Tag Archive for: Homeland

JBS’s cybersecurity was unusually poor prior to 2021 ransomware attack, internal homeland security records show

/in


Key takeaways

* JBS’s cybersecurity was “outside the typical range” for food production companies, experts told the federal government following the 2021 attack. (JBS did not respond to requests for comment.)

* Experts said the range of devices connected to the internet at food companies leaves them vulnerable.

* It’s difficult to gather information on cyberattacks, and they happen more often than what is reported, experts said.

A May 30, 2021, ransomware attack on JBS, one of the world’s largest meat companies, disrupted the company’s operations internationally and ended when the company paid an $11 million ransom to Russian hacker group REvil. 

While food production companies are potentially lucrative targets for cyberattacks, JBS was poorly protected against them compared to similar companies, according to cybersecurity experts.

The food and agriculture industry is designated as a Critical Infrastructure Sector by the U.S. Department of Homeland Security, meaning its “incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety.”

The whole industry is vulnerable to attacks like the one on JBS — and they happen quietly and often, according to John Hoffman, senior research fellow at the Food Protection and Defense Institute at the University of Minnesota. 

In the aftermath of the JBS ransomware attack, a representative of cybersecurity risk management firm BitSight told national security officials that JBS had “many many issues” with its computer system.

“Overall rating was poor and outside the typical range for Food Production companies,” wrote BitSight Vice President Jake Olcott in a June 2, 2021, email to Jeffrey Greene, who served as the National Security Council chief of cyber response and policy at the time. 

The emails obtained by Investigate Midwest via a public records request shed light on the federal government’s and private industry’s response to the JBS attack. 

“We’ve observed a massive number of malware infections on JBS over the last year (including Conficker),” Olcott wrote in the email. “JBS has been…

Source…

Hackers took down U.S. airport websites, Department of Homeland Security confirms

/in


Unknown hackers attacked and temporarily shut down the public-facing websites of at least several major U.S. airports on Monday, a Department of Homeland Security official confirmed to USA TODAY.

The official from DHS’ Cybersecurity and Infrastructure Security Agency, or CISA, declined to comment on who might have been behind what appeared to be a coordinated series of distributed denial of service (DDoS) incidents, which did not affect the actual operations of the airports or planes flying into and out of them.

“CISA is aware of reports of DDoS attacks targeting multiple U.S. airport websites. We are coordinating with potentially impacted entities and offering assistance as needed,” said the official, who declined to speak on the record or provide any more information about the cyberattacks and who might have been responsible.

Russian-speaking “hacktivists” from a group calling itself KillNet claimed responsibility for the attacks, which took down websites at 14 airports, including Hartsfield-Jackson Atlanta International Airport (ATL) and Los Angeles International Airport (LAX), according to the official Twitter account of the Russian service of the Voice of America.

Hackers can overwhelm computer servers by sending them many thousands of requests at the same time, disrupting companies and organizations.

Hackers can overwhelm computer servers by sending them many thousands of requests at the same time, disrupting companies and organizations.

DDoS attacks are used to overwhelm computer servers by sending them many thousands of requests at the same time, according to CISA. In this case, the servers hosting the airport sites were swamped with thousands of requests, making it all but impossible for travelers to connect and to get updates about their scheduled flights or book airport services, according to Frank Cilluffo, a former White House cybersecurity official. 

Smart analysis delivered to your inbox: Sign up for the OnPolitics newsletter

Cilluffo said such attacks usually are intended to generate attention rather than to cause significant destruction or even disruption, such as taking down airport operations.

“But they are not trivial and in this case they could be the beginnings of a larger trend,” said Cilluffo, director of the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn…

Source…

Hackers took down U.S. airport web sites, Department of Homeland Security confirms

/in


Unknown hackers attacked and temporarily shut down the public-facing websites of at least several major U.S. airports on Monday, a Department of Homeland Security official confirmed to USA TODAY.

The official from DHS’ Cybersecurity and Infrastructure Security Agency or CISA, declined to comment on who might have been behind what appeared to be a coordinated series of Distributed Denial of Service (DDoS) incidents, which did not affect the actual operations of the airports or planes flying into and out of them.

“CISA is aware of reports of DDoS attacks targeting multiple U.S. airport websites. We are coordinating with potentially impacted entities and offering assistance as needed,” said the official, who declined to speak on the record or provide any more information about the cyber attacks and who might have been responsible.

Russian-speaking “hacktivists” from a group calling itself KillNet claimed responsibility for the attacks, which temporarily took down websites at 14 airports, including the Hartsfield-Jackson Atlanta International Airport (ATL) and Los Angeles International Airport (LAX), according to the official Twitter account of the Russian service of the Voice of America.

A recently discovered cyber attack, most likely tied to Russia, has the potential to affect many companies and organizations.

A recently discovered cyber attack, most likely tied to Russia, has the potential to affect many companies and organizations.

DDoS attacks are used to overwhelm computer servers by sending them many thousands of requests at the same time, according to CISA. In this case, the servers hosting the airport sites were swamped with thousands of requests, making it all but impossible for travelers to connect and to get updates about their scheduled flights or book airport services, according to Frank Cilluffo, a former White House cybersecurity official. 

Smart analysis delivered to your inbox: Sign up for the OnPolitics newsletter

Cilluffo said such DDoS attacks usually are intended to generate attention rather than to cause significant destruction or even disruption, such as taking down the operations of airports.

“But they are not trivial and in this case they could be the beginnings of a larger trend,” said Cilluffo, the director of the McCrary Institute for Cyber and Critical Infrastructure Security…

Source…

Secret Service erased text messages from Jan. 6 and the day before, the Homeland Security watchdog says

/in


WASHINGTON — The Secret Service erased text messages from both Jan. 6 and the day before the attack on the Capitol after the Department of Homeland Security’s internal watchdog requested records of electronic communications tied to the insurrection, according to a letter sent to congressional committees that was obtained by NBC News.

The details about the erased messages were revealed in a letter to two congressional committees Wednesday, in which Homeland Security Inspector General Joseph Cuffari said he was informed that many of the messages from Jan. 5 and Jan. 6, 2021, had been erased “as part of a device-replacement program.”

The Intercept first reported the content of the letters.

A spokesperson for the House Homeland Security Committee confirmed the letter, which was also given to the Jan. 6 committee, a source familiar with the matter confirmed.

Cuffari’s letter was also addressed to the Senate Homeland Security and Governmental Affairs Committee.

“The USSS erased those text messages after OIG requested records of electronic communications from the USSS, as part of our evaluation of events at the Capitol on January 6,” Cuffari said in his letter.

He added that DHS personnel had repeatedly told inspectors that “they were not permitted to provide records directly” to the watchdog and that the records first needed to be reviewed by the agency’s attorneys.

“This review led to weeks-long delays in OIG obtaining records and created confusion over whether all records had been produced,” he said.

Secret Service spokesman Anthony Guglielmi insisted in a statement that the agency has fully cooperated with the inspector general’s review and that the text messages were lost before they were requested.

“The insinuation that the Secret Service maliciously deleted text messages following a request is false,” Guglielmi said. “In fact, the Secret Service has been fully cooperating with the OIG in every respect — whether it be interviews, documents, emails, or texts.”

According to Guglielmi, the Secret Service began a “pre-planned, three-month system migration” in January 2021 that included resetting its mobile phones to factory settings, resulting in the loss of data for some phones….

Source…