CISA Releases Directive on Reducing the Significant Risk of Known Exploited Vulnerabilities

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, to drive urgent and prioritized remediation of vulnerabilities that are being actively exploited by adversaries. The Directive establishes a CISA-managed catalog of known exploited vulnerabilities and requires federal civilian agencies to remediate such vulnerabilities within specific timeframes.

CISA issued BOD 22-01 to drive federal agencies to mitigate actively exploited vulnerabilities on their networks, sending a clear message to all organizations across the country to focus patching on the subset of vulnerabilities that are causing harm now, and enable CISA to drive continuous prioritization of vulnerabilities based on our understanding of adversary activity. The Directive applies to all software and hardware found on federal information systems, including those managed on agency premises or hosted by third parties on an agency’s behalf. With this Directive, CISA is imposing the first government-wide requirements to remediate vulnerabilities affecting both internet-facing and non-internet facing assets.

“Every day, our adversaries are using known vulnerabilities to target federal agencies. As the operational lead for federal cybersecurity, we are using our directive authority to drive cybersecurity efforts toward mitigation of those specific vulnerabilities that we know to be actively used by malicious cyber actors,” said CISA Director Jen Easterly. “The Directive lays out clear requirements for federal civilian agencies to take immediate action to improve their vulnerability management practices and dramatically reduce their exposure to cyber attacks. While this Directive applies to federal civilian agencies, we know that organizations across the country, including critical infrastructure entities, are targeted using these same vulnerabilities. It is therefore critical that every organization adopt this Directive and prioritize mitigation of vulnerabilities listed in CISA’s public catalog.”

With over 18,000 vulnerabilities identified in 2020 alone, organizations in the public and private sector find it challenging to prioritize limited resources toward remediating the vulnerabilities that are most likely to result in a damaging intrusion. This Directive addresses this challenge by driving mitigations of those vulnerabilities that are being actively exploited to compromise federal agencies and American businesses, building upon existing methods widely used to prioritize vulnerabilities by many organizations today.

This Directive applies to federal civilian agencies however, CISA strongly recommends that private businesses and state, local, tribal and territorial (SLTT) governments prioritize mitigation of vulnerabilities listed in CISA’s public catalog and sign up to receive notifications when new vulnerabilities are added.

Leave a comment , , ,

Joint global ransomware operation sees arrests and criminal network dismantled

Agency News, Cyber Security CII sector, Industry News

A four-year operation across five continents has disrupted a ransomware cybercrime gang and seen the arrest of seven suspects believed to be behind global malware crime operations.

Codenamed ‘Quicksand’ (GoldDust) and carried out by 19 law enforcement agencies in 17 countries, the transcontinental operation saw officers collect and examine intelligence to establish a global threat picture about attacks by ransomware families - particularly GandCrab and Revil-Sodinokibi - and the suspects behind them.

The organized crime group that used these malwares is known for breaking into business and private networks using a range of infiltration techniques, and then deploying ransomware against their victims. The ransomware then encrypts files which are then used to blackmail companies and people into paying huge ransoms.

The suspects arrested during Operation Quicksand are suspected of perpetrating tens of thousands of ransomware infections and demanding more than EUR 200 million in ransom

Intelligence exchanged during the operation enabled

- Korean law enforcement to arrest three suspects in February, April and October;
- Kuwaiti authorities to arrest a man thought to have carried out ransomware attacks using the GandGrab ransomware;
- Romanian authorities to arrest two individuals suspected of ransomware cyber-attacks and believed to be responsible for 5,000 infections as well as half a million euros profit in ransom payments;
- The arrest of a man believed to be responsible for the Kaseya ransomware attack, thought to have been carried out last July by the REvil gang with more than 1,500 people and 1,000 businesses affected worldwide.

“Ransomware has become too large of a threat for any entity or sector to address alone; the magnitude of this challenge urgently demands united global action which INTERPOL can uniquely facilitate as a neutral and trusted global partner,” said INTERPOL Secretary General Jürgen Stock.

“Policing needs to harness the insights of the cyber security industry to identify and disrupt cyber criminals as part of a true coalition, working together to reduce the global impact of ransomware cybercrime,” added the Secretary General.

A joint INTERPOL-Europol operation, Quicksand was coordinated from INTERPOL’s Cyber Fusion Centre in Singapore where stakeholders shared live intelligence in an interactive and secure environment via INTERPOL’s global network and capabilities.

