti
Phishing gang that stole over 400,000 Euros busted in Spain
Spanish police say that they have dismantled a phishing gang operating across the country, following the arrest of 13 people and the announcement that they are investigating a further seven suspects.
Read more in my article on the Tripwire State of Security blog.
How State and Local Governments Can Bolster their Cyber Defenses
Cyber security leaders of U.S. cities and states must protect their systems and data from nation-state attackers, including Russian hackers.
President Biden has warned of potential Russian cyberattacks against the U.S. as part of Russia’s ongoing conflict with Ukraine. In addition to alerting U.S. companies and critical infrastructure providers, President Biden has also warned state and local governments, saying they too must immediately harden their cyber defenses.
Specifically, the President sent letters to each governor asking them to increase oversight of their states’ critical infrastructure and offering assistance from the federal government to help each state shore up their cybersecurity defenses. The letter referenced the May 2021 Executive Order on Improving the Nation’s Cybersecurity, which established a set of essential, baseline standards for federal agencies to adopt, and urged state leaders to implement the same standards to secure their state’s computer systems and critical infrastructure. These standards include conducting exercises to plan and prepare for cyberattacks, and ensuring that systems are patched and up to date to protect against vulnerability exploits.
Malicious cyber actors, whether related to Russia’s attack on Ukraine or not, will continue to strike, especially when targets are distracted or unprepared. Fortifying cyber defenses does not happen overnight, but there are strategies state and local governments can employ to make their systems more secure against nation-state threats.
Invest in risk-based vulnerability management: The rise of nation state cyber threats makes it imperative for state and local governments to prioritize cybersecurity efforts where they are needed most rather than trying to find and patch every vulnerability. Risk-based VM scans help prioritize the vulnerabilities that pose the biggest risk to state and local government entities if they’re exploited by attackers. Leveraging risk-based VM, state and local governments can protect their citizens, data and systems from cyber attacks.
Safeguard state and local critical infrastructure: As IT/OT environments converge, cyber attack landscapes expand rapidly. Government entities must employ tools to proactively identify IT/OT weaknesses and protect critical infrastructure from cyber attacks. Visibility, threat tracking and situational awareness are essential to securing critical infrastructure.
Implement a zero-trust strategy: Take a ‘trust no one’ policy to disrupt attack paths and secure state and local governments against cyber attacks. Verifying everything before granting access to various networks and systems prevents attacks that leverage misconfigurations, and continuously assesses which resources are susceptible to a breach.
Secure your Active Directory: As the master key to an organization’s system and network privileges, Active Directory is a prime target for attackers looking to gain administrator privileges and engage in lateral movement. To keep AD safe and secure, state and local governments should enforce local administrator password solutions (LAPS) and privileged access management (PAM), and promote cybersecurity best practices such as multi-factor authentication and strong password policies.
For state and local governments facing mounting risks of cyber attacks to their information systems and critical infrastructure, the strategies laid out above are a great way to get started, but by no means a comprehensive list. Do not be caught off guard, Tenable can help you remain vigilant of cyber threats.
Find out how state and local governments can defend against ransomware.
Enterprises report rise in risk events, yet risk management lags
Enterprises around the world are being barraged by risk events, according to a report released Wednesday by Forrester. The State of Risk Management 2022 report, which is based on a survey of 360 enterprise risk management decision makers in North America and Europe, found that 41% of organizations have experienced three or more critical risk events in the last 12 months.
Risk events, incidents and disruptions have become so frequent that the increased level of risk is the “new normal,” Forrester reported. Nearly half the participants in the survey (44%) confirmed that enterprise risk has increased over the last year, although that varies by region. For example, 64% of North American respondents confirmed an increase in risk, while only 37% of European respondents did.
CISA Issues Emergency Directive for VMware Vulnerabilities
The State of OT Security, a Year Since Colonial Pipeline
During a recent podcast, Tenable’s VP of Operational Technology Marty Edwards discussed the cyber threats faced by critical infrastructure providers and the importance of OT security, topics he’ll address again next week during a LinkedIn Live with CNN.
The recent cyberattacks against critical infrastructure have garnered an unprecedented amount of attention over the past year. Every individual and every business heavily relies on critical infrastructure to get them through their day.
A catastrophic cyber attack on any critical infrastructure sector could result in a chain reaction, potentially wreaking massive economic and social havoc. Its impact could be devastating, potentially costing trillions of dollars to recover from.
