Tag Archive for: critical

Russian GRU Hackers Exploit Critical Patched Vulnerabilities

/in


Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Governance & Risk Management

TA422 Is Targeting Organizations in Europe and North America, Proofpoint Says

Prajeet Nair (@prajeetspeaks) •
December 5, 2023    

Russian GRU Hackers Exploit Critical Patched Vulnerabilities
Russian military intelligence hackers are taking advantage of patched vulnerabilities. (Image: Shutterstock)

In the race between hackers and systems administrators that begins each time a company patches a zero day flaw, a Russian military intelligence hacking unit is often the winner, new research discloses.

See Also: Live Webinar | Cutting Through the Hype: What Software Companies Really Need from ASPM

Multiple studies suggest that organizations require weeks, if not months, to roll out patches while hackers can rush out an exploit of a newly-disclosed vulnerability in days or weeks.

One organization taking advantage of that disconnect is what Proofpoint dubs TA422 – also known as APT28, Fancy Bear and Forest Blizzard. The security firm in a Tuesday report said it has seen the threat actor “readily use patched vulnerabilities to target a variety of organizations in Europe and North America.” U.S. and British intelligence assess that Forest Blizzard is “almost certainly” part of the Russian General Staff Main Intelligence Directorate, better known as the GRU.

Among the n-days exploited by TA422 is CVE-2023-23397, a Microsoft Outlook elevation of privilege vulnerability that allows a remote, unauthenticated attacker to send a specially crafted email that leaks the targeted user’s hashed…

Source…

CISA’s response to Iran hacking control systems in US critical infrastructures is inadequate

/in


Iran is in an undeclared war, including cyber war, against the U.S. and our critical infrastructures. Dec. 1, 2023, CISA, FBI, EPA, NSA and the Israel National Cyber Directorate (INCD) issued the following alert: “IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities.”

The Iranian Government Islamic Revolutionary Guard Corps (IRGC) is a nation-state with associated capabilities, not just some hackers who support a cause. The picture of the hack of Full Pint Brewery should remove all doubt that Iran is directly behind state-sponsored hacking of U.S. critical infrastructures. The Unitronics incidents are cyberattacks on control systems, in this case PLCs, not IP networks or equipment. PLCs are used for operation, not to hold customer information. Because IRGC got to the PLC, they can compromise the near- or long-term operation of any targeted system.
Iran has PLCs (think about Stuxnet as that was an attack against Siemens PLCs) in their nuclear, manufacturing and oil/gas industries and is familiar with the operation of PLCs. The Nov. 25 IRGC cyberattack of the Municipal Water Authority of Aliquippa brings several interesting wrinkles to cyber war. The IRGC targeted the control system equipment, in this case Israeli-made Unitronics PLCs, not the end-users such as Aliquippa or Full Pint. Consequently, this is a nation-state supply chain attack against U.S. critical infrastructure, not any single end-user or sector.

However, this supply chain attack is not the usual software compromise that can be addressed by a Software Bill of Materials, but design weaknesses in control systems that are not unique to Unitronics. Recall, Stuxnet compromised Siemens PLCs to cause damage to the centrifuges and Triconix controllers were compromised by the Russians in an attempt to blow up a Saudi Arabian petrochemical plant. It is evident the Dec. 1 alert does not address PLC-unique issues identified from the Unitronics incidents or other previous PLC attacks. 

Unitronics

Unitronics is a control system/automation supplier. From the Unitronics website, the company was founded in 1989 with installations in automated parking systems,…

Source…

What you need to know about Australia’s critical infrastructure reforms

/in


As the cyber threat landscape continues to evolve, the key message of the 2023-2030 Australian Cyber Security Strategy (Strategy) is clear: business cyber resilience is an urgent national priority.

The Strategy seeks to strike a balance been fostering close collaboration between government and industry but, at the same time, cracking down on businesses that are not cyber-ready. While certain legislative reforms have been proposed, including to the Security of Critical Infrastructure Act 2018 (SOCI Act), no economy-wide cyber laws have been proposed at this stage. Further industry consultation will be conducted prior to the introduction of substantive reforms.

Overview and implementation

On 22 November 2023, the Minister for Home Affairs and Cyber Security, the Hon Clare O’Neil MP, released the Strategy. The Government has an ambitious goal of making Australia ‘the most cyber secure nation by 2030’ by putting almost $600 million towards implementing six ‘Cyber Shields’:

  1. Strong businesses and citizens.
  2. Safe technology.
  3. World-class threat sharing and blocking.
  4. Protected critical infrastructure.
  5. Sovereign capabilities.
  6. Resilient region and global leadership.

The Strategy directly responds to Government concerns following significant data breaches that have occurred over the past 18 months, including gaps in regulations as well as a lack of industry reporting and consultation. Initial indications are that the Strategy is being well received by business and the broader cyber security community as a comprehensive response to the evolving threat landscape. The different layers of the Strategy deal with everything from protecting critical infrastructure and growing Australia’s skilled cyber security workforce to working with international partners and introducing new regulatory reforms with a focus on close collaboration between government and industry.

The Strategy will be implemented across three stages or ‘horizons’:

  • Horizon 1: The strengthening of foundations from 2023-2025.
  • Horizon 2: Scaling of cyber maturity across the whole economy from 2026-2028.
  • Horizon 3: Becoming a world leader in cyber security by 2030.

Core law reforms on new cyber obligations, streamlined…

Source…

NCSC warns of enduring and significant threat to UK's critical … – National Cyber Security Centre

/in



NCSC warns of enduring and significant threat to UK’s critical …  National Cyber Security Centre

Source…