Cyber News Roundup: Cyber Attacks on Critical Infrastructure, Small Towns

Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

Our country’s critical infrastructure in the energy sector is vulnerable, with increased risks for cyber threats and shutdowns, especially with the increase of global attacks. Federal Computer Week reports that three federal agencies are taking action to improve our energy infrastructure, with more collaboration on defenses and cyberattack responses. The U.S. Department of Energy (DOE), U.S. Department of Homeland Security (DHS), and U.S. Department of Defense (DOD) signed a new memorandum of understanding this week. “Through this agreement, we will strengthen the partnership between DOE, DHS, and DOD to enable intergovernmental cooperation and bolster our ability to proactively address cyber threats to critical energy infrastructure, and to respond effectively should those threats materialize,” said Karen Evans, DOE’s assistant secretary of cybersecurity, energy security and emergency response, in a February 3 statement.

Sharing threat information among government agencies and critical infrastructure providers has increased in urgency, states editor Mark Rockwell, especially because of recent military confrontations and cyber threats from Russia, China, and Iran. “In an increasingly dangerous global cyber environment, privately owned U.S. energy infrastructure could bear the brunt of a possible Iran-backed retaliatory cyberattack,” writes Rockwell. “The U.S. government is a keystone in defense of the mostly commercially-owned energy sector infrastructure.”

Ransomware attacks in manufacturing

Hackers are attacking not only the critical infrastructures, such as energy and power grids, but operations in manufacturing and utilities – referred to as industrial control systems (ICS). “The ICS-specific nature of the targeted processes indicates an evolvement brazenness,” states Joe Slowik, principal adversary hunter at Dragos, in a ZDNet article. What happens when a manufacturer is attacked? Attackers can take over critical systems and demand ransoms for the unlocking keys. Any outage or downtime to these environments could have a serious impact.

Small communities: big target

Local governments – especially those in small communities – are another big target for hackers looking to access personal data for ransom. What are they looking for? Social Security numbers, tax records – any personal informational that they can hold you hostage. A recent ransomware attack took place in Western North Carolina. According to the news report ABC WLOS, hackers broke into the Eastern Band of Cherokee Indians’ network, shutting down 1,000 computers across the police department and public health – and interrupting 911 communication. Bill Travitz, who works in the IT Department for the Eastern Band of Cherokee Indians, said, “It’s like lobbing a grenade into the network and letting it just hit everything.” John Barnard, co-founder of Know Network Risk, says small governments are increasingly the targets because they lack big IT budgets, they lack people resources – they are “the soft underbelly that is easier to attack.”

Latest report on cyberattacks: malware is skyrocketing

There are 1,200 malware variants discovered daily – that’s 440,000 malware variants in 2019 alone. So reports SonicWall in its latest cyber threat report. “Cybercriminals are honing their ability to design, author and deploy stealth-like attacks with increasing precision, while growing their capabilities to evade detection by sandbox technology,” said SonicWall President and CEO Bill Conner. Report findings include:

• Cybercriminals change approach to malware: “Spray-and-pray” tactics that once had malware attack numbers soaring have been abandoned for more targeted and evasive methods aimed at weaker victims.

• Targeted ransomware attacks cripple victims: Highly targeted attacks left many state, provincial, and local governments paralyzed and took down email communications, websites, telephone lines, and even dispatch services.

• The Internet of Things (IoT) is a treasure trove for cybercriminals: Bad actors continue to deploy ransomware on ordinary devices, such as smart TVs, electric scooters and smart speakers, to daily necessities like toothbrushes, refrigerators and doorbells.

• Cryptojacking continues to crumble: The volatile shifts and swings of the cryptocurrency market had a direct impact on threat actors’ interest to author cryptojacking malware.

• Fileless malware targets Microsoft Office/Office 365, PDF documents: Cybercriminals used new code obfuscation, sandbox detection, and bypass techniques, resulting in a multitude of variants and the development of newer and more sophisticated exploit kits using fileless attacks instead of traditional payloads to a disk.

• Encrypted threats are still everywhere: Cybercriminals have become reliant upon encrypted threats that evade traditional security control standards, such as firewall appliances that do not have the capability or processing power to detect, inspect and mitigate attacks sent via HTTPs traffic.

• Side-channel attacks are evolving: These vulnerabilities could impact unpatched devices in the future, including everything from security appliances to end-user laptops. Threat actors could potentially issue digital signatures to bypass authentication or digitally sign malicious software.

Could it be that process, not technology, is a big reason behind information getting exploited and breached? The latest research from Forrester suggests that failure to perform due diligence is behind the top cybersecurity threats. Says Forrester principal analyst, Josh Zelonis, “Security products can’t save you from broken processes.”

Partner blog of interest: McAfee: Top 10 Cloud Privacy Recommendations for Businesses