Tag: ramp | SpinSafe

Ripple effect: Local agencies ramp up security after state, national cyberattacks on water supplies | News, Sports, Jobs

May 4, 2024/in Internet Security

Razor wire tops the fence around the Altoona Water Authority Lake Altoona pump station along Veterans Memorial Highway in Logan Township.
Mirror photo by Patrick Waksmunski

Late last year, the public water system in Aliquippa was one of several across the U.S. that was attacked by Iran-affiliated hackers, who hit Israeli-made computer equipment used to control water system operations.

At the time, officials with the Municipal Water Authority of Aliquippa said the cyber group, known as Cyber Av3ngers, took control of one of their booster stations. An alarm went off as soon as the hack occurred, officials said.

The Aliquippa authority shut down its automated system and went to manual operations, maintaining service without interruption, it was reported.

That attack and others on critical infrastructure systems has led the federal government to develop a playbook to guard against the ever-increasing sophistication of hackers.

It’s a case of constant vigilance that includes common-sense “cyber 101” efforts, like creating strong passwords, firewalls and multi-factor authentication, according to David Hozza, assistant teaching professor for cybersecurity at Penn State’s College of Information Sciences & Technology.

A warning sign is posted on the gate at the Altoona Water Authority’s Mill Run Reservoir.
Mirror photo by Patrick Waksmunski

The need for such precautions “is not going to go away any time soon,” said Aaron Moyer, the Altoona Water Authority’s IT services coordinator.

‘Zero trust model’

The Altoona Water Authority “ramped things up,” starting about three years ago, after an incident in Florida that “was an eye-opener for everybody,” Moyer said some months ago.

The Florida incident involved hackers breaking into a system and attempting to increase the feed rate for a chemical, Hozza said, adding that an operator recognized the anomaly and shut the system down, preventing potential harm.

Since then, the Altoona authority has adopted a “zero trust model,” Moyer said.

That is an IT security regimen that requires strict identity verification for every person and device that tries to access resources, according to an online definition.

If the…

Source…

Army struggling to hire cyber staff as attacks on Britain ramp up

August 14, 2023/in Internet Security

The Army is struggling to hire cyber security experts amid intense competition from business, its recruitment chief has admitted.

Richard Holroyd, managing director of Defence and Security at Capita, which handles recruitment for the Armed Forces, said it was having difficulty attracting candidates given the wealth of jobs on offer.

He told the Telegraph: “You’re saying to people with an interest in it, come and be a cyber specialist in the armed forces, but Raytheon is saying come and be a cyber specialist, BT are saying come and be a cyber specialist. So in those spaces, you’re competing.

“In a labour market with full employment it’s a tough, tough play.”

Mr Holroyd said Capita was on track to only meet 80pc of its Army recruitment target this year, in part because of difficulties filling technical roles.

He said: “Anything related to STEM [science, technology, engineering and mathematics] is a highly competitive environment. So STEM skills are tough.”

Capita’s exact target wasn’t given and the Ministry of Defence declined to comment on it.

The admission comes despite the increasing importance of cyber for both offensive and defensive capabilities.

The Minister of Defence said last month there was an “urgent requirement to continue to modernise the force to keep pace with technological developments”.

Boosting the digital skills is a “matter of priority” over the next three years, officials wrote in the Defence Command paper.

Mr Holroyd said cyber security experts have “much more choice” than in previous years and admitted that private sector companies have proven faster at recruiting, sometimes making offers within a few weeks.

Source…

Crypto hack alarms ramp up as authorities crack down after $3.7 billion stolen

June 26, 2023/in Internet Security

The rapid growth of cryptocurrency theft over the past few years has become a major concern for U.S. authorities, who are ramping up efforts to crack down on hackers and illicit crypto schemes.

Just last year, crypto hackers managed to steal about $3.7 billion in digital assets, with North Korean state-sponsored cyber actors taking the lead as the main culprit in many of those heists, according to TRM Labs, a blockchain intelligence company.

Although this year has seen a decline in crypto hacks compared to 2022, about $400 million of virtual currency was stolen in the first quarter of 2023, TRM Labs reported.

Over the last few years, North Korean state-sponsored cyber actors have aggressively targeted the crypto sector, often taking advantage of an industry that is not well understood by many and not well regulated.

North Korean flags are carried during a celebration of the nation’s 73rd founding anniversary in Pyongyang, North Korea, on Sept. 9, 2021. (Associated Press).

U.S. officials and the United Nations have reported that stolen crypto funds have become an important source of revenue for North Korea’s nuclear and ballistic missile program.

“The problem has gotten very big and very serious with North Korea cybercriminals accounting for about $1 billion in stolen crypto last year,” said Ari Redbord, global head of policy and government affairs at TRM Labs.

“With North Korea, it is not about personal financial gain. Stolen crypto is used to fund weapons proliferation and other destabilizing activity,” Redbord said, adding that it has become a “serious national security threat.”

A top cyber official in the Biden administration also raised similar concerns regarding North Korea’s role in crypto hacks.

Anne Neuberger, the administration’s deputy national security adviser for cyber and emerging technology, said last year she was “concerned about North Korea’s cyber capabilities,” adding that the country uses “up to a third of [stolen crypto] funds to fund their missile program.”

Neuberger added that North Korea’s expansion of its missile testing has been a top priority for the administration, which has taken several…

Source…

BlackLotus Secure Boot Bypass Malware Set to Ramp Up

March 11, 2023/in Computer Security

BlackLotus, the first in-the-wild malware to bypass Microsoft’s Secure Boot (even on fully patched systems), will spawn copycats and, available in an easy-to-use bootkit on the Dark Web, inspire firmware attackers to increase their activity, security experts said this week.

That means that companies need to increase efforts to validate the integrity of their servers, laptops, and workstations, starting now.

On March 1, cybersecurity firm ESET published an analysis of the BlackLotus bootkit, which bypasses a fundamental Windows security feature known as Unified Extensible Firmware Interface (UEFI) Secure Boot. Microsoft introduced Secure Boot more than a decade ago, and it’s now considered one of the foundations of its Zero Trust framework for Windows because of the difficulty in subverting it.

Yet threat actors and security researchers have targeted Secure Boot implementations more and more, and for good reason: Because UEFI is the lowest level of firmware on a system (responsible for the booting-up process), finding a vulnerability in the interface code allows an attacker to execute malware before the operating system kernel, security apps, and any other software can swing into action. This ensures the implantation of persistent malware that normal security agents will not detect. It also offers the ability to execute in kernel mode, to control and subvert every other program on the machine — even after OS reinstalls and hard drive replacements — and load additional malware at the kernel level.

There have been some previous vulnerabilities in boot technology, such as the BootHole flaw disclosed in 2020 that affected the Linux bootloader GRUB2, and a firmware flaw in five Acer laptop models that could be used to disable Secure Boot. The US Department of Homeland Security and Department of Commerce even recently warned about the persistent threat posed by firmware rootkits and bootkits in a draft report on supply chain security issues. But BlackLotus ups the stakes on firmware issues significantly.

That’s because while Microsoft patched the flaw that BlackLotus targets (a vulnerability known as Baton Drop or CVE-2022-21894), the patch only makes exploitation more difficult — not…

Source…

Tag Archive for: ramp