Category: Cyber Security CII sector

Cyber Security CII sector

New ITU standards project to define a sustainability passport for digital products

Agency News, Cyber Security CII sector, Industry News
A new ITU standard is under development to describe the information that a sustainability passport for digital products should contain to support consumers, industry and government in applying the principles of circular economy.
The project is underway in ITU’s standardization expert group for ‘environment and circular economy’, ITU-T Study Group 5.
Circular economy can be described as extending a product’s lifespan over multiple lifecycles or increasing the value delivered by a product over its lifespan. Supporting the shift towards circular economy is a key priority for ITU-T Study Group 5, with e-waste now the world’s fastest-growing waste stream.
Experts see considerable potential for a sustainability passport to provide an instrument to help manage e-waste in a sustainable way, on a global scale – e-waste often crosses borders, and often to developing countries ill-equipped to manage a growing e-waste burden.
Our national passports describe our attributes at birth but also record where we have travelled. Should a sustainability passport for digital products be the same?
“Digital products have one set of attributes at manufacture, but these attributes can change over time as products are upgraded, recycled or resold,” highlights the standard’s Editor and Co-Rapporteur for the responsible working group (Q7/5), Leandro Navarro of Spain’s Colegio Oficial Ingenieros de Telecomunicación.
The new standard aims to define the requirements and semantics necessary to represent information relevant to circular product lifecycles. Its development will consider the inclusion of information available at the time of manufacture as well as dynamic information representing changes to product attributes over product lifecycles.
“We need verifiable data to support us in assessing the extent to which we are achieving principles of circular economy and our ambition to achieve net zero emissions,” explains Leandro. “There is currently no international agreement on the product information required to facilitate and achieve circularity in the digital technology industry.”
Clarifying the necessary information could help to put theory into practice, highlights Leandro, making an example of ITU L.1023, an international standard outlining an assessment method for circular scoring.
“Verifiable, machine-readable information could enable automatic comparisons of product attributes relevant to circularity,” says Leandro. "And with the required degree of interoperability, all stakeholders and systems could make use of this information."
Leave a comment , ,

New StopRansomware.gov website launched

Agency News, Cyber Security CII sector, Industry News
The U.S. Government launched a new website to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. We encourage organizations to use this new website to understand the threat of ransomware, mitigate risk, and in the event of an attack, know what steps to take next.
The StopRansomware.gov webpage is an interagency resource that provides our partners and stakeholders with ransomware protection, detection, and response guidance that they can use on a single website. This includes ransomware alerts, reports, and resources from CISA, the FBI, and other federal partners.
Leave a comment , , ,

CISA’s CSET Tool Sets Sights on Ransomware Threat

Agency News, Cyber Security CII sector, Industry News

CISA has released a new module in its Cyber Security Evaluation Tool (CSET): the Ransomware Readiness Assessment (RRA). CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. CSET—applicable to both information technology (IT) and industrial control system (ICS) networks—enables users to perform a comprehensive evaluation of their cybersecurity posture using many recognized government and industry standards and recommendations.

The RRA is a self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend and recover from a ransomware incident. CISA has tailored the RRA to varying levels of ransomware threat readiness to make it useful to all organizations regardless of their current cybersecurity maturity. The RRA:

  • Helps organizations evaluate their cybersecurity posture, with respect to ransomware, against recognized standards and best practice recommendations in a systematic, disciplined, and repeatable manner.
  • Guides asset owners and operators through a systematic process to evaluate their operational technology (OT) and information technology (IT) network security practices against the ransomware threat.
  • Provides an analysis dashboard with graphs and tables that present the assessment results in both summary and detailed form.

