Can I say good job?
Author: J.C. Cross
NotPetya2 – Cont.
So significant ransomware attacks on Ukraine right now. Dark Reading notes that 77% of organizations have poor segmentation, 70% have exposed Industrial Control System connections and 44% shared credentials:
https://www.darkreading.com/attacks-breaches/ransomware-trained-on-manufacturing-firms-led-cyberattacks-in-industrial-sector
Most of last year also saw scans of TCP Port 502, which is used by a protocol called Modbus, the transportation systems of Ukraine. (That is SCADA devices as well.)
Significant was the use of a new data wiper called “HermeticWiper” (aka KillDisk.NCV) with evolving attacks over the past two months. Over 121 unsuccessful cyber attacks took place last month, one which was called “WhisperGate.”
The prep for the main event was overwhelming distributed denial-of-service (DDoS) attacks on Ukrainian government offices and banks. The Russian Main Intelligence Directorate (GRU) was fingered by U.S. and U.K. officials, with subsequent denial of course by the Kremlin.
The propaganda war is trying to sow panic and spread miss information.
“President Joe Biden said last month the US could respond with cyberoperations of its own if Russia conducts additional cyberattacks in Ukraine.”
This is not about websites. This is about basic economic processes and transportation. ICS and SCADA systems are being compromised.
The attacks began Feb12. The second version of NotPetya? I have a feeling that we will know the damages more than anything ever before. Alarming is the data wiping that happened before the kinetic events.
Key Ukrainian government websites hit by series of cyberattacks – CNN
Register the assets to be prepared
No doubt some of these are due to lack of a comprehensive asset audit. In a larger organization, things can get lost in the shuffle.
NotPetya 2
Biden notes that a physical war could result from cyber breaches. In spite of NATO, Putin and crew could do some damages that would cost billions.
NotPetya was the largest and most expensive cyberattack ever and was perpetrated largely on Ukraine by Russian criminals working for the government. It caused more than $10 billion in damages in 2017. Is part 2 in order?
I’m hoping that now we will be ready and that NATO will act together. This is all new territory though. We haven’t seen physical war yet, but I think it will be tit-for-tat unless it takes down some infrastructure that is critical and/or relies on IRL human processes.
Jax the Sun Dog
Jax is too funny. He follows the sun around to such an extent that he sits in this pot. When the sun moves, he does.
Will Someone Please Stop the Oversaturated Vendor Problem in Balboa Park?
UPDATE: Well, according to sources at the Balboa Park visitor’s center, someone put in a new rule that vendors there have to be 100 feet apart. Doesn’t mean a lot imho; street vendors have been a problem for business owners throughout the city, who have some of the same products, just without the overhead. But now the city council said they will vote on March 1 to rule on placing restrictions on vendors and prohibit them in certain parks, beaches, and places like Old Town: “The ordinance requires vendors to obtain a business license and vendor permit. It would define specific distance parameters around statues, art displays and other vendors.”
Though the park website says “The City of San Diego must issue a permit for any commercial filming for exterior areas in Balboa Park,” vendors, with hygiene requirements, don’t need a permit? I don’t see why this took so long to address.
—-
Ah, to get back to normal life. At Balboa Park, the museums are starting to open, the Spanish Village artists are back at work, and the rose garden is in full bloom.
But now someone needs to do something about the high number of what appears to be unapproved vendors who are in Balboa Park. They seem to have little food safety and basic hygiene, and poor trash management. The U-T interviewed Alexis Villanueva, senior program manager of economic development with City Heights CDC, who maintains that “micro-enterprise” vendors contribute to the economy. Yes, but they can also contribute other, unwanted things. There has to be a balance here between rules, regulations and freedoms.
Continue reading “Will Someone Please Stop the Oversaturated Vendor Problem in Balboa Park?”
Do you have a dark web presence?
Heard this radio interview yesterday with BorderLAN. Among the notes:
1. Don’t be lazy in getting your cyber. Don’t say “we’re just a small company and hackers are not after us.”
2. In order to get cyber insurance, you are first going to have to:
A. Perform on/offsite backups
B. Get effective anti-malware
C. Have you even blocked certain IPs, like from North Korea?
“Do what you do as a small business and leave us to do our job, what we do to protect you,” said the company rep.
The dark web is filled with data. There are supercomputers out there doing continual scans for vulns. We can search for your data out there. It’s like Amazon/auction for hackers. Free hacking tools for script kiddies (no experience needed).
The government just spent $2-3 trillion but $5-6 trillion is already out there on the dark web (ransomware and other data hostage, things like free videos of porn, human trafficking, software serial numbers, free stuff!)
REvil stops momentarily but then…?
After Russian security forces arrested some of REvil’s operators, “You can hit the jackpot once, but provoke such a geopolitical conflict that you will be quickly found. It is better to quietly receive stable small sums from mid-sized companies.”
The up-and-coming local cyber provider for whom I am working is targeting its marketing toward SMBs, which are vulnerable more than ever now to ransomware.
Pegasus and the Israeli Left
For those who think that Israel is some kind of right-wing regime, here the Israeli Left and right–and the public at large–are united in their alarm at police actions in using NSO’s Pegasus software to spy on top officials without a court order. Just more proof that Israeli politics are democratic, the worst kind of politics other than every other one.