Through INTERPOL’s Gateway project, INTERPOL’s private partners Trend Micro, CDI, Kaspersky Lab and Palo Alto Networks also contributed to investigations by sharing information and technical expertise.
Gateway boosts law enforcement and private industry partnerships to generate threat data from multiple sources and enable police authorities to prevent attacks.

Bitdefender supported operations by releasing tailor-made decryption tools to unlock ransomware and enable victims to recover files. These innovative tools enabled more than 1,400 companies to decrypt their networks, saving them almost EUR 475 million in potential losses.

KPN, McAfee, S2W helped investigations by providing cyber and malware technical expertise to INTERPOL and its member countries.

Operation Quicksand continues to supply evidence that is feeding into further cybercrime investigations and enabling the international police community to disrupt numerous channels used by cybercriminals to launder cryptocurrency and commit ransomware crime.

With the combined global financial impact in ransom payments from ransomware families believed to be within the billions of dollars and thousands of victims worldwide, INTERPOL’s private partners and member countries work together to provide support to victims hit by the ransomware.

Research from Chainalysis found that criminals made USD 350 million in 2020 from ransomware payments, representing an increase of 311 per cent in one year. Over the same period, the average ransom payment increased by 171 per cent, according to Palo Alto Networks.

Leave a comment , , ,

12 targeted for involvement in ransomware attacks against critical infrastructure

Agency News, Cyber Security CII sector, Industry News

A total of 12 individuals wreaking havoc across the world with ransomware attacks against critical infrastructure have been targeted as the result of a law enforcement and judicial operation involving eight countries.

These attacks are believed to have affected over 1 800 victims in 71 countries. These cyber actors are known for specifically targeting large corporations, effectively bringing their business to a standstill.

The actions took place in the early hours of 26 October in Ukraine and Switzerland. Most of these suspects are considered high-value targets because they are being investigated in multiple high-profile cases in different jurisdictions.

As the result of the action day, over USD 52 000 in cash was seized, alongside 5 luxury vehicles. A number of electronic devices are currently being forensically examined to secure evidence and identify new investigative leads.

The targeted suspects all had different roles in these professional, highly organised criminal organisations. Some of these criminals were dealing with the penetration effort, using multiple mechanisms to compromise IT networks, including brute force attacks, SQL injections, stolen credentials and phishing emails with malicious attachments.

Once on the network, some of these cyber actors would focus on moving laterally, deploying malware such as Trickbot, or post-exploitation frameworks such as Cobalt Strike or PowerShell Empire, to stay undetected and gain further access.

The criminals would then lay undetected in the compromised systems, sometimes for months, probing for more weaknesses in the IT networks before moving on to monetising the infection by deploying a ransomware. These cyber actors are known to have deployed LockerGoga, MegaCortex and Dharma ransomware, among others.

The effects of the ransomware attacks were devastating as the criminals had had the time to explore the IT networks undetected. A ransom note was then presented to the victim, which demanded the victim pay the attackers in Bitcoin in exchange for decryption keys.

A number of the individuals interrogated are suspected of being in charge of laundering the ransom payments: they would funnel the Bitcoin ransom payments through mixing services, before cashing out the ill-gotten gains.
International cooperation

International cooperation coordinated by Europol and Eurojust was central in identifying these threat actors as the victims were located in different geographical locations around the world.

Initiated by the French authorities, a joint investigation team (JIT) was set up in September 2019 between Norway, France, the United Kingdom and Ukraine with financial support of Eurojust and assistance of both Agencies. The partners in the JIT have since been working closely together, in parallel with the independent investigations of the Dutch and U.S. authorities, to uncover the actual magnitude and complexity of the criminal activities of these cyber actors to establish a joint strategy.

Eurojust established a coordination centre to facilitate cross-border judicial cooperation during the action day. In preparation of this, seven coordination meetings were held.

Europol’s European Cybercrime Centre (EC3) hosted operational meetings, provided digital forensic, cryptocurrency and malware support and facilitated the information exchange in the framework of the Joint Cybercrime Action Taskforce (J-CAT) hosted at Europol’s headquarters in The Hague.

