Posts

The Biden Administration just revealed its plan to stop the next Colonial Pipeline hack


On Wednesday, President Biden signed a National Security Memorandum that aims to improve national cybersecurity. 





© Provided by Popular Science


It directs the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) and the Department of Commerce’s National Institute of Standards and Technology (NIST) to collaborate with other agencies to develop cybersecurity performance standards for companies across the US that provide essential services like power, water, and transportation. When systems that control these vital infrastructures malfunction or are interrupted because of an incident such as a ransomware attack, it can jeopardize national security, economic security, as well as public health and safety.

Loading...

Load Error

The memorandum also formally establishes the President’s Industrial Control System Cybersecurity (ICS) Initiative, which is a voluntary, collaborative effort between the federal government and the critical infrastructure community to establish systems that can detect cyberthreats and send timely alerts. The ICS Initiative kicked off in mid-April with an Electricity Subsector pilot, in which the Department of Energy worked with over 150 electricity utilities to plan and deploy cybersecurity tech for their control systems. Officials also gathered a number of utility and pipeline CEOs to brief them on cybersecurity threats. 

The Department of Homeland Security’s Transportation Security Administration (TSA) rolled out a directive earlier this year requiring critical pipeline owners and operators to report cybersecurity incidents as well as have their current practices reviewed by a designated Cybersecurity Coordinator after a major petroleum pipeline was attacked by ransomware in May. 

[Related: How a ransomware attack shut down a major US fuel pipeline]

And last week, the TSA issued a second directive which requires owners and operators of pipelines that transport hazardous liquids and natural gas to instate measures that can protect against ransomware and other cyber attacks. They also require the development of a recovery plan. Owners will also have to review their cybersecurity design every year.

“Recent…

Source…

Why Power Management Should Be In Your Cyber Protection Plan


As devices get smarter for convenience and ease; it is important to properly secure these devices to protect against possible cyberattacks.

As devices get smarter for convenience and ease; it is important to properly secure these devices to protect against possible cyberattacks.

Courtesy of Getty Images — Credit: gopixa

When it comes to cybersecurity, safeguarding power equipment may not always be the first thing IT professionals have on their checklist. Yet hackers are relentlessly exploiting new devices in innovative ways and vulnerabilities are emerging that may not have been previously considered. The ability to eliminate these vulnerabilities is becoming more and more critical.

In this article, we’ll explore why cybersecurity threats are on the upswing, unique ways hackers are exploiting data and the digital and physical perspectives on how to protect critical information.As devices get smarter for convenience and ease; it is important to properly secure these devices to protect against possible cyberattacks.As devices get smarter for convenience and ease; it is important to properly secure these devices to protect against possible cyberattacks.Courtesy of Getty Images — Credit: gopixa

 Interconnectivity Challenges: 5 Examples of Surprising Hacks

While IoT advancement has generated many benefits for businesses, including the ability to streamline operational efficiency with connected devices like uninterruptible power systems (UPSs) and other power backup devices, this growing interconnectedness brings a new set of cybersecurity challenges. In fact, 61% of organizations have experienced an IoT security incident, which often results in significant financial loss and reputation damage.

 On top of that, COVID-19 has created a handful of difficulties for organizations – cybersecurity being one of them. With an increase in remote work and reliance on technology during the pandemic, hackers have had ample opportunity to take advantage of vulnerabilities. The Federal Bureau of Investigation reported a 300% increase in cybercrimes since the pandemic has struck. Also, recent reporting from the International Criminal Police Organization (Interpol) revealed that in a four-month period, 907,000 spam messages, 737 malware incidents and 48,000 malicious URLs related to COVID-19 were detected.

 A growing list of equipment has become more susceptible to breaches as cybercrime grows, from household appliances to medical equipment. Here are five examples that…

Source…

Biden’s infrastructure plan wouldn’t protect the Colonial Pipeline from another attack

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.






© Provided by NBC News


Colonial Pipeline, the United States’ largest purveyor of refined fuel, including gasoline, diesel and jet fuel, recently had a bad day. Late last Friday, the company’s information technology systems fell victim to ransomware. The company quickly shut down its operations as a precautionary measure to contain the attack and prevent long-term damage to its physical systems. As of Tuesday afternoon, the pipeline was still largely offline, though Colonial hopes to restore operations by the end of the week.

Loading...

Load Error

The attack on Colonial Pipeline is one data point in an overall trend of increased attacks from ransomware, malicious software that prevents victims from accessing their data and requires a ransom payment in order to restore their systems. The consequences can range from the economically costly to the downright dire: Businesses get locked out of their computer systems for several hours or days at a time, halting operations, disrupting supply chains and significantly harming consumer trust.

In 2020 alone, nearly 2,400 state and local governments, health care facilities and schools were victims of ransomware attacks. Additionally, the victims of these attacks paid a total of $350 million in ransom, marking a 300-plus-percent increase from the previous year.

And ransomware is just one kind of cyberthreat posed to infrastructure — one of the country’s most prevalent national security risks and one that should be at the top of priority lists for infrastructure needs. Given the severity of the danger, it was disappointing to see that the Biden administration’s current infrastructure plan falls woefully short in terms of actually securing the infrastructure it proposes to build, a failing that has raised eyebrows.

The Colonial Pipeline attack “is a play that will be run again, and we’re not adequately prepared” warned Sen. Ben Sasse, R-Neb. “If Congress is serious about an infrastructure package, at front and center should be the hardening of these critical sectors — rather than progressive wish lists masquerading as infrastructure.”

America’s critical infrastructure as traditionally defined and historically…

Source…

Reeling from post-hack price slump, Easyfi reveals community compensation plan


After a devastating hack, a cross-chain decentralized finance (DeFi) protocol has revealed today a temporary compensation plan for token holders and investors impacted by one of the largest exploits in DeFi history. 

In a Tweet today, EasyFi announced their “Interim Compensation Plan,” a multi-stage process that includes immediate payments, IOU tokens, and incentive programs aimed at victims of the attack.

The hack, which took place 19 April, is considered to be among the largest in DeFi history, with $6 million in stablecoins and 2.98 million EZ tokens worth upwards of $120 million lost at the time of the attack. The hacker was in a complicated position, however, as after exploiting the protocol they owned upwards of 30% of the supply of EZ tokens and there was limited liquidity with which to unload them. The token “hardforked” to EZ 2.0 a week later, rendering the attacker’s remaining tokens effectively worthless. 

In a Tweet from his personal account, EasyFi founder Ankitt Gaur confirmed that the hack was the result of a “targeted attack on the founder’s machine/metamask to access admin keys and execute the well-planned hack.” This attack vector bears similarities to a 2020 hack on the personal computer of Hugh Karp, the founder of Nexus Mutual, who lost $8 million.

An expert from hack and exploit publication Rekt noted that the theft may have been the result of lax security practices, in that a single individual was in possession of the keys to the treasury, as opposed to being secured in a wallet with precautions against this type of hack such as a multisignature scheme or timelocked transactions.

In their compensation plan blog post, EasyFi characterizes the attack as “well-planned” and “sophisticated.”

Regardless of the cause, the efforts to compensate victims is multifaceted. Per their post, 25% of lost funds will be distributed to…

Source…