International Association of CIP Professionals

UK and allies publish advice to fix global cyber vulnerabilities

Advice on countering the most publicly known—and often dated—software vulnerabilities has been published for private and public sector organisations worldwide.

The National Cyber Security Centre (NCSC), Cybersecurity and Infrastructure Security Agency (CISA), Australian Cyber Security Centre (ACSC), and Federal Bureau of Investigation (FBI) have published a joint advisory highlighting 30 vulnerabilities routinely exploited by cyber actors in 2020 and those being exploited in 2021.

In 2021, malicious cyber actors continued to target vulnerabilities in perimeter-type devices. Today’s advisory lists the vendors, products, and CVEs, and recommends that organisations prioritise patching those listed.

NCSC Director for Operations, Paul Chichester, said:

“We are committed to working with allies to raise awareness of global cyber weaknesses – and present easily actionable solutions to mitigate them.

“The advisory published today puts the power in every organisation’s hands to fix the most common vulnerabilities, such as unpatched VPN gateway devices.

“Working with our international partners, we will continue to raise awareness of the threats posed by those that seek to cause harm."

As well as alerting organisations to the threat, this advisory directs public and private sector partners to the support and resources available to mitigate and remediate these vulnerabilities.

Guidance for organisations on how to protect themselves in cyberspace can be found on the NCSC website. Our 10 Steps to Cyber Security collection provides a summary of advice for security and technical professionals.

On the mitigation of vulnerabilities, network defenders are encouraged to familiarise themselves with guidance on establishing an effective vulnerability management process. Elsewhere, the NCSC’s Early Warning Service also provides vulnerability and open port alerts.

CISA Executive Assistant Director for Cybersecurity, Eric Goldstein, said:

“Organisations that apply the best practices of cyber security, such as patching, can reduce their risk to cyber actors exploiting known vulnerabilities in their networks.

“Collaboration is a crucial part of CISA’s work and today we partnered with ACSC, NCSC and FBI to highlight cyber vulnerabilities that public and private organisations should prioritise for patching to minimise risk of being exploited by malicious actors.”

FBI Cyber Assistant Director, Bryan Vorndran, said:

“The FBI remains committed to sharing information with public and private organisations in an effort to prevent malicious cyber actors from exploiting vulnerabilities.

“We firmly believe that coordination and collaboration with our federal and private sector partners will ensure a safer cyber environment to decrease the opportunity for these actors to succeed.”

Head of the ACSC, Abigail Bradshaw CSC, said:

“This guidance will be valuable for enabling network defenders and organisations to lift collective defences against cyber threats.

“This advisory complements our advice available through cyber.gov.au and underscores the determination of the ACSC and our partner agencies to collaboratively combat malicious cyber activity.”

Leave a comment acsc, CISA, criticalinfrastructureprotection, cybersecurity, fbicyber, ncsc

NSA, CISA release Kubernetes Hardening Guidance

August 9, 2021 Neil Walker Agency News, Cyber Security CII sector, Industry News

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance,”. This report details threats to Kubernetes environments and provides configuration guidance to minimize risk.

Kubernetes is an open source system that automates the deployment, scaling, and management of applications run in containers. Kubernetes clusters are often hosted in a cloud environment, and provide increased flexibility from traditional software platforms.

Kubernetes is commonly targeted for three reasons: data theft, computational power theft, or denial of service. Data theft is traditionally the primary motivation; however, cyber actors may attempt to use Kubernetes to harness a network’s underlying infrastructure for computational power for purposes such as cryptocurrency mining.

The report details recommendations to harden Kubernetes systems. Primary actions include the scanning of containers and Pods for vulnerabilities or misconfigurations, running containers and Pods with the least privileges possible, and using network separation, firewalls, strong authentication, and log auditing.

To ensure the security of applications, system administrators should follow the guidance in the Cybersecurity Technical Report and keep up to date with patches, updates, and upgrades to minimize risk. NSA and CISA also recommend periodic reviews of Kubernetes settings and vulnerability scans to ensure appropriate risks are accounted for and security patches are applied.

NSA and CISA’s guidance focuses on security challenges and recommends system administrators harden their environments where possible. NSA is releasing this guidance as part of our mission to support the Department of Defense, the Defense Industrial Base, and National Security Systems.