CISA strongly encourages all organizations to take the CSET Ransomware Readiness Assessment

Leave a comment , , ,

Coordinated action cuts off access to VPN service used by ransomware groups

Agency News, Cyber Security CII sector, Industry News
Law enforcement and judicial authorities in Europe, the US and Canada have seized the web domains and server infrastructure of DoubleVPN. This is a virtual private network (VPN) service which provided a safe haven for cybercriminals to attack their victims.
This coordinated takedown, led by the Dutch National Police (Politie), under jurisdiction of the National Public Prosecutor’s Office (Landelijk Parket), with international activity coordinated by Europol and Eurojust, has now ended the availability of this service.
VPN service ransomware
Servers were seized across the world where DoubleVPN had hosted content, and the web domains were replaced with a law enforcement splash page. This coordinated takedown was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).
DoubleVPN was heavily advertised on both Russian- and English-speaking underground cybercrime forums as a means to mask the location and identities of ransomware operators and phishing fraudsters. The service claimed to provide a high level of anonymity by offering single, double, triple and even quadruple VPN connections to its clients.
DoubleVPN was being used to compromise networks all around the world. Its cheapest VPN connection cost as little as EUR 22 ($25).
International coordination
International cooperation was central to the success of this investigation as the critical infrastructure was scattered across the world.
Europol’s European Cybercrime Centre (EC3) supported the investigation from the onset, bringing together all the involved countries to establish a joint strategy. Its cybercrime specialists organised over 30 coordination meetings and four workshops to prepare for the final phase of the takedown, alongside providing analytical and crypto-tracing support. A virtual command post was set up by Europol on the action day to ensure seamless coordination between all the authorities involved in the takedown.
Eurojust facilitated the judicial cross-border cooperation and coordination, to ensure an adequate response in order to take down the network. For this purpose, and since October last year, six dedicated coordination meetings took place, organised by Eurojust, and set up a coordination centre during the action day, during which the operation was rolled on the ground by the various national authorities involved.
Leave a comment

Coordinated Action Cuts Off Access to VPN Service Used by Ransomware Groups

Agency News, Cyber Security CII sector, Industry News
Law enforcement and judicial authorities in Europe, the US and Canada have seized the web domains and server infrastructure of DoubleVPN. This is a virtual private network (VPN) service which provided a safe haven for cybercriminals to attack their victims.
This coordinated takedown, led by the Dutch National Police (Politie), under jurisdiction of the National Public Prosecutor’s Office (Landelijk Parket), with international activity coordinated by Europol and Eurojust, has now ended the availability of this service.
Servers were seized across the world where DoubleVPN had hosted content, and the web domains were replaced with a law enforcement splash page. This coordinated takedown was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).
DoubleVPN was heavily advertised on both Russian and English-speaking underground cybercrime forums as a means to mask the location and identities of ransomware operators and phishing fraudsters. The service claimed to provide a high level of anonymity by offering single, double, triple and even quadruple VPN-connections to its clients.
DoubleVPN was being used to compromise networks all around the world. Its cheapest VPN-connection cost as little as €22 ($25).
INTERNATIONAL COORDINATION
International cooperation was central to the success of this investigation as the critical infrastructure was scattered across the world.
- Europol’s European Cybercrime Centre (EC3) supported the investigation from the onset, bringing together all the involved countries to establish a joint strategy. Its cybercrime specialists organised over 30 coordination meetings and four workshops to prepare for the final phase of the takedown, alongside providing analytical and crypto-tracing support. A virtual command post was set up by Europol on the action day to ensure seamless coordination between all the authorities involved in the takedown.
- Eurojust facilitated the judicial cross-border cooperation and coordination, to ensure an adequate response in order to take down the network. For this purpose, and since October last year, six dedicated coordination meetings took place, organised by Eurojust, and set up a coordination centre during the action day, during which the operation was rolled on the ground by the various national authorities involved.
Leave a comment , , ,

