Category: Cyber Security CII sector

Cyber Security CII sector

CISA Releases Update to Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to a previously published Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells. The CSA—originally released to warn network defenders of critical infrastructure organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway—contains victim information gathered in August 2023. Since July 2023, the Joint Cyber Defense Collaborative (JCDC) has facilitated continuous, real-time threat information sharing with and between partners on post-exploitation activity of CVE-2023-3519. JCDC consolidated and shared detection methods, threat actor tactics, techniques, and procedures (TTPs), and indicators of compromise (IOCs) received from industry and international partners. The updated CSA contains new TTPs as well as IOCs received from some of these partners and an additional victim.
CISA strongly urges all critical infrastructure organizations to review the advisory and follow the mitigation recommendations—such as prioritizing patching known exploited vulnerabilities like Citrix CVE-2023-3519.

Leave a comment

International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware

Agency News, Cyber Security CII sector, Industry News

The United Kingdom’s National Cyber Security Centre (NCSC-UK), the United States’ Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI), New Zealand’s National Cyber Security Centre (NCSC-NZ), Canadian Centre for Cyber Security (CCCS), and the Australian Signals Directorate (ASD) published a joint Malware Analysis Report (MAR), on Infamous Chisel a new mobile malware targeting Android devices with capabilities to enable unauthorized access to compromised devices, scan files, monitor traffic, and periodically steal sensitive information.

Infamous Chisel mobile malware has been used in a malware campaign targeting Android devices in use by the Ukrainian military.

Infamous Chisel is a collection of components targeting Android devices and is attributed to Sandworm, the Russian Main Intelligence Directorate’s (GRU’s) Main Centre for Special Technologies, GTsST. The malware’s capability includes network monitoring, traffic collection, network backdoor access via The Onion Router (Tor) and Secure Shell (SSH), network scanning and Secure Copy Protocol (SCP) file transfer.

The authoring organizations urge users, network defenders, and stakeholders to review the malware analysis report for indicators of compromise (IOCs) and detection rules and signatures to determine system compromise. For more information about malware, see CISA’s Malware, Phishing, and Ransomware page. The joint MAR can also be read in full on the NCSC-UK website. Associated files relating to this report can also be accessed via the NCSC's Malware Analysis Reports page.

Leave a comment , , ,

CISA and FBI Publish Joint Advisory on QakBot Infrastructure

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Identification and Disruption of QakBot Infrastructure, to help organizations detect and protect against newly identified QakBot-related activity and malware. QakBot—also known as Qbot, Quackbot, Pinkslipbot, and TA570—is responsible for thousands of malware infections globally.

Originally used as a banking trojan to steal banking credentials for account compromise, QakBot—in most cases—was delivered via phishing campaigns containing malicious attachments or links to download the malware, which would reside in memory once on the victim network. QakBot has since grown to deploy multiple types of malware, trojans, and highly-destructive ransomware variants targeting the United States and other global infrastructures, including the Election Infrastructure Subsector, Financial Services, Emergency Services, and Commercial Facilities Sectors.

CISA and FBI urge organizations to implement the recommendations contained within the joint CSA to reduce the likelihood of QakBot-related activity and promote identification of QakBot-facilitated ransomware and malware infections.

Leave a comment , ,

Download latest Preliminary Conference Programme Guide for CIPRE

Association News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector, Space Sector, Telecomms sector, Transport sector

As someone responsible in your organisations for critical assets and/or infrastructure, Critical Infrastructure Protection and Resilience Europe is the leading conference that will keep you abreast of the changes in legislation, current threats and latest developments.

Download the Preliminary Conference Programme Guide at www.cipre-expo.com/guide.

What is the new directive on the Resilience of Critical Entities...

The Directive on the Resilience of Critical Entities entered into force on 16 January 2023. Member States have until 17 October 2024 to adopt national legislation to transpose the Directive.

The Directive aims to strengthen the resilience of critical entities against a range of threats, including natural hazards, terrorist attacks, insider threats, or sabotage, as well as public health emergencies.

Are you up to date on this legislation, and do you know what you need to do to be compliant?

Get updated on the NIS2 Directive and what it means to you...

An important discussion will centre around the EU cybersecurity rules introduced in 2016 and updated by the NIS2 Directive that came into force in 2023. It modernised the existing legal framework to keep up with increased digitisation and an evolving cybersecurity threat landscape.