Leave a comment CISA, criticalinfrastructureprotection, cybersecurity, nsa

Biden Administration Announces Further Actions to Protect U.S. Critical Infrastructure

July 30, 2021 Neil Walker Agency News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector

The Biden Administration continues to take steps to safeguard U.S. critical infrastructure from growing, persistent, and sophisticated cyber threats. Recent high-profile attacks on critical infrastructure around the world, including the ransomware attacks on the Colonial Pipeline and JBS Foods in the United States, demonstrate that significant cyber vulnerabilities exist across U.S. critical infrastructure, which is largely owned and operated by the private sector.

Currently, federal cybersecurity regulation in the United States is sectoral. It has a patchwork of sector-specific statutes that have been adopted piecemeal, as data security threats in particular sectors have gained public attention. Given the evolving threat faced today, it must consider new approaches, both voluntary and mandatory. It is critical infrastructure owners and operators responsibility to follow voluntary guidance as well as mandatory requirements in order to ensure that the critical services the American people rely on are protected from cyber threats.

President Biden has signed a National Security Memorandum (NSM) on “Improving Cybersecurity for Critical Infrastructure Control Systems,” which addresses cybersecurity for critical infrastructure and implements long overdue efforts to meet the threats. The NSM:

- Directs the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) and the Department of Commerce’s National Institute of Standards and Technology (NIST), in collaboration with other agencies, to develop cybersecurity performance goals for critical infrastructure.

- Formally establishes the President’s Industrial Control System Cybersecurity (ICS) Initiative. The ICS initiative is a voluntary, collaborative effort between the federal government and the critical infrastructure community to facilitate the deployment of technology and systems that provide threat visibility, indicators, detections, and warnings.

Leave a comment CISA, criticalinfrastructureprotection, cybersecurity, emergingthreats

NSA, CISA, and FBI detail Chinese State-Sponsored Actions, Mitigations

July 28, 2021 Neil Walker Agency News, Cyber Security CII sector, Industry News

The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a Cybersecurity Advisory, Chinese State-Sponsored Cyber Operations: Observed TTPs. This advisory describes over 50 tactics, techniques, and procedures (TTPs) Chinese state-sponsored cyber actors used when targeting U.S. and allied networks, and details mitigations.

Chinese state-sponsored cyber activity poses a major threat to U.S. and allied systems. These actors aggressively target political, economic, military, educational, and critical infrastructure personnel and organizations to access valuable, sensitive data. These cyber operations support China’s long-term economic and military objectives.

One significant tactic detailed in the advisory includes the exploitation of public vulnerabilities within days of their public disclosure, often in major applications, such as Pulse Secure, Apache, F5 Big-IP, and Microsoft products. This advisory provides specific mitigations for detailed tactics and techniques aligned to the recently released, NSA-funded MITRE D3FEND framework.

General mitigations outlined include: prompt patching; enhanced monitoring of network traffic, email, and endpoint systems; and the use of protection capabilities, such as an antivirus and strong authentication, to stop malicious activity.

Leave a comment CISA, criticalinfrastructureprotection, cybersecurity, cyberthreat, fbi, nsa

New StopRansomware.gov website launched

July 20, 2021 Neil Walker Agency News, Cyber Security CII sector, Industry News

The U.S. Government launched a new website to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. We encourage organizations to use this new website to understand the threat of ransomware, mitigate risk, and in the event of an attack, know what steps to take next.

The StopRansomware.gov webpage is an interagency resource that provides our partners and stakeholders with ransomware protection, detection, and response guidance that they can use on a single website. This includes ransomware alerts, reports, and resources from CISA, the FBI, and other federal partners.

Leave a comment CISA, criticalinfrastructureprotection, cybersecurity, ransomware

CISA’s CSET Tool Sets Sights on Ransomware Threat

July 16, 2021 Neil Walker Agency News, Cyber Security CII sector, Industry News

CISA has released a new module in its Cyber Security Evaluation Tool (CSET): the Ransomware Readiness Assessment (RRA). CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. CSET—applicable to both information technology (IT) and industrial control system (ICS) networks—enables users to perform a comprehensive evaluation of their cybersecurity posture using many recognized government and industry standards and recommendations.