Countries ramp up cybersecurity strategies

Agency News, Cyber Security CII sector, Industry News
ITU releases fourth edition of the Global Cybersecurity Index; key 2020 data points to increased commitment
​​​​The latest Global Cybersecurity Index (GCI) from the International Telecommunication Union (ITU) shows a growing commitment around the world to tackle and reduce cybersecurity threats.
Countries are working to improve their cyber safety despite the challenges of COVID-19 and the rapid shift of everyday activities and socio-economic services into the digital sphere, the newly released 2020 index confirms.
According to GCI 2020, around half of countries globally say they have formed a national computer incident response team (CIRT), indicating an 11 per cent increase since 2018. Rapid uptake of information and communication technologies (ICTs) during the COVID-19 pandemic has put cybersecurity at the forefront.
“In these challenging times, the unprecedented reliance on ICTs to drive society, economy and industry, makes it more important than ever before to secure cyberspace and build confidence among users," affirmed ITU Secretary General Houlin Zhao. “Governments and industry need to work together to make ICTs consistently safe and trustworthy for all. The Global Cybersecurity Index is a key element, offering a snapshot of the opportunities and gaps that can be addressed to strengthen every country's digital ecosystem."
Some 64 per cent of countries had adopted a national cybersecurity strategy (NCS) by year-end, while more than 70 per cent conducted cybersecurity awareness campaigns in 2020, compared to 58 per cent and 66 per cent, respectively, in 2018.
Addressing the cyber gap
Many countries and regions lag in key areas. These include:
- ​Cybersecurity skills training, which must be tailored to the needs of citizens, micro-, small-, and medium-sized enterprises (MSMEs);
Finance, healthcare, energy, and other key sectors, which require dedicated measures to close cybersecurity gaps;
- Critical infrastructure protection, which requires enhancement to meet new and evolving cyber threats;
- Individual data protection, which requires continual reinforcement as online activity expands.
Growing reliance on digital solutions necessitates ever stronger, yet also accessible and user-friendly, data protection measures.
Leave a comment , , ,

NSA Releases Guidance on Securing Unified Communications and Voice and Video over IP Systems

Agency News, Cyber Security CII sector, Industry News
NSA released a Cybersecurity Technical Report that provides best practices and mitigations for securing Unified Communications (UC) and Voice and Video over IP (VVoIP) call-processing systems. The comprehensive report, “Deploying Secure Unified Communications/Voice and Video over IP Systems,” also describes potential risks to UC/VVoIP systems that aren’t properly secured.
To complement the larger report, NSA published an abridged Cybersecurity Information Sheet to capture key takeways and introduce the steps organizations should take when securing their UC/VVoIP systems.
UC and VVoIP are workplace call-processing systems that provide a variety of collaboration tools as well as the flexibility to communicate using voice, video conferencing and instant messaging. The access to advanced call-processing features and centralization of management have made UC and VVoIP popular in enterprise environments, including National Security System, Department of Defense and Defense Industrial Base networks.
The IP infrastructure that enables UC/VVoIP systems also presents risks that were less prevalent in the prior generation of call centers. If UC/VVoIP systems are not properly secured, they are susceptible to the same malicious activity targeting existing IP systems through spyware, viruses, software vulnerabilities or other malicious means. Malicious actors could penetrate the IP networks to eavesdrop on conversations, impersonate users, commit toll fraud and perpetrate denial of service attacks. High-definition room audio and video could also be covertly collected.
To securely deploy UC/VVOIP systems, NSA provides best practices to use when preparing networks, establishing network perimeters, using enterprise session controllers and adding endpoints to deploy a UC/VVOIP system.
Methods to minimize the risk to UC/VVOIP systems include segmenting the networks to limit access to a common set of devices, ensuring timely patching, authentication and encryption of all signaling and media traffic, and verifying the security of devices before adding them to a network.
Leave a comment , , ,

Microsoft update on brute force and password spraying activity

Agency News, Cyber Security CII sector, Industry News
The NCSC has issued advice to organisations following an update from Microsoft on malicious cyber campaigns.
Microsoft has revealed that it had identified new activity from an Advanced Persistent Threat (APT) known as NOBELIUM targeting organisations globally.
The Microsoft Threat Intelligence Center says that this activity was mostly unsuccessful.
The NCSC has observed an increase in activity as part of malicious email and password spraying campaigns against a limited number of UK organisations. We are supporting those affected and would urge all organisations to familiarise themselves with our guidance on mitigating phishing attacks, including how to block phishing emails and how to implement two-factor/multi-factor authentication:
- Phishing attacks: defending your organisation
- Multi-factor authentication for online services
- Identity and access management (part of the 10 steps to cyber security collection)
- Home working: preparing your organisation and staff
The following blog posts from Microsoft provide further details, including IoCs, detection and mitigation advice:
- New Nobelium activity – Microsoft Security Response Center
- Investigating and Mitigating Malicious Drivers – Microsoft Security Response Center
- Nobelium Resource Center – updated March 4, 2021 – Microsoft Security Response Center
Leave a comment , , ,