By expanding the scope of the cybersecurity rules to new sectors and entities, it further improves the resilience and incident response capacities of public and private entities, competent authorities and the EU as a whole.

Businesses identified by the Member States as operators of essential services in the above sectors will have to take appropriate security measures and notify relevant national authorities of serious incidents. Key digital service providers, such as search engines, cloud computing services and online marketplaces, will have to comply with the security and notification requirements under the Directive.

What will this mean for you and how can you meet the Directives goals?

Critical Infrastructure Protection and Resilience Europe is Europe's leading discussion that brings together leading stakeholders from industry, operators, agencies and governments to collaborate on securing Europe's critical infrastructures.
The conferences top quality programme looks at these developing themes and help create better understanding of the issues and the threats, to help facilitate the work to develop frameworks, good risk management, strategic planning and implementation.

The packed event themes include:

- Interdependencies and Cascading Effects
- Emerging Threats against CI
- Crisis Management, Coordination & Communication
- Power & Energy Sector Symposium
- Government, Defence & Space Sector Symposium
- Communications Sector Symposium
- Information Technology (CIIP) Sector Symposium
- Transport Sector Symposium
- CBRNE Sector Symposium
- Technologies to Detect and Protect
- Risk Mitigation and Management
- The Insider Threat
- Business Continuity Management
- EU Horizon Projects Overviews

You are invited to be a part of this program, where you can meet, network and learn from the experiences of over 40 expert international speakers, as well as industry colleagues who share the same challenges and goals.

Please join us and the CI industry in the beautiful city of Prague, on 3rd-5th October, for a great programme of discussions that can help you to deliver enhanced security and resilience for your organisation.

Visit www.cipre-expo.com for further details

 

Leave a comment

CISA Publishes JCDC Remote Monitoring and Management Systems Cyber Defense Plan

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA) published the Cyber Defense Plan for Remote Monitoring and Management (RMM), the first proactive Plan developed by industry and government partners through the Joint Cyber Defense Collaborative (JCDC) as part of our 2023 Planning Agenda. This Plan provides a clear roadmap to advance security and resilience of the RMM ecosystem and further specific lines of effort in the National Cyber Strategy to scale public-private collaboration and in the CISA Cybersecurity Strategic Plan to drive adoption of the most impactful security measures.

Organizations across sectors leverage RMM products to gain efficiencies and benefit from scalable services. These same benefits, however, are increasingly targeted by adversaries – from ransomware actors to nation-states – to compromise large numbers of downstream customer organizations. By targeting RMM products, threat actors attempt to evade detection and maintain persistent access, a technique known as living off the land.

Part of our 2023 Planning Agenda, the RMM Cyber Defense Plan provides a clear roadmap to advance security and resilience of this critical ecosystem, including RMM vendors, managed service providers (MSPs), managed security service providers (MSSPs), small and medium sized businesses (SMBs), and critical infrastructure operators. This Plan was developed through a multi-month process that leveraged deep expertise by vendors, operators, agencies, and other stakeholders, and has already resulted in a significant deliverable with publication of our joint advisory on Protecting Against Malicious Use of Remote Monitoring and Management Software.

The RMM Cyber Defense Plan is built on two foundational pillars, operational collaboration and cyber defense guidance, and contains four subordinate lines of effort:

(1) Cyber Threat and Vulnerability Information Sharing: Expand the sharing of cyber threat and vulnerability information between U.S. government and RMM ecosystem stakeholders.

(2) Enduring RMM Operational Community: Implement mechanisms for an enduring RMM operational community that will continue to mature scaled security efforts.

(3) End-User Education: Develop and enhance end-user education and cybersecurity guidance to advance adoption of strong best practices, a collaborative effort by CISA, interagency partners and other RMM ecosystem stakeholders.

(4) Amplification: Leverage available lines of communication to amplify relevant advisories and alerts within the RMM ecosystem.