The RRA is a self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend and recover from a ransomware incident. CISA has tailored the RRA to varying levels of ransomware threat readiness to make it useful to all organizations regardless of their current cybersecurity maturity. The RRA:

Helps organizations evaluate their cybersecurity posture, with respect to ransomware, against recognized standards and best practice recommendations in a systematic, disciplined, and repeatable manner.
Guides asset owners and operators through a systematic process to evaluate their operational technology (OT) and information technology (IT) network security practices against the ransomware threat.
Provides an analysis dashboard with graphs and tables that present the assessment results in both summary and detailed form.

CISA strongly encourages all organizations to take the CSET Ransomware Readiness Assessment

Leave a comment CISA, criticalinfrastructureprotection, cybersecurity, ransomware

CISA and FBI Launch Operation Flashpoint to Raise Awareness about How to Prevent Bomb Making

July 13, 2021 Neil Walker Agency News, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Justice’s Federal Bureau of Investigation (FBI) announced a new pilot program called “Operation Flashpoint” to build awareness in communities across the U.S. about how to prevent bomb attacks.

At the pilot’s launch today at Revell Ace Hardware in Clinton, Miss., CISA and FBI officials highlighted the threat posed by domestic violent extremists and others who can build improvised explosive devices (IEDs) from common household items found at retail stores across the country. Approximately 250,000 businesses in the U.S. sell, use or distribute materials that can be used to build bombs.

IEDs pose a significant threat in the U.S. In 2020 alone, there were 2,061 total bomb threat, suspicious package and device-related incidents across the nation, according to CISA’s Office for Bombing Prevention TRIPwire report. Major bombings can cause mass casualty events and cost hundreds of millions of dollars or more.

The 90-day Operation Flashpoint pilot, which will include events in other cities including Columbia, S.C.; Louisville, Ky.; and Orlando/Tampa, Fla., encourages businesses and the public to voluntarily report suspicious activities, such as buying large amounts of chemicals and materials (or a combination of these) that can be used to build bombs.

“Operation Flashpoint is a major milestone in implementing U.S. policy to thwart bomb threats,” said Dr. David Mussington, Executive Assistant Director for CISA’s Infrastructure Security Division. “It shows the strong unity in the federal government, between the Department of Justice and the Department of Homeland Security, to safeguard citizens and critical infrastructure.”

Leave a comment cbrne, CISA, counterterrorism, criticalinfrastructureprotection

CISA Publish Rising Ransomware Threat to Operational Technology Assets Fact Sheet

June 17, 2021 Neil Walker Agency News, Cyber Security CII sector

CISA has published Rising Ransomware Threat to Operational Technology Assets, a fact sheet for critical infrastructure owners and operators detailing the rising threat of ransomware to operational technology (OT) assets and control systems. The document includes several recommended actions and resources that critical infrastructure entities should implement to reduce the risk of this threat.

The guidance:

- Provides steps to prepare for, mitigate against, and respond to attacks;

- Details how the dependencies between an entity’s IT and OT systems can provide a path for attackers; and

- explains how to reduce the risk of severe business degradation if affected by ransomware

Given the importance of critical infrastructure to national security and America’s way of life, CISA published this fact sheet to help organizations build effective resilience.

The Fact Sheet is available at www.cisa.gov/sites/default/files/publications/CISA_Fact_Sheet-Rising_Ransomware_Threat_to_OT_Assets_508C.pdf

Leave a comment CISA, criticalinfrastructureprotection, cyberthreat, ransomware

Darkside Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks

May 21, 2021 Neil Walker Agency News, Cyber Security CII sector, Industry News

(Updated May 19, 2021): Click here for a STIX package of indicators of compromise (IOCs).
Note: These IOCs were shared with critical infrastructure partners and network defenders on May 10, 2021. The applications listed in the IOCs were leveraged by the threat actors during the course of a compromise. Some of these applications might appear within an organization's enterprise to support legitimate purposes; however, these applications can be used by threat actors to aid in malicious exploitation of an organization's enterprise. CISA and FBI recommend removing any application not deemed necessary for day-to-day operations.

