Tag Archive for: Suffer

Could Critical Infrastructure Suffer from a PIPEDREAM? | Nossaman LLP

/in


During the past couple of years, multiple warnings of imminent cyberattacks have seemingly gone unheeded by critical infrastructure owners and operators. Is embracing a fantasy that they won’t be attacked potentially a pipedream? Both figuratively and literally, the answer is “yes.”  

A report filed February 14, 2023 indicates how close multiple water and Liquefied Natural Gas (LNG) facilities came to being victims of a catastrophic Russian-based malware dubbed “PIPEDREAM.” This malware is particularly pernicious because it can infect a broad range of industrial control systems (ICS) rather than a single, specific system. Described as a “‘state-level’, wartime capability,” the PIPEDREAM malware has the capability of taking industrial control systems offline, creating a potentially disastrous outcome. Moreover, while earlier malwares could infect control systems through vulnerabilities in the system’s software that could be remedied with a “patch,” PIPEDREAM cannot be fixed with a patch because it takes advantage of the inherent capabilities built into the ICS itself.

However, because PIPEDREAM is such a potent malware, it is not known if it was actually prevented from infecting the control systems of water and LNG facilities, or if it is lying dormant waiting for the most opportune time to attack. At the very least, it is expected that PIPEDREAM will remain a tenacious threat that critical infrastructure owners and operators must take measures to thwart. The time for whistling past the graveyard is over.

The Cybersecurity and Infrastructure Security Agency (CISA) offers a number of ways to protect ICS from malware attacks.

Source…

City of Oakland, Irish and Israeli universities suffer ransomware attacks

/in


The city of Oakland, California, has fallen victim to a ransomware attack, forcing the city to shut down its systems.

The City said in a statement that the attack has not impacted critical services such as 911 dispatch, fire and emergency resources, which continue to operate normally.

The City’s Information Technology Department (ITD) is working in coordination with law enforcement to investigate the attack and restore impacted services. The City says it has initiated a plan to respond to the attack based on industry best practices.

The public has been informed that there may be delays.

“We are actively monitoring the situation and sending updated information as it becomes available,” the statement reads.

The identity of the gang behind the attack is yet to be determined. The City has not yet disclosed any information about ransom demands or data theft from the compromised systems.

Oakland reporter Jaime Omar Yassin was the first to break the news on Twitter last week.

Last year, Yassin reported that the City’s IT department was understaffed and vulnerable to ransomware attacks.

Munster Technological University data leak

Munster Technological University (MTU) in Cork, Ireland confirmed on Sunday that the data stolen in a recent cyberattack is now available on the dark web.

The university said in a statement that its technical advisers and the National Cyber Security Centre (NCSC) has informed it that specific data was accessed and copied from MTU systems during the ransomware attack and now made available on the dark web.

The NCSC has been assisting the MTU since the incident.

While the institution said it was not feasible to fully determine the exact nature of all data, including personal data affected or the identities of all people impacted by this leak, it has started informing those possibly affected.

MTU is also advising people to be wary of possible phishing attacks, providing advice on how to protect themselves from them.

The university claims it has taken precautions to safeguard its students and employees by deploying all of its resources in the investigation of the attack, with support of professional forensic experts and the NCSC.

In addition, the MTU has secured an…

Source…

TN Public Department’s computer systems suffer ransomware attack

/in


Tamil Nadu’s Public Department’s computers systems on Saturday suffered a ransomware attack – malware that employs encryption to hold a victim’s information at ransom – with attackers allegedly seeking ransom in cryptocurrency to release the malware.

Information Technology Secretary Neeraj Mittal confirmed that the ransomware attack, but said it was not critical. “We have isolated the affected systems that were under attack and are assessing the situation. We are trying to get back the access,” he said.

He declined to comment on the demand of nearly $2,000 as cryptocurrency as ransom to release the malware.

It is learnt that officials from Centre for Development of Advanced Computing and Computer Emergency Response Team are working to retrieve the systems.

Source…

German politicians suffer massive hack of personal details and private communications

/in
Germany thumb

The private communications, emails, contact details, mobile phone numbers, memos, and financial information of hundreds of politicians have been published online.

Graham Cluley