Credentials no-no
For your interactions with reputable companies out there:
THEY WILL NEVER ASK FOR YOUR USER NAME AND PASSWORD
Recovery
It’s been a few weeks now and I have not been consistent in writing here. I really have not been following the main news lately, but reading an interesting piece on Trickbot in Wired. Ransomware does not slow down. These lowlifes have no qualms about attacking life-sustaining systems. Brazen.
Pegasus enables warfare
Cyber war is evolving to a state where there could be conventional warfare in retaliation for a cyber attack. You can use my paywall hack to view this article if you are not a NYT subscriber (https://www.digibrill.com/2021/10/14/hacking-paywalls/):
“Cyberweapons have changed international relations more profoundly than any advance since the advent of the atomic bomb. In some ways, they are even more profoundly destabilizing — they are cheap, easily distributed and can be deployed without consequences to the attacker. Dealing with their proliferation is radically changing the nature of state relations, as Israel long ago discovered and the rest of the world is now also beginning to understand.
“More than 75 years after the invention of nuclear weapons, only nine countries appear to have a usable one. But dozens of countries already have cyberweapons. ‘Everybody seems to want them,’ Mark told me, ‘and this gives enormous power to the countries who sell them and can use them for diplomatic advantage.’
“It has also led to a huge increase in government spying, for good and for ill.”
Cyber Threat Actions NCSC UK
“When organisations might face a greater threat and the steps to take to improve security.”
Actions to take when the cyber threat is heightened – NCSC.GOV.UK
Not tested before?
This wasn’t figured out earlier?
The 5G-airlines crisis was mostly averted. Here’s what happened – and what we still don’t know – CNN
Covid trouble
Got Covid, time slipping by! Anyway, just some idle time while hibernating.
NASA James Webb Telescope
I agree with Daniel Miessler (h/t), some news away from the crazy
Gadgets 01/15/2022: CES tech, DJI Mavic drone, Best Buy TVs, Galaxy entry level phone
Late stuff from CES:
This is a slick projector, but looks like currently out of stock at both Amazon and Samsung. 180 degrees, speaker sound waves in all directions, streaming apps, playlist, voice assistants. “The projector optimizes screen size, auto-focuses, and levels the image even when pointed on an angle.” Also adjusts the color temperature of the projector to accommodate non-white walls, and has built-in Samsung Smart TV.
https://www.amazon.com/SAMSUNG-Freestyle-Projector-Built-SP-LSP3BLAXZA/dp/B09NDXB72V
New Garmin smartwatch with phone call and voice assistant support, and AMOLED display.
https://www.garmin.com/en-US/p/730659
This is crazy cool stuff. Is foldable tech maturing?
More CES tech
Best of CES 2022: Gaming Gear, PCs, Home Entertainment, Transportation | WIRED
Other stuff:
I’m not a drone guy, but ZDNet raving about this for 2022.
https://www.zdnet.com/article/dji-mavic-3-the-very-best-drone-for-2022
These deals are wow. Want to upgrade one of my TVs.
https://www.zdnet.com/article/snag-these-65-inch-flat-screens-at-best-buy-for-less-than-500
Got one of these entry level phones for my mom. Simple and does all she wants. I really don’t know why you would need anything else.
https://www.samsung.com/us/smartphones/galaxy-s21-5g/buy/galaxy-s21-5g-128gb-unlocked-sm-g991uzaaxaa
New iPhone vuln allows camera use when off
Cyber Risk Assessment, Pt. II
3. Vulnerability Assessment (also known as “security posture assessment”) – An in-depth examination of the assets from the inventory to gauge their weaknesses or vulnerabilities. [Our] vulnerability assessments uncover gaps in your security and drive our overall risk management. While threats can come from both inside and outside your organization, vulnerabilities are internal factors. We look for your organization’s structural flaws and weaknesses, how effective your current safeguards are (vulnerability appraisal), and the weaknesses that remain in spite of them. We captures a picture of your network’s and data’s security. Every possible contingency will be gauged for multiple vulnerabilities. Our team’s diverse backgrounds and experience enables us to consider all the weaknesses specific to your organization. Testing cyber infrastructure is an indispensable part of what we do. We use industry-standard tools like Nessus, Nmap, and Metasploit to test for vulnerabilities, examining every available host, services, OS, ports, firewalls, software and firmware vulnerabilities, unencrypted and sensitive data, and permissions. We may also conduct penetration testing and red team-blue team exercises, and examine your data that is online right now that may aid in a threat actor’s social engineering tactics. Continue reading “Cyber Risk Assessment, Pt. II”
Business Continuity in the Age of Ransomware
The goal of Disaster Recovery Planning is to enable a company to continue doing business in the least amount of interruption. Parts of the plan should include:
1. Which data and systems are backed up, as well as specific details like where the backups should be kept, how frequently are they made, and how the data can be recovered.
2. Details on network topology, redundancy and agreements with Internet Service Providers.
3. Contact information for the team who are charged with response and recovery.
4. The process for testing the DRP.
5. A plan for managing the crisis, including dealing with outside contacts, and communicating with the media, law enforcement and legal counsel.
The goal is to decrease the risks of losing critical data.
Ransomware disaster recovery is one of the essential tasks that a company should engage in, but other crises can also be averted or dealt with through this sort of plan.