The Cybersecurity and Information Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are aware of a ransomware attack affecting a critical infrastructure (CI) entity—a pipeline company—in the United States. Malicious cyber actors deployed Darkside ransomware against the pipeline company’s information technology (IT) network. At this time, there is no indication that the
entity’s operational technology (OT) networks have been directly affected by the ransomware.

CISA and FBI urge CI asset owners and operators to adopt a heightened state of awareness and implement the recommendations listed in the Mitigations section of this Joint Cybersecurity Advisory, including implementing robust network segmentation between IT and OT networks; regularly testing manual controls; and ensuring that backups are implemented, regularly tested, and isolated from network connections. These mitigations will help CI owners and operators improve their entity's functional resilience by reducing their vulnerability to ransomware and the risk of severe business degradation if impacted by ransomware.

Darkside Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks

(Updated May 19, 2021): Click here for a STIX package of indicators of compromise (IOCs). Note: These IOCs were shared with critical infrastructure partners and network defenders on May 10, 2021. The applications listed in the IOCs were leveraged by the threat actors during the course of a compromise. Some of these applications might appear within an organization's enterprise to support legitimate purposes; however, these applications can be used by threat actors to aid in malicious exploitation of an organization's enterprise. CISA and FBI recommend removing any application not deemed necessary for day-to-day operations.

Mitigations
CISA and FBI urge CI owners and operators to apply the following mitigations to reduce the risk of compromise by ransomware attacks.
- Require multi-factor authentication for remote access to OT and IT networks.
- Enable strong spam filters to prevent phishing emails from reaching end users. Filter emails containing executable files from reaching end users.
- Implement a user training program and simulated attacks for spearphishing to discourage users from visiting malicious websites or opening malicious attachments and reenforce the appropriate user responses to spearphishing emails.
- Filter network traffic to prohibit ingress and egress communications with known malicious IP addresses. Prevent users from accessing malicious websites by implementing URL blocklists and/or allowlists.
- Update software, including operating systems, applications, and firmware on IT network assets, in a timely manner. Consider using a centralized patch management system; use a risk-based assessment strategy to determine which OT network assets and zones should participate in the patch management program.
- Limit access to resources over networks, especially by restricting RDP. After assessing risks, if RDP is deemed operationally necessary, restrict the originating sources and require multi-factor authentication.

Leave a comment CISA, criticalinfrastructureprotection, cybersecurity, ransomware

Mitigating the Impacts of Doxing on Critical Infrastructure

May 19, 2021 Neil Walker Agency News, Cyber Security CII sector, Industry News

CISA has produced an insight designed to help mitigate the impact of doxing: Mitigating the Impacts of Doxing on Critical Infrastructure:

WHAT IS DOXING?

Doxing refers to the internet-based practice of gathering an individual’s personally identifiable information (PII)—or an organization’s sensitive information— from open source or compromised material and publishing it online for malicious purposes. Although doxing can be carried out by anyone with the ability to query and combine publicly available information, it is often attributed to state actors, hacktivists, and extremists.

Doxers compile sensitive information from compromises of personal and professional accounts and a wide range of publicly available data sources to craft invasive profiles of targets, which are then published online with the intent to harm, harass, or intimidate victims.

POTENTIAL IMPACT TO CRITICAL INFRASTRUCTURE

Like many other businesses, critical infrastructure organizations maintain digital databases of PII and organizationally sensitive information, making them ripe targets for doxing attacks. Threat actors may target critical infrastructure organizations and personnel with doxing attacks as a result of grievances related to organizational activities or policies. Incidents of doxing that target personnel and facilities often serve to harass, intimidate, or inflict financial damages, and can potentially escalate to physical violence.

Doxing also poses a threat to senior leadership of critical infrastructure organizations, who may be targeted due to their elevated position with the organization or stance on a particular issue. Doxing attacks targeting senior leaders often serve as “reputation attacks” and could lead to activities seeking to embarrass, harass, or undermine confidence in an official.

Download full guide from CISA here >>

Leave a comment CISA, criticalinfrastructureprotection, cyberattack, cybersecurity, doxing

« 1 … 3 4 5 6 7 »