Leave a comment , , ,

Asia-Pacific implements radiocommunication updates

Agency News, Industry News, Telecomms sector

Countries across Asia and the Pacific need fair, transparent, and predictable spectrum policies to accelerate equitable digital transformation across the region, according to radiocommunication experts convened by the International Telecommunication Union (ITU) over the last two weeks.

Regulators, industry experts and academics met to discuss future Asia-Pacific radio-frequency spectrum requirements following Radio Regulations updates.

"Radiocommunication services profoundly transform the way we work, travel, do business and access public services, including education and health," said ITU Secretary-General Houlin Zhao. “The Regional Radiocommunication Seminars provide an excellent opportunity for our members to learn the practical application of the ITU Radio Regulations, so that people everywhere can take advantage of the social and economic opportunities brought about by the rapid growth of digital platforms."

The regional seminar, convened entirely online, covered the regulatory framework for both terrestrial and space services and the procedures for filing and recording frequency assignments in the Master International Frequency Register (MIFR).

Masanori Kondo, Secretary-General of the Asia-Pacific Telecommunity, welcomed the discussions as “an opportunity for regulators to widen and deepen their knowledge and insight in the field of spectrum management." He emphasized the need for Asia-Pacific countries to develop fair, predictable, and transparent spectrum management policies and regulations to keep their diverse and geographically extensive telecommunication sector functioning effectively.

ITU support and guidance
Participants discussed the current regulatory framework for international frequency management, ITU Radiocommunication (ITU-R) Recommendations, and best practices for spectrum use by both terrestrial and space services.

“Despite the challenges brought about by the COVID-19 pandemic, we continue to deliver high quality capacity building opportunities to our members, supporting them with all the information and tools they need to analyse and implement the Radio Regulations and promote efficient spectrum management," said Mario Maniewicz, Director of the ITU Radiocommunication Bureau.

RRS-21 Asia-Pacific also included basic training to prepare for technical examinations and gain familiarity with ITU tools to produce frequency notices.

Leave a comment , ,

Weather and climate extremes in Asia killed thousands, displaced millions and cost billions in 2020

Agency News, Industry News, Water sector

Extreme weather and climate change impacts across Asia in 2020 caused the loss of life of thousands of people, displaced millions of others and cost hundreds of billions of dollars, while wreaking a heavy toll on infrastructure and ecosystems. Sustainable development is threatened, with food and water insecurity, health risks and environmental degradation on the rise, according to a new multi-agency report coordinated by the World Meteorological Organization (WMO).

The State of the Climate in Asia 2020 provides an overview of land and ocean temperatures, precipitation, glacier retreat, shrinking sea ice, sea level rise and severe weather. It examines socio-economic impacts in a year when the region was also struggling with the COVID-19 pandemic, which in turn complicated disaster management.

The report shows how every part of Asia was affected, from Himalayan peaks to low-lying coastal areas, from densely populated cities to deserts and from the Arctic to the Arabian seas.

“Weather and climate hazards, especially floods, storms, and droughts, had significant impacts in many countries of the region, affecting agriculture and food security, contributing to increased displacement and vulnerability of migrants, refugees, and displaced people, worsening health risks, and exacerbating environmental issues and losses of natural ecosystems,” said WMO Secretary-General Prof. Petteri Taalas.

“Combined, these impacts take a significant toll on long term sustainable development, and progress toward the UN 2030 Agenda and Sustainable Development Goals in particular,” he said.

The report combines input from a wide range of partners including the United Nations Economic and Social Commission for Asia and the Pacific (ESCAP) and other UN agencies, national meteorological and hydrological services as well as leading scientists and climate centres.

Leave a comment , ,

NSA and CISA provide cybersecurity guidance for 5G cloud infrastructures

Agency News, Industry News, Telecomms sector

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published cybersecurity guidance to securely build and configure cloud infrastructures in support of 5G. Security Guidance for 5G Cloud Infrastructures: Prevent and Detect Lateral Movement is the first of a four-part series created by the Enduring Security Framework (ESF), a cross-sector, public-private working group which provides cybersecurity guidance that addresses high priority cyber-based threats to the nation’s critical infrastructure.

“This series provides key cybersecurity guidance to configure 5G cloud infrastructure,” said Natalie Pittore, Chief of ESF in NSA’s Cybersecurity Collaboration Center. “Our team examined priority risks so that we could provide useful guidance, disseminated in an actionable way to help implementers protect their infrastructure.”