“As envisioned by Congress and the Cyberspace Solarium Commission, JCDC Cyber Defense Plans are intended to bring together diverse stakeholders across the cybersecurity ecosystem to understand systemic risks and develop shared, actionable solutions. The RMM Cyber Defense Plan demonstrates the criticality of this work and the importance of both deep partnership and proactive planning in addressing systemic risks facing our country,” said Eric Goldstein,CISA Executive Assistant Director for Cybersecurity. “These planning efforts are dependent on trusted collaboration with our partners, and this Plan was a true partnership with the RMM community, industry and interagency partners that contributed time and effort towards this important work. The collaboration established to develop this plan has already achieved several accomplishments for RMM stakeholders and ecosystem. As the JCDC leads the execution of this plan, we are confident that this public-private collaboration in the RMM ecosystem will further reduce risk to our nation’s critical infrastructure.”

Leave a comment

Your latest issue of Critical Infrastructure Protection & Resilience News has arrived

Association News, Cyber Security CII sector, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector

Please find here your downloadable copy of the Summer 2023 issue of Critical Infrastructure Protection & Resilience News for the latest views and news at www.cip-association.org/CIPRNews.

- The CNI / Crowded Places Security Debate
- Beyond Physical Protection
- Hybrid Threats
– A Comprehensive Resilience Ecosystem
- Artificial Intelligence and Cybersecurity Research
- Resilience in action
- An Interview with EU-CIP Project
- IBM Report: Half of Breached Organizations Unwilling to Increase Security Spend Despite Soaring Breach Costs
- Using the EU Space Programme for disaster risk management in Hungary
- An Interview with TIEMS
- Critical Infrastructure Protection and Resilience Europe Preview
- Agency and Industry News

Download your Critical Infrastructure Protection & Resilience News at www.cip-association.org/CIPRNews

Critical Infrastructure Protection and Resilience News is the official magazine of the International Association of Critical Infrastructure Protection Professionals (IACIPP), a non-profit organisation that provides a platform for sharing good practices, innovation and insights from Industry leaders and operators alongside academia and government and law enforcement agencies.

#CriticalInfrastructureProtection #CriticalInfrastructure #cybersecurity #help2protect #cisa #ciprna #cipre #resilience #cooperation #emergencymanagement #emergencyresponse #crisismanagement #businesscontinuity #crisisresponse #mitigation

Leave a comment

CISA, NSA, and NIST Publish Factsheet on Quantum Readiness

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and National Institute of Standards and Technology (NIST) released a joint factsheet, Quantum-Readiness: Migration to Post-Quantum Cryptography (PQC), to inform organizations—especially those that support Critical Infrastructure—of the impacts of quantum capabilities, and to encourage the early planning for migration to post-quantum cryptographic standards by developing a Quantum-Readiness Roadmap.

CISA, NSA, and NIST urge organizations to review the joint factsheet and to begin preparing now by creating quantum-readiness roadmaps, conducting inventories, applying risk assessments and analysis, and engaging vendors. For more information and resources related to CISA’s PQC work, visit Post-Quantum Cryptography Initiative.

Leave a comment , ,

CISA Releases Infrastructure Resilience Planning Framework Launchpoint

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA) releases the Infrastructure Resilience Planning Framework (IRPF) Launchpoint, a supplemental resource developed to help prospective users of the IRPF quickly navigate IRPF guidance and concepts based on their specific needs.

This self-appraisal tool helps users contemplate their community’s resilience goals and start developing an approach to incorporating critical infrastructure resilience into their planning activities by pointing them to specific IRPF guidance, resources, and templates that might be most relevant and valuable to them.

“The IRPF Launchpoint is a great resource created by our Resilience Services Branch that provides SLTT and regional planners with insights on how best to apply the Infrastructure Resilience Planning Framework to meet their specific needs,” said Dr. David Mussington, Executive Assistant Director for Infrastructure Security. “As one of many resilience resources within CISA, the new IRPF Launchpoint tool will guide users to specific resources they can employ in planning for infrastructure to reduce the risk of disruptions to their communities.”

Infrastructure is the backbone of communities, providing not only critical services, but also the means for health, safety, and economic growth. CISA’s IRPF provides flexible guidance for state, local, tribal, territorial, and regional planners on enhancing community resilience by addressing critical infrastructure dependencies in their existing planning efforts.

Leave a comment

Spanish EU Council Presidency: CoESS and APROSER make proposals for a future-oriented, more resilient, European Union

Cyber Security CII sector, Industry News

On 01 July 2023, Spain took over the rotating Presidency of the Council of the EU. It will thereby be responsible to lead the work in Brussels on important matters such as negotiations on the EU Artificial Intelligence (AI) Act and initiatives in the context of the EU Year on Skills.

