Cyber Security Today – Week in Review for Friday February 12, 2021

by akoloy


Welcome to Cyber Security Today. This is the Week in Review version for the week ending Friday, February twelfth. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

To hear the podcast click on on the participant under:

 

I’ll discuss later within the present with Terry Cutler, head of cybersecurity supplier Cyology Labs, a few story that captured headlines all over the world. But first a fast have a look at among the greatest tales of the previous seven days:

Hackers who obtained into a Pennsylvania legislation agency final 12 months could have copied private and medical data on as many as 36,000 sufferers of the University of Pittsburgh Medical Center. News is barely rising now that the hospital is notifying folks that somebody was capable of see information on them held by a legislation agency that does work for the hospital. The hackers did it by accessing the e-mail accounts of a number of legislation agency workers for nearly three months final spring. Data which will have been copied included names, dates of start, social safety numbers. driver’s licence numbers, Medicare or Medicaid identification quantity and extra. I believe the legislation agency was dealing with instances involving billing disputes as a result of the data additionally included sufferers’ financial institution or monetary account numbers properly as billing data. The lesson right here for all organizations is there’s damaging data sitting in e mail accounts, significantly in attachments. Email and attachments have gotten to be protected.

SitePoint, a web site that sells books and programs for internet builders, has confirmed its consumer database of over 1 million folks was copied and is now accessible to hackers. After SitePoint customers complained of getting e mail extortion calls for and pretend cryptocurrency giveaway emails, the corporate despatched a discover to customers acknowledging the breach. SitePoint says it has reset passwords on all accounts so customers now need to enter new credentials. SitePoint suspects the hacker obtained into its system by compromising a software from one other software program firm it makes use of to observe the corporate’s GitHub software program improvement account.

The founder and managing director of cybersecurity supplier Emsisoft says one of its systems was breached in mid-January. The system evaluates and benchmarks doable options for storing and managing log information generated by its services and products. This analysis system was purported to solely have databases with technical logs. However, there have been 14 e mail addresses of shoppers in one of many databases. The explanation for the breach was an worker who misconfigured an utility. As a results of this assault the corporate says it’s spending extra to identify configuration points. It can be creating an remoted surroundings for testing and benchmarking, ensuring the system solely has artificially-generated information.

Police in Ukraine say they have closed one of many world’s largest phishing providers. Working with legislation enforcement within the United States and Australia, the prison service was aimed toward banks and their prospects in a minimum of 11 nations. More than 200 lively patrons of the software program have been recognized from computer systems and cellphones seized.

Finally, data safety professionals are nonetheless shaking their heads at information that a cyber attacker was able to get into the water treatment management console of a Florida city and alter the quantity of sodium hydroxide within the consuming water. Fortunately, an worker noticed the modifications being made on his pc display and restored the focus to the appropriate stage. Apparently the attacker was capable of get into the internet-connected administration system by utilizing a Windows program for distant entry.

The Florida incident is my dialogue subject with visitor analyst Terry Cutler of Cyology Labs. Terry’s been a penetration tester and referred to as in on incident response, so is aware of the various methods hackers get into programs.

The following is a condensed model of our dialogue. To hear the complete discuss play the podcast.

Q: Fortunately this explicit incident ended properly. But earlier than I get into the depth of this, tell me concerning the distinction between an IT, an data expertise, and an OT, an operational expertise community, which is what water therapy plant is principally on

Terry: Let me try to simplify this as a lot as doable: An IT infrastructure is like your Windows working system — your emails, {hardware}, and software program. This facet of the home normally is way more resilient to cyberattacks as a result of it may well typically get well if an assault has occurred. But on the operational facet, consider this as your manufacturing system. It’s your manufacturing line, your manufacturing strains, issues in mining environments or your farming, and even HVAC (heating, air flow air con). They don’t have plenty of resilience constructed into them as a result of they’re constructed for particular functions.

I’ll offer you an instance. So again within the nineties when these programs have been being deployed, it made sense for an operator to exit into the sector and view the dials [on equipment] and get information one after the other. Then within the 2000s that they had the genius thought, ‘Let’s community this stuff in order that we are able to entry all of them from a centralized location and save on prices. But I think what happened here is that maybe the operator didn’t need to examine with the firewall group or IT group to vary the firewall guidelines and such. So they only put in a bounce field with [remote access software] TeamViewer on it, in order that, in order that they’ll get their job accomplished sooner. And, you understand, in some way this password obtained out or, or obtained hacked. The particulars are nonetheless popping out.

Q: At the primary press convention when this was introduced on Monday, it was talked about that distant entry to this Florida metropolis’s water therapy plant was via TeamViewer. And then, apparently, CNN was informed that that the TeamViewer software program that the utility was utilizing hadn’t been utilized in six months. How does an IT administrator not learn about software program not getting used. or did they know they usually simply left it sitting there?

Terry: This is why [vulnerability] audits are so essential, as a result of you must come out with a Zero Trust mannequin [for access security]. IT guys must run vulnerability assessments very regularly to see what’s been put in on [systems] as a result of generally there could also be purposes they didn’t put there, possibly a hacker obtained in and put in again doorways or distant management software program. And possibly one thing like that occurred. We don’t know.

I’ll share with you a fast story that occurred to me about six years in the past after I didn’t know an excessive amount of about OT. I doing a penetration take a look at on an power firm and I obtained into one system which had two community playing cards in it.