The series builds on the ESF Potential Threat Vectors to 5G Infrastructure analysis paper released in May 2021, which focused specifically on threats, vulnerabilities, and mitigations that apply to the deployment of 5G infrastructures. Based on preliminary analysis and threat assessment, the top 5G cloud infrastructure security challenges were identified by ESF and a four-part series of instructional documents covering those challenges will be released over the next few weeks. Topics include securely isolating network resources; protecting data in transit, in use, and at rest; and ensuring integrity of the network infrastructure.

Part I focuses on detecting malicious cyber actor activity in 5G clouds to prevent the malicious cyberattack of a single cloud resource from compromising the entire network. The guidance provides recommendations for mitigating lateral movement attempts by malicious cyber actors who have successfully exploited a vulnerability to gain initial access into a 5G cloud system.
“This series exemplifies the national security benefits resulting from the joint efforts of ESF experts from CISA, NSA, and industry,” said Rob Joyce, NSA Cybersecurity Director. “Service providers and system integrators that build and configure 5G cloud infrastructures who apply this guidance will do their part to improve cybersecurity for our nation.”

“Strong and vibrant partnerships are critical to the overall effort to reduce cyber risk. Along with our public and private partners in the ESF, CISA is proud to partner with NSA to present the Security Guidance series for 5G Infrastructure,” said Alaina Clark, Assistant Director for Stakeholder Engagement. “Protecting 5G cloud infrastructure is a shared responsibility and we encourage 5G providers, operators and customers to review the new guidance.”

5G cloud providers, integrators, and network operators share the responsibility to detect and mitigate lateral movement attempts within their 5G cloud infrastructure. This document provides best practices to secure the 5G cloud from specific cyber threats of lateral movement that could compromise a network.

Leave a comment , , ,

ESA and the City of Essen collaborate to protect urban and suburban areas with the power of space-applications

Industry News, Space Sector

The City of Essen and the European Space Agency (ESA) are cooperating to promote the development of space-applications in support of the development and the protection of urban environments in a sustainable manner. As a priority within the sustainable urban development, the focus will be on the natural green protection in urban and suburban areas, climate change challenges, biodiversity protection, sustainable urban mobility, circular economy, and support of growth of a sustainable green and digital economy by leveraging satellite and terrestrial networks.

The first joint initiative that has been launched through this cooperation is an Invitation To Tender for companies to propose space-based applications which can contribute to whether and to what extent green spaces can be effectively integrated into smart city planning and urban green management, be monitored regarding their status and their impact on the surroundings and preserved as natural capital to maximise benefits for all citizens. The City of Essen has been crucial for the definition of the key application areas.

The Lord Mayor of the City of Essen, Thomas Kufen, is looking forward to the cooperation and the opportunities it entails: “Urban green infrastructure improves water management during extreme precipitation events, has a positive impact on air quality, mitigates extreme summer temperatures, and provides recreational spaces. In times of climate change it is more important than ever in context of urban development, which must be rethought in a global context. The services developed with ESA will help us to observe, understand and sustainably adapt our local environment and its interdependencies.“

Rita Rinaldo, Head of the Partner/Thematic led Initiative of Space Solutions Programme in ESA, added: “working with the City of Essen gives us the opportunity to foster the development of space applications with the aim of making our cities greener, while boosting sustainability and infrastructure, protecting the environment and creating shared value for citizens. We are confident that this cooperation will showcase the potential of space to deliver green value thanks to innovative space-based solutions with environmental and socio-economic benefits at scale.”

Leave a comment , ,

WMO State of Climate in 2021: Extreme events and major impacts

Industry News, Water sector

The past seven years are on track to be the seven warmest on record, according to the provisional WMO State of the Global Climate 2021 report, based on data for the first nine months of 2021. A temporary cooling “La Niña” event early in the year means that 2021 is expected to be “only” the fifth to seventh warmest year on record. But this does not negate or reverse the long-term trend of rising temperatures.The report combines input from multiple United Nations agencies, national meteorological and hydrological services and scientific experts. It highlights impacts on food security and population displacement, harming crucial ecosystems and undermining progress towards the Sustainable Development Goals. It was released at a press conference on the opening day of COP26.

Global sea level rise accelerated since 2013 to a new high n 2021, with continued ocean warming and ocean acidification.

