08-06-18 – News This Past Week

US Department of Homeland Security says Russia hacked networks of major US energy firms
Citing officials at the Department of Homeland Security (DHS), the hacks were first detected in the spring of 2016 and continued throughout 2017, carried out by hackers who worked for a Russian state-sponsored group previously known as Dragonfly or Energetic Bear
https://www.v3.co.uk/v3-uk/news/3036469/us-department-of-homeland-security-says-russia-hacked-networks-of-major-us-energy-firms

Dept. of Energy to Test Electrical Grid Against Cyberattacks
The Department of Energy wants to find out, so it’s launching the first hands-on exercise to test the grid’s ability to recover from a blackout caused by cyberattacks, E&E News reports. Its weeklong experiment, dubbed “Liberty Eclipse,” will take place starting Nov. 1 on a restricted area off the New York coast called Plum Island
https://www.darkreading.com/vulnerabilities—threats/dept-of-energy-to-test-electrical-grid-against-cyberattacks/d/d-id/1332481

FBI Offers New IoT Security Tips
Following the FBI’s May request to router owners to reboot their devices, the bureau has released a “Security Tip” about risks associated with the Internet of Things (IoT). Included among suggestions to be alert to unusual increases in network traffic and reminders about the wisdom of firmware updates are statements regarding the importance of the IoT and the true nature of the risks involved
https://www.darkreading.com/iot/fbi-offers-new-iot-security-tips/d/d-id/1332482

Court sinks children’s hospital attacker found stranded on a boat
In 2014, Gottesfeld affiliated himself with the Anonymous brand of hacktivism and left multiple hospitals hamstrung by flooding their computer networks with distributed denial of service (DDoS) e-garbage and putting out the standard, monotone Guy Fawkes call for others to join in
Guilty! Court sinks children’s hospital attacker found stranded on a boat

Phishing Campaign Targets 400 Industrial Organizations
Data collected by Kaspersky showed that the malware associated with the campaign attacked nearly 800 company PCs across various industries. The attacks, which are ongoing, attempt to steal money and confidential data from the targeted organizations, which include oil and gas to metallurgy, energy, construction and logistics
https://www.securityweek.com/phishing-campaign-targets-400-industrial-organizations

Power Grid Security: How Safe Are We?
Experiencing a power outage? It could have been caused by a hacker … or just a squirrel chewing through some equipment. And that’s a problem.
https://www.darkreading.com/endpoint/power-grid-security-how-safe-are-we/a/d-id/1332420

Addressing IoT Device Security Head-on
Securing IoT devices can be challenging. Product developers necessarily have deep expertise in project management, engineering, quality assurance and many other aspects of bringing a product to market. But they don’t typically have expertise in cybersecurity, such as security threat intelligence, regulatory compliance, and data breach avoidance or response requirements.
https://www.securityweek.com/addressing-iot-device-security-head

Why Bitcoin Miners Target Critical Infrastructure Networks
On this week’s Threatpost Podcast show, we sit down with Ronen Rabinovich from Cyberbit to discuss bitcoin mining on operational technology and critical infrastructure networks

Podcast: Why Bitcoin Miners Target Critical Infrastructure Networks

DHS Establishes Center For Defense of Critical Infrastructure
Center foundational to new government-led ‘collective defense’ strategy for sharing and responding to cyberthreats, DHS secretary says
https://www.darkreading.com/attacks-breaches/dhs-establishes-center-for-defense-of-critical-infrastructure-/d/d-id/1332442

Job One for Space Force: Space Asset Cybersecurity
Much of the United States’ critical infrastructure relies on space systems. I define space systems as assets that either exist in suborbital or outer space or ground control systems—including launch facilities for these assets. Space asset organizations are organizations that build, operate, maintain or own space systems
https://www.belfercenter.org/publication/job-one-space-force-space-asset-cybersecurity

MUD: The Solution to Our Messy Enterprise IoT Security Problems?
While Internet of Things (IoT) devices offer plenty of impressive capabilities that improve efficiency through industrial and workplace applications, they unequivocally continue to pose major security liabilities. Many IoT devices feature little or zero built-in security measures, making them enticing targets for hackers
https://www.darkreading.com/endpoint/mud-the-solution-to-our-messy-enterprise-iot-security-problems/a/d-id/1332384

Tripwire Data Collector uncovers blind spots in industrial cybersecurity
Tripwire announced the debut of Tripwire Data Collector, a new cybersecurity solution to provide visibility into vulnerabilities and changes within operational technology (OT) environments

Tripwire Data Collector uncovers blind spots in industrial cybersecurity

Posted in Uncategorized.