Healthcare OT Facilities Remain Exposed As Industry Experienced 68 Attempted Ransomware Attacks In Q3
Biomanufacturing facilities in the US are being actively targeted by an unknown hacking group leveraging a new malware strain.
In a new threat advisory, the Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) revealed that the first attack believed to be launched using this new malware dubbed “Tardigrade” occurred in the spring of this year. At that time, Tardigrade was used in a cyberattack on a large biomanufacturing facility though a second facility was hit using the same malware just last month.
According to BIO-ISAC, both biomanufacturing sites and their partners are “encouraged to assume that they are targets” and should take the necessary steps to review their security and response postures.
As reported by SiliconANGLE, Tardigrade is primarily used for espionage though the malware also causes other issues on the systems it infects including network outages.
In a separate report, Wired noted that these recent attacks may be linked to Covid-19 research as the pandemic has shown just how important biomanufacturing research is when developing vaccines and other medicines.
The origins of the code used in Tardigrade is also up for debate as BIO-ISAC believes the malware is based on Smoke Loader though security researchers that spoke with Bleeping Computer claim that it is a form of the Cobalt Strike HTTP beacon as opposed to an entirely new malware strain.
Due to Tardigrade’s advanced characteristics, the malware could have been developed by an advanced threat detection group or even by a nation-state intelligence service.
Regardless of its origin, Tardigrade is quite dangerous and we’ll likely find out more regarding this new malware as security researchers and even government agencies delve deeper into its code in an attempt to discover its true origins.
We’ve also featured the best endpoint protection software and best firewall
Via SiliconANGLE
WASHINGTON – The nation’s top civilian cybersecurity agency issued a warning Thursday about ongoing cyber threats to the U.S. drinking water supply, saying malicious hackers are targeting government water and wastewater treatment systems.
Authorities said they wanted to highlight ongoing malicious cyber activity “by both known and unknown actors” targeting the technology and information systems that provide clean, drinkable water and treat the billions of gallons of wastewater created in the U.S. every year.
The alert, which disclosed three previously unreported ransomware attacks on water treatment facilities, was issued by the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA). It was the result of analytic efforts by DHS, the FBI, the Environmental Protection Agency and the National Security Agency.
One DHS cybersecurity official described it as the routine sharing of technical information between federal agencies and their industry partners “to help collectively reduce the risk to critical infrastructure in the United States.” Added a second Homeland Security official: “It’s not any indication of a new threat. We don’t want anyone to think that their drinking water supply is under attack.”
Both officials spoke on the condition of anonymity in order to elaborate on the agency’s public statements.
Despite their assurances, the advisory disclosed that in March 2019, a former employee at a Kansas-based water and waste water treatment facility unsuccessfully tried to threaten drinking water safety by logging in with his user credentials – which had not been revoked at the time of his resignation – to remotely access a facility computer.
In that case, a federal grand jury in Topeka, Kansas accused Wyatt Travnichek, 22, of tampering with the water treatment facilities for the sprawling, eight-county Post Rock Rural Water District.
The indictment, announced March 31, alleges that Travnichek’s job for the utility was to monitor the water plant remotely by logging into its computer system. Two months after he left his job with the water district in January 2019, it said, Travnichek logged in remotely with the intent of shutting shut down…
Haaretz.com, the online English edition of Haaretz Newspaper in Israel, gives you breaking news, analyses and opinions about Israel, the Middle East and the Jewish World.
© Haaretz Daily Newspaper Ltd. All Rights Reserved