The report combines input from multiple United Nations agencies, national meteorological and hydrological services and scientific experts. It highlights impacts on food security and population displacement, harming crucial ecosystems and undermining progress towards the Sustainable Development Goals.

The provisional State of the Climate 2021 report was released at the start of the UN Climate Change negotiations, COP26, in Glasgow. It provides a snapshot of climate indicators such as greenhouse gas concentrations, temperatures, extreme weather, sea level, ocean warming and ocean acidification, glacier retreat and ice melt, as well as socio-economic impacts.

It is one of the flagship scientific reports which will inform negotiations and which will be showcased at the Science pavilion hosted by WMO, the Intergovernmental Panel on Climate Change and the UK Met Office. During COP26, WMO will launch the Water and Climate Coalition to coordinate water and climate action, and the Systematic Observations Financing Facility to improve weather and climate observations and forecasts which are vital to climate change adaptation.

Leave a comment , ,

CISA Releases New Tool to Help Organizations Guard Against Insider Threats

Agency News, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA) has released an Insider Risk Mitigation Self-Assessment Tool, which assists public and private sector organizations in assessing their vulnerability to an insider threat. By answering a series of questions, users receive feedback they can use to gauge their risk posture. The tool will also help users further understand the nature of insider threats and take steps to create their own prevention and mitigation programs.

“While security efforts often focus on external threats, often the biggest threat can be found inside the organization,” said CISA Executive Assistant Director for Infrastructure Security David Mussington. “CISA urges all our partners, especially small and medium businesses who may have limited resources, to use this new tool to develop a plan to guard against insider threats. Taking some small steps today can make a big difference in preventing or mitigating the consequences of an insider threat in the future.”

Insider threats can pose serious risk to any organization because of the institutional knowledge and trust placed in the hands of the perpetrator. Insider threats can come from current or former employees, contractors, or others with inside knowledge, and the consequences can include compromised sensitive information, damaged organizational reputation, lost revenue, stolen intellectual property, reduced market share, and even physical harm to people. CISA has a number of tools, training, and information on an array of threats public and private sector organizations face, including insider threats.

Leave a comment , ,

Broadband Commission calls for people-centred solutions to achieve universal connectivity

Agency News, Industry News, Telecomms sector

More than a year and a half into the COVID-19 pandemic, amid relentless global demand for broadband services, the Broadband Commission for Sustainable Development has reaffirmed its call for digital cooperation, innovation with information and communication technologies (ICTs), and collaborative approaches to secure universal connectivity and access to digital skills.

The Commission's State of Broadband Report 2021​, released during the meeting, outlines the impact of pandemic policies and calls for a concerted, people-centred push to close the world's persistent divide. In the world's least developed countries (LDCs), no more than a quarter of the population is online.

"Digital cooperation needs to go beyond access to broadband," said H.E. President Paul Kagame of Rwanda, Co-Chair of the Commission. “We also need to close the gap in the adoption and use of affordable devices and services, in accessible content, and in digital literacy."

More than 50 Commissioners and special guests, representing government leaders, heads of international organizations and private sector companies, civil society and academia, affirmed that people-centred solutions must be at the heart of building a sustainable path towards universal broadband.

Commission co-Chair Carlos Slim, Founder of Carlos Slim Foundation and Grupo Carso, added: “To achieve our universal connectivity goal, we need to work together. We need to build a digital future that is inclusive, affordable, safe, sustainable, meaningful and people centred. We need to support infrastructure and to deal with affordability and relevant content to ensure usage. For that to happen, it requires concerted efforts."

Connectivity for sustainable development
The Annual Fall Meeting, held in a virtual format, underscored the need to accelerate digital connectivity to fulfil the United Nations Agenda for 2030, centred on 17 Sustainable Development Goals.

“The absence of digital skills remains the largest barrier to Internet use," noted Audrey Azoulay, Director-General of the United Nations Educational, Scientific and Cultural Organization (UNESCO) and co-Vice Chair of the Commission. “Digital education must therefore be as much about gaining skills as about developing the ability to think critically in order to master the technical aspects and be able to distinguish between truth and falsehood."

“UNESCO's Media and Information Literacy curriculum, launched in Belgrade, Serbia, in April, provided a key tool to boost skills," she added.

A newly released Commission report on distance and hybrid learning cites the need to foster digital skills along with expanding broadband infrastructure.

[Source: ITU]
Leave a comment ,
1 28 29 30 31 32 61