Tag Archive for: dhs

Testing Environments Help DHS S&T and CISA Secure Transportation Infrastructure


Strengthening and protecting our nation’s critical cyber infrastructure is a monumental task, one that the Science and Technology Directorate (S&T) takes seriously. Together with the Cybersecurity and Infrastructure Security Agency (CISA), S&T is developing and testing new technologies and tools that will help combat daily threats, both physical and online.

“All critical infrastructure sectors—including the energy, manufacturing, and transportation sectors—rely heavily on sophisticated technologies like industrial control systems, cellular networks, and artificial intelligence,” said S&T program manager Alex Karr. “These are all accessed, monitored, and controlled via the internet, which, in turn, makes them susceptible to hacking, malware attacks, and other malicious activities.”

Our critical infrastructure and associated online networks and technologies play a vital role in ensuring that the most essential services of our government and private sectors can do their job. Because of this, any potential weaknesses that can be exploited, disrupted, or damaged represent a significant threat to the safety of our citizens and our country. “This is why it’s crucial that we do everything we can to boost our online security and make sure we’re ready to respond to any attempts to compromise these crucial services and related systems,” Karr said.

S&T is working with a multi-agency team to do just that, collaborating with CISA, the Idaho National Laboratory (INL), Pacific Northwest National Laboratory (PNNL), and other government and private stakeholders to design and implement two state-of-the-art training tools, both a part of CISA’s Control Environment Laboratory Resource (CELR) test environment. These CELR test environments, one designed by INL and the other by PNNL, will eventually be integrated into CISA’s existing suite of internet security tools.

“CELR test environments are miniaturized test environments that emulate crucial facilities and their associated technologies and physical components,” explained Tim Huddleston, INL program manager for Infrastructure Assurance and Analysis. “They are designed to provide first responders and security…

Source…

Fosshost goes dark, DHS reviews Lapsus$, Rackspace security incident


Open source software host Fosshost shutting down, CEO unreachable

Fosshost project volunteers announced this development this past weekend following months of difficulties in reaching the leadership including the CEO. Users are being urged to immediately back up their data and migrate to alternative hosting platforms. As a UK-based non-profit, Fosshost has been providing services to several high profile open source projects like GNOME, Armbian, Debian and Free Software Foundation Europe (FSFE) completely free of charge. But as of this week various fosshost.org links are returning 404 error messages as the service closes.

(Bleeping Computer)

DHS Cyber Safety Review Board to review Lapsus$ attacks

The Department of Homeland Security Cyber Safety Review Board has announced that it will review cyberattacks linked to the extortion gang Lapsus$, a global extortion-focused hacker group that has reportedly employed techniques to bypass a range of commonly-used security controls and has successfully infiltrated a number of companies across industries and geographic areas.” The review aims at developing a set of actionable recommendations for how organizations can improve their resilience to these types of attacks. The final report will be transmitted to President Biden through Secretary of Homeland Security Alejandro N. Mayorkas and CISA Director Jen Easterly. 

(Security Affairs)

Rackspace rocked by ‘security incident’ that has taken out hosted Exchange services

Some of Rackspace’s hosted Microsoft Exchange services have been taken down by what the company has described as a “security incident.” The incident has been described by the company as “isolated to a portion of our Hosted Exchange platform,” and no estimated time to restoration had been announced.

(The Register)

Researchers accidentally crash botnet used to launch DDoS and cryptomining campaigns

In November, security experts at Akamai described a Golang-based botnet that they had discovered, hijacking PCs via SSH and weak credentials in order to launch distributed denial-of-service (DDoS) attacks and mine cryptocurrency. The botnet, which the researchers…

Source…

OIG: DHS Can Better Mitigate the Risks Associated with Malware, Ransomware, and Phishing Attacks


A new report from the Office of Inspector General (OIG) contains several recommendations aimed at improving the Department of Homeland Security’s (DHS) mitigation of risk related to malware, ransomware, and phishing attacks. 

Threats of cyberattacks have been increasing during the past two decades. According to a joint announcement from DHS, the Department of Defense, and the Department of Justice on August 3, 2020, the Chinese government has been using malware to target government agencies, private sector entities, and think tanks since 2008. Phishing groups used voter registration–related lures to trick people into accessing fake government sites and giving away personal data in the days prior to the 2020 presidential election. And in a March 21, 2022 statement, the U.S. President reiterated his warning to the Nation about the possibility of Russia conducting malicious cyber activity against the United States. Microsoft observed close to 40 destructive attacks on hundreds of Ukrainian systems from February 23 to April 8, 2022, with 32 percent of these attacks directly targeting Ukrainian government organizations at various levels.

In recent years, several DHS components have also been victims of cyberattacks. In May 2019, photos of more than 100,000 travelers coming into and out of the country were stolen during an attack on a U.S. Customs and Border Protection (CBP) subcontractor’s network. Similarly, on October 4, 2020, United States Coast Guard personnel discovered that a database for the Coast Guard Auxiliary had been subject to a malware attack, resulting in the exfiltration of contact information for 59,149 individuals who had expressed interest in joining the Coast Guard Auxiliary. 

OIG’s audit found that DHS implements multiple layers of defense against malware, ransomware, and phishing attacks to protect its sensitive information from potential exploitation. In addition, DHS has implemented specific tools and technologies to further detect and prevent security events on component systems and to help protect DHS’ network communication and data. 

However, the watchdog said DHS can better protect its sensitive data from potential malware, ransomware, and…

Source…

OIG: DHS Needs a Unified Strategy to Counter Disinformation


The Office of Inspector General (OIG) says the Department of Homeland Security (DHS) needs a unified strategy to counter disinformation campaigns.

Cyber attacks, intellectual property theft, and state-sponsored disinformation campaigns against the United States have increased significantly in recent years. DHS began internal and external coordination efforts in 2018 when former DHS Secretary Kirstjen Nielsen established the Countering Foreign Influence Task Force to focus on election infrastructure disinformation appearing in social media. Also in 2018, the Cybersecurity and Infrastructure Security Agency (CISA) started notifying social media platforms or appropriate law enforcement officials when voting-related disinformation appeared in social media. These early efforts were predominantly focused on disinformation campaigns that pertained to election infrastructure before also including COVID-19 bogus claims and other mis-, dis- and malinformation (MDM). 

Today, internet users can be vulnerable to a wide variety of MDM and propaganda campaigns that appear in social media. False news, such as misinformation, disinformation, and malinformation are used to shape public opinion, undermine trust, amplify division, and sow discord. Mobile devices and smartphones further enable individuals and groups to rapidly share content, including disinformation and misinformation. This content may include hyperlinks to media articles and other web-based content, such as images and videos, that may have been manipulated to spread disinformation and misinformation, referred to as “deepfake” information. Deepfakes could be used to generate inflammatory content such as convincing video of U.S. military personnel engaged in war crimes intended to radicalize populations, recruit terrorists, or incite violence.

Certain countries were far more likely than others to be targeted by foreign disinformation operations. Based on publicly available information from Facebook and Twitter, the three countries most targeted by foreign actors were the United States, the United Kingdom, and Egypt. Disinformation campaigns that targeted the United States include a foreign entity offering to pay social media…

Source…