Tag Archive for: ‘inadequate’

CISA’s response to Iran hacking control systems in US critical infrastructures is inadequate

/in


Iran is in an undeclared war, including cyber war, against the U.S. and our critical infrastructures. Dec. 1, 2023, CISA, FBI, EPA, NSA and the Israel National Cyber Directorate (INCD) issued the following alert: “IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities.”

The Iranian Government Islamic Revolutionary Guard Corps (IRGC) is a nation-state with associated capabilities, not just some hackers who support a cause. The picture of the hack of Full Pint Brewery should remove all doubt that Iran is directly behind state-sponsored hacking of U.S. critical infrastructures. The Unitronics incidents are cyberattacks on control systems, in this case PLCs, not IP networks or equipment. PLCs are used for operation, not to hold customer information. Because IRGC got to the PLC, they can compromise the near- or long-term operation of any targeted system.
Iran has PLCs (think about Stuxnet as that was an attack against Siemens PLCs) in their nuclear, manufacturing and oil/gas industries and is familiar with the operation of PLCs. The Nov. 25 IRGC cyberattack of the Municipal Water Authority of Aliquippa brings several interesting wrinkles to cyber war. The IRGC targeted the control system equipment, in this case Israeli-made Unitronics PLCs, not the end-users such as Aliquippa or Full Pint. Consequently, this is a nation-state supply chain attack against U.S. critical infrastructure, not any single end-user or sector.

However, this supply chain attack is not the usual software compromise that can be addressed by a Software Bill of Materials, but design weaknesses in control systems that are not unique to Unitronics. Recall, Stuxnet compromised Siemens PLCs to cause damage to the centrifuges and Triconix controllers were compromised by the Russians in an attempt to blow up a Saudi Arabian petrochemical plant. It is evident the Dec. 1 alert does not address PLC-unique issues identified from the Unitronics incidents or other previous PLC attacks. 

Unitronics

Unitronics is a control system/automation supplier. From the Unitronics website, the company was founded in 1989 with installations in automated parking systems,…

Source…

NetSecurity Corporation Reveals Why Endpoint Detection and Response (EDR) Platforms are Inadequate for Computer Forensics Investigation

/in


ThreatResponder® Platform Allows Enterprises and Forensics Firms to Conduct Deep and Legally-Defensible Remote Computer Forensic Investigations or Incident Response at Scale Within a Few Hours

DULLES, Va., Aug. 11, 2022 /PRNewswire/ — NetSecurity® Corporation, a leader in endpoint threat protection, vulnerability detection, and computer forensics investigations, announced today that traditional Endpoint Threat Detection and Response (EDR) platform and “collector scripts,” are inadequate to quickly and thoroughly conduct remote forensics investigation and incident response that can withstand legal scrutiny.

NetSecurity's ThreatResponder® Platform is an all-in-one cloud-native and machine learning powered endpoint threat detection, prevention, response, analytics, intelligence, hunting, and forensics product. Unlike traditional endpoint threat detection and response (EDR) products, ThreatResponder is designed with Swiss-Army-Knife concept by combining multiple cybersecurity capabilities into a single platform delivered in a single-pane of glass to better protect digital assets against attacks.
NