Tag Archive for: agency

Hackers used legit remote monitoring software to hack agency networks

/in


The National Security Agency and the Cybersecurity and Infrastructure Security Agency issued new guidance Wednesday to help safeguard remote monitoring and management, or RMM, software from malicious attacks. 

The guidance aims to help enterprises identify and mitigate potential breaches tied to the software — which helps managed IT service providers monitor endpoints, networks and devices — after attackers have used phishing emails to gain access to networks through legitimate RMM software, identified by CISA in October 2022. 

Specifically, attackers sent a phishing email to a federal civilian executive branch employee in June 2022 with a phone number that led them to visit a malicious domain. 

By October, CISA had found malicious activity on two federal civilian executive branch networks through a retrospective analysis of its intrusion detection system known as EINSTEIN, with bi-directional traffic occurring between one network and a malicious domain in mid-September. 

“Based on further EINSTEIN analysis and incident response support, CISA identified related activity on many other [federal civilian executive branch] networks,” the guidance said. 

Officials said in the guidance that attackers have been sending “help desk-themed phishing emails” to federal employees personal and government emails since at least June 2022 with either a link to a malicious domain or a phone number that then directs them to the domain.

That first stage domain then triggers the victim to download an executable file that connects to a second malicious domain, from which a victim downloads RMM software to connect to the attackers’ RMM server.   

Because the attackers don’t install RMM software on the compromised victim’s network, they can evade risk management systems by deploying it as a portable executable file and attack other vulnerable machines through local user rights. 

“The authoring organizations assess this activity is part of a widespread, financially motivated phishing campaign and is related to malicious typosquatting activity” uncovered in by Reston cyberthreat detection firm Silent Push in October with attackers impersonating companies like Amazon, Microsoft, Geek Squad, McAfee,…

Source…

National research agency forms CSIRT to prevent cyber attacks

/in


To this end, strengthening the electronic system security in BRIN is necessary, including in the handling of cyber incidents

Jakarta (ANTARA) – The National Research and Innovation Agency (BRIN) formed and unveiled the Computer Security Incident Response Team (CSIRT) within the agency to protect the electronic system security from cyber threats and attacks.

The CSIRT had actually existed before, but it had not been integrated, Head of BRIN Laksana Tri Handoko stated during the BRIN-CSIRT virtual unveiling on Monday.

BRIN-CSIRT was formed owing to BRIN’s cooperation with the National Cyber and Encryption Agency (BSSN). The agency will continue to boost its capability to bolster cybersecurity within BRIN, he remarked.

Moreover, the BRIN is ready to become BSSN’s partner for cybersecurity from the standpoint of technological, information system, research and innovation result, as well as human resources.

Related news: BRIN, archaeologist studying recently unearthed temple site in Batang

Meanwhile, during the event, Head of BSSN Hinsa Saburian noted that the most frequent attacks occurring in BRIN are malware attacks and traffic anomaly status.

“To this end, strengthening the electronic system security in BRIN is necessary, including in the handling of cyber incidents,” he remarked.

The formation of BRIN-CSIRT is expected to form a safe and orderly electronic system that can support the realization of a reliable, professional, and innovative BRIN with integrity.

Related news: BRIN urges private sector to invest in space sector

Moreover, through the formation of CSIRT, BRIN is also expected to improve its capability in cybersecurity incident handling within its institution. To this end, the BSSN is ready to support the strengthening of the cyber incident handling capability in BRIN.

The high usage of information and communication technology is directly proportional to security risks and threats.

As a result, an organization should always anticipate cyber threats and attacks through cyber incident handling readiness by forming the CSIRT.

The CSIRT should be able to resolve cyber security challenges by improving the capability of the team that has been formed.

Related news: Huawei,…

Source…

Emirates News Agency – DEWA discusses collaboration with SAP SE

/in


DUBAI, 15th October, 2022 (WAM) — Dubai Electricity and Water Authority (DEWA) has discussed means of collaboration with SAP SE.

This came during a meeting between Saeed Mohammed Al Tayer, MD&CEO of DEWA, and Christian Klein, CEO and member of the Executive Board of SAP-SE.

The meeting was attended by a number of DEWA senior executives and officers.

During the meeting, Al Tayer emphasised the importance of exchanging global best practices and experiences between the two sides. Bilateral areas of cooperation include innovation, digital transformation, the Internet of Things, Big Data analysis, and cloud computing, among others.

Al Tayer commended the strategic partnership between DEWA and SAP, which began in 2009 when DEWA implemented the SAP Wave 1 Enterprise Resource Planning (ERP) system to measure, integrate and automate all DEWA’s operations to provide the highest level of service to its customers, employees, and partners.

Relations between the two organisations later expanded to include the Data Hub for Integrated Solutions (Moro). Since 2018, Moro has been the authorised provider of the SAP-Hana platform for enterprise cloud services. This year, Moro has been certified by SAP as a partner of RISE. It is the first local provider to be certified in the UAE to provide secure and cloud-based SAP services. SAP also supported Moro’s green data centre, the largest solar-powered centre in the Middle East and Africa region that is designed to obtain a Tier-III certificate from the Uptime Institute, at the Mohammed bin Rashid Al Maktoum Solar Park in Dubai.

Last February, DEWA announced a partnership between Moro, a subsidiary of Digital DEWA, the digital arm of DEWA, and SAP. The initiative allows government and private entities to unlock new efficiencies with intelligent automation across their mission-critical processes, which will be hosted from state-of-the-art Moro Hub’s data centres, complying with data residency and cyber security requirements of the UAE.

Moro Hub is a world-class data hub providing solutions and innovative business services, offering a unique range…

Source…

City warns employees about computer hack of public housing agency

/in


INDIANAPOLIS — Almost 24 hours after FOX59 News exclusively reported that the Indianapolis Housing Agency was the target of a ransomware attack, Indianapolis city employees have finally been told of the hack and advised to maintain email security vigilance.

IHA officials admit that as early as Monday of this past week their system was hacked by unknown actors in pursuit of potential personal information of 25,000 Marion County residents, vendors who do business with the agency and financial transactions between IHA and the Department of Housing and Urban Development.

A statement released by attorneys representing IHA Thursday night gave no indication of knowledge of the hacker’s identity or demands.

Today at 12:39 p.m., the City’s Information Services Agency issued the following statement to municipal employees:

Recently, the Indianapolis Housing Agency (IHA) became a victim of a ransomware attack. In a ransomware attack, cybercriminals attempt to disrupt organizations by locking down the organization’s computers and IT systems in exchange for the payment of a ransom. The data maintained by IHA, including personal information of residents and employees, as well as vendors, is potentially at risk.  

The IHA network is isolated from the City-County network, so there is no immediate threat to City-County or constituent data as a result of this incident.  

ISA has implemented several protocols to maintain, and improve, the safety of our computing environment. Earlier this year, ISA introduced security awareness training which is required annually for staff. As additional protection, we are installing an encryption tool on the hard drives of all City-County computers to protect network data from unauthorized access if the equipment is lost or stolen. Learn more about ISA security enhancements

SA encourages all staff to continue to report emails that you believe might be suspicious, either by using the Outlook PhishAlarm reporting tool or by calling the ISA Service Desk at 317-327-3075.

Professor Scott Shackelford of the Kelley School of Business at Indiana University said the costs of recovering stolen information or repairing a system after a…

Source…