Just last year, the U.S. caught a glimpse of the devastation that cyberattacks on critical infrastructure can cause when the Colonial Pipeline was hit by a destructive ransomware attack. The May 2021 shutdown sent the East Coast into a frenzy when the public found themselves waiting in gas station lines for hours desperate to fill their gas tanks.
The attack triggered a call for increased regulations to protect and strengthen U.S. critical infrastructure against cyberattacks. Now, a year later, cybersecurity practitioners and the public alike are still calling on government officials and companies to invest in cybersecurity to better defend these critical infrastructure systems. Clearly, the U.S. needs to extend the conversations surrounding the cyber security of critical infrastructure.
Efforts such as the Securities and Exchange Commission’s Cybersecurity Risk, Management, Strategy, Governance and Incident Disclosure aim to do just that. The proposed rule would force leaders to treat cybersecurity risk as a business risk and require public companies to disclose their policies and procedures for identifying and managing cybersecurity risks. Additionally, it requires the disclosure of the oversight role and cybersecurity expertise of public companies’ leadership and board of directors over their cybersecurity risk assessment program. Conversations surrounding OT in critical infrastructure are crucial to understanding how to best safeguard these public sectors against massive turmoil resulting from cyberattacks.
It’s a topic that Tenable feels strongly about. That’s why Tenable’s Vice President of Operations Technology, Marty Edwards spoke with Dan Raywood, Product Marketing Manager, Security Research at Tenable about how businesses are underprepared and under-invested in OT security, how that’s become a security issue and why it must change.
Listen to the podcast here.
Cyberattacks on critical infrastructure are disruptive, to say the least. Here are 3 key takeaways from the podcast:
1. Businesses are underprepared and underinvested in OT security.
Operational technology security has been thrown into the spotlight in the wake of the recent high-profile cyberattacks against critical infrastructure. With cybercriminals becoming more sophisticated and more aggressive in their attacks, there’s a growing concern among cybersecurity practitioners that businesses are not investing in OT security as they should. OT security must be prioritized but often it is not. Companies’ percentage of investment in OT security is relatively a small fraction of their overall IT security investments. However, OT environments are as critical, if not more, to businesses’ operations, and warrant a lot more investments.
2. The cybersecurity community must find ways to make OT more secure.
The cybersecurity community has created an ongoing dialogue surrounding ways in which cybersecurity can be enhanced with OT security. A great way for vendors and the research community to make OT more secure is through vulnerability reporting and coordinated disclosure. With the threat landscape always evolving, it’s important that organizations identify their greatest vulnerabilities and risks while assessing their security capabilities. Additionally, organizations should keep in mind that it’s often the legacy vulnerabilities hackers use to commit ransomware and other kinds of cyberattacks. The legacy vulnerabilities that have not been patched are constantly being exploited, providing an entryway for cybercriminals.
In the wake of recent ransomware attacks, unpatched vulnerabilities – some between 5 and 20 years old – are now considered one of the biggest cyber risks, as bad actors exploit them to wreak havoc on critical infrastructure. Therefore, businesses should willingly report these vulnerabilities and disclose attempts to exploit them to aid in the fight against these malicious attacks. Vendors and the research community must work together and have an open line of communication and full transparency so that they can increase the level of understanding between them and make OT more secure.
3. The Colonial Pipeline may be the first of many cyberattacks on critical infrastructure sectors.
The Colonial Pipeline incident has illustrated that critical infrastructure is becoming a central issue for cybersecurity and that organizations must always be prepared. What many are calling “one of the most disruptive attacks in history,” it changed the cybersecurity landscape forever, opening the door for more conversations surrounding OT security by the public, government leaders and the cybersecurity industry. It triggered a movement, encouraging public sectors to be more proactive and to invest more in OT security.
As a result, legislators and policymakers are now identifying ways in which they can increase regulations to boost cyber defenses against these kinds of attacks. Additionally, the Colonial Pipeline highlights the need for a holistic approach to risk management and the need to understand the trajectory, from a cyber security perspective, of where we want to be 5-10 years from now. With OT now at the forefront of the conversation, the need to strengthen our cybersecurity ecosystem is critical now more than ever.
Join us for Marty Edward’s LinkedIn live interview with CNN’s Sean Lyngaas
If that’s whetted your appetite, Marty Edwards will share further insights during this LinkedIn live interview with CNN’s Sean Lyngaas on Wednesday, May 25 at 1pm ET.