So I’m like, ‘Okay.’ But then I obtained entry to a Siemens system. And it had these dials on it I took a screenshot and despatched it to the IT supervisor. And about 20 minutes later I obtained an e mail to return to his workplace. And after I go in there, it’s stuffed with VPs and there’s yelling occurring. They requested, ‘How did you get access to this? I was assured that nobody can touch this network! It was segmented out. Only one specific server can see this network. But when I had breached the Windows server I was able to do a pivot and access that private network that only that machine can see. So now I can see both networks at the same time. …. And that’s when I spotted the OT world may be very fragile and really buggy. And I obtained in with the username admin.’ with no password.

… When plenty of distributors come out with new OT applied sciences they need to allow backward compatibility with older programs. And it’s very, very onerous to mix them.

Q: The state of Massachusetts put out an alert to all the municipalities and water therapy crops within the state. And they mentioned so far as they have been capable of decide all the workers at this [Florida] water therapy system shared the identical password for distant entry, and the software program gave the impression to be related on to the web with none sort of firewall safety put in.

Terry: I’m shaking my head, however you understand these previous OT programs have been by no means designed to be related to the web as a result of there’s so many vulnerabilities.

Q: The computer systems that the water therapy plant have been related to used Windows 7, which has not been supported by Microsoft for nearly 13 months. Could which have performed a job?

Terry: I come throughout this fairly often. Whenever I do penetration exams I come throughout Windows XP, Windows 7, and these are all outdated and unsupported working programs. But what occurred is that the software program that controls these operational expertise programs doesn’t run on Windows 10. So [companies] haven’t any method of sustaining that software program, so they’re compelled to maintain the previous stuff working. They‘ve got to reach out to the vendors to get some guidance from them on how to properly secure them 0r probably segment them off [from the rest of the network.] Or phase them out, upgrade. But then you have budget issues.

Q: You were talking about whether this could have been a disgruntled employee or just someone who accidentally or deliberately was able to crack the password. It could have been a nation-state. Do you have any guesses?

Terry: I think it was just somebody that stumbled across it, I think they were using it as a testing ground. I think they were in there to see what could be done with this specific system: ‘Let’s attempt it on a small group first, earlier than we go after the massive guys.’

… There’s plenty of information breaches taking place and [often] the issue comes all the way down to password reuse or credential stuffing assaults. People are registering their company accounts on different social media accounts and such and utilizing the identical password. That occurred truly to a brand new shopper the place their administrator password leaked onto the darkish internet. And that’s how they acquired a enterprise e mail compromise [attack]. People don’t understand that they should change their passwords on a frequent foundation and ensure they’ve the multi-factor authentication turned on, you understand, section out, uh, very crucial programs. Uh, there’s plenty of stuff that may be accomplished, however, um, the issue is that these older OT applied sciences, um, they can’t be, they can’t be hardened as a result of they’re simply too previous or don’t have the potential.

Q: Let’s discuss options. One resolution is don’t permit distant entry,

Terry: Obviously that’s good planning. But going again to my instance on the power firm. The system that I accessed was utterly off-limits. Tright here was purported to be no entry to the system apart from one particular pc, which the man needed to distant into as a terminal server to entry. But but due to a flaw within the server, I used to be capable of bounce to that community. So it’s a really, very onerous stability, particularly now, as we’re beginning to see extra zero day assaults which are popping out, which are flaws which were present in an working system that aren’t made public but. 

Q: Here’s one other resolution: Don’t join your programs via the general public web. Pay the cash and use a devoted personal line.

Terry: You would suppose that will be good follow, nevertheless it’s all about comfort now.

Q: And in fact there’s one other resolution: For all logins use multi-factor authentication as an additional layer of safety.

Terry: Correct. But once more, a few of these older programs may not be capable of deal with that, which implies you must have one other middleman level the place a consumer is going to register utilizing multifactor right into a terminal server, which might solely entry that one community.

Q: In plenty of methods it appears to me this Florida incident emphasizes once more the significance of following fundamental cybersecurity rules.

Terry: Another subject, too, that I see is round default passwords, you understand, the entire admin/admin factor. When we do a penetration take a look at, one of many issues we examine for is default credentials. I like lots of people inform me, ‘Yeah, yeah. I changed the administrator password, but don’t understand that possibly the FTP or SSH ports are nonetheless enabled on these containers, which nonetheless have the default admin /admin [username/password] enabled on them, which allowed me to bypass the net model of their administrator console. And I might change the password once more if I need. So they should ensure that all all these passwords are modified. A cybersecurity audit or a penetration take a look at goes to seek out these items, and it’s not that costly.

Would you suggest this text?

Thanks for taking the time to tell us what you consider this text!
We’d love to listen to your opinion about this or every other story you learn in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada


Related Download
Cybersecurity Conversations with your Board Sponsor: CanadianCIO


Cybersecurity Conversations with your Board – A Survival Guide

A SURVIVAL GUIDE BY CLAUDIO SILVESTRI, VICE-PRESIDENT AND CIO, NAV CANADA
Download Now



Source link

You may also like

Leave a Reply

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

We are happy to introduce our utube Channel

Subscribe to get curated news from various unbias news channels
0 Shares
Share via
Copy link
Powered by Social Snap