NSA Funds Development, Release of D3FEND

Agency News, Cyber Security CII sector, Industry News
D3FEND, a framework for cybersecurity professionals to tailor defenses against specific cyber threats is now available through MITRE.  NSA funded MITRE’s research for D3FEND to improve the cybersecurity of National Security Systems, the Department of Defense, and the Defense Industrial Base. The D3FEND technical knowledge base of defensive countermeasures for common offensive techniques is complementary to MITRE’s ATT&CK, a knowledge base of cyber adversary behavior.
D3FEND establishes terminology of computer network defensive techniques and illuminates previously-unspecified relationships between defensive and offensive methods. This framework illustrates the complex interplay between computer network architectures, threats, and cyber countermeasures.
MITRE released D3FEND as a complement to its existing ATT&CK framework, a free, globally-accessible knowledge base of cyber adversary tactics and techniques based on real-world observations. Industry and government use ATT&CK as a foundation to develop specific cyber threat models and methodologies.
Complementary to the threat-based ATT&CK model, D3FEND provides a model of ways to counter common offensive techniques, enumerating how defensive techniques impact an actor’s ability to succeed. By framing computer network defender complexity of countermeasure functions and techniques as granularly as ATT&CK frames computer network attacker techniques, D3FEND enables cybersecurity professionals to tailor defenses against specific cyber threats, thereby reducing a system’s potential attack surface. As a result, D3FEND will drive more effective design, deployment, and defense of networked systems writ large.
Frameworks such as ATT&CK and D3FEND provide mission-agnostic tools for industry and government to conduct analyses and communicate findings. Whether categorizing adversary behavior or detailing how defensive capabilities mitigate threats, frameworks provide common descriptions that empower information sharing and operational collaboration for an ever-evolving cyber landscape.
Leave a comment , , ,

GAO Cybersecurity Report and Recommendations for HHS

Agency News, Cyber Security CII sector, Industry News
The Government Accountability Office (GAO) wants HHS to improve cybersecurity efforts by strengthening collaboration within the department and with the broader healthcare sector.
Health care organizations' IT systems are critical to the nation's well-being. Cyberattacks on them could, for example, put patient privacy at risk or disrupt essential telehealth services. (The nation's cybersecurity is on our High Risk List.)
The Department of Health and Human Services coordinates with health care organizations and others to support cybersecurity efforts. Its policies and procedures clearly describe roles and responsibilities, which is good for collaboration.
GAO is making seven recommendations to HHS to improve its collaboration and coordination within the department and the sector:
1. The HHS secretary should have the CIO overseeing the coordination and sharing of cybersecurity information between the Health Sector Cybersecurity Coordination Center and Healthcare Threat Operations Center.
2. The HHS secretary should order the CIO to monitor, evaluate and report on the progress and performance of the HHS Chief Information Security Officer Council, Continuous Monitoring and Risk Scoring Working Group, and Cloud Security Working Group.
3. HHS should direct the assistant secretary for preparedness and response to monitor, evaluate and report on the progress and performance of the Government Coordinating Council's Cybersecurity Working Group and HHS Cybersecurity Working Group.
4. HHS should have the CIO regularly monitor and update written agreements that describe how the HHS Chief Information Security Officer Council, Continuous Monitoring and Risk Scoring Working Group, and Cloud Security Working Group will collaborate and ensure that officials review and approve the updated agreements.
5. HHS should direct the assistant secretary for preparedness and response to ensure that authorizing officials review and approve the charter describing how the HHS Cybersecurity Working Group will manage collaboration.
6. HHS should have the assistant secretary for preparedness and response do the following: finalize written agreements that include a description of how the Government Coordinating Council's Cybersecurity Working Group will work together; identify the working group's roles and responsibilities; monitor and update the written agreements on a regular basis; and ensure that authorizing officials leading the working group approve the final agreements.
7. HHS should tell the assistant secretary for preparedness and response to update the charter for the Joint Healthcare and Public Health Cybersecurity Working Group for the current fiscal year and ensure that authorizing officials overseeing the group review and approve the updated charter.
Leave a comment , , ,
1 14 15 16 17 18 28