In a Joint Statement, CoESS and APROSER declare the commitment of the European security industry to support the efforts of the Spanish Presidency on a large range of matters impacting not only the security services, but public security overall.

The timing of the Spanish Presidency comes at a particularly decisive stage. First, EU lawmakers will have to find agreement on a large range of open dossiers before the European elections in 2024, notably the EU AI Act. At the same time, European businesses and societies are confronted with a range of challenges, such as labour shortages and increasing threats to the protection of Critical Infrastructure and supply chains – to name only a few.

In their Joint Statement, the representatives of the European and Spanish private security industry, CoESS and APROSER, confirm their commitment to support the Spanish Presidency in its efforts to build a more future-oriented and resilient EU and make respective proposals for the way forward. These are grouped along four key messages:

- Recognising the value of private security services to European citizens and economy
- Adapt legislation to realities in a changing security landscape
- Public security empowered through qualified workers
- Enforce the provision of high-quality security services to European citizens

Important recommendations include the hosting of a private security roundtable in Brussels, principles of human-centred AI and legal certainty in the context of the future EU AI Act, and a call for a revision of the EU Public Procurement Directives.

Leave a comment , , ,

ICS regulations, standards and directives improve cybersecurity in OT environments, though limitations prevail

Cyber Security CII sector, Industry News

Increasing instances of cybersecurity threats, geopolitical instability, and rising cyber insurance premiums call upon operational environments to strengthen and safeguard by implementing ICS regulations, standards, and directives. Weaving these measures into the organizational framework helps improve security posture, enhance resilience against cyber threats, minimize cyber risks, protect assets and operations, and safeguard public safety and national security while establishing a common baseline for cybersecurity practices.

Federal agencies around the world have recognized the importance of securing critical infrastructure systems and stepped up efforts to bolster cybersecurity measures in OT (operational technology) environments. These regulations outline specific requirements that organizations must follow regarding the management and protection of their OT assets. Compliance with these measures is mandatory and failure to comply can result in penalties or loss of licensing.

Assigning directives by regulatory bodies or industry-specific organizations also helps provide guidance on specific aspects of cybersecurity for OT environments. These measures serve as a roadmap for organizations to enhance their security posture and align their practices with industry best practices.

Standards are set by international organizations and industry consortiums to define best practices, frameworks, and technical specifications for securing OT environments. Standards such as ISO 27001, IEC 62443, IEC 63452, and NIST SP 800-82 provide organizations with a structured approach to implementing security controls, risk management, and incident response processes in OT environments. Compliance with these standards helps organizations demonstrate their commitment to cybersecurity and provides a benchmark for measuring their security posture.

Industrial Cyber contacted cybersecurity executives to assess the adequacy of existing regulations, standards, and directives in addressing Ransomware-as-a-Service (RaaS) attacks, nation-state hackers, and insider threats in OT/ICS environments. They also analyze how they contribute to building resilience and business continuity in OT environments and the critical infrastructure sector.

“CISA is at its core a partnership agency and our relationship with critical infrastructure entities is based on a voluntary collaboration and trust,” Eric Goldstein, executive assistant director for cybersecurity at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), told Industrial Cyber. “In certain cases, CISA supports regulatory agencies in developing outcome-oriented requirements that appropriately incentivize adoption of the most effective security controls, including with agencies like TSA, EPA, and the U.S. Coast Guard.”

He added that in all cases, regulatory requirements do not replace the foundational value of voluntary operational collaboration to support shared security outcomes between the government and the private sector.

“The relative pervasiveness of RaaS and other intrusions into critical infrastructure demonstrate that our current regimes are insufficient to ensuring that critical infrastructure owners and operators have taken the necessary steps to secure their environments,” Mark Bristow, director of MITRE’s Cyber Infrastructure Protection Innovation Center (CIPIC), told Industrial Cyber. “This is particularly frustrating in the case of RaaS where financially motivated adversaries are often looking for the ‘low hanging fruit’ with vulnerabilities that are well understood and can be mitigated but are not providing ample examples of ransomware against our CI entities. Some industries already have regulations for cybersecurity, such as the NERC CIP regulations.”

Full story at Industrial Cyber >>

Leave a comment ,
1 2 3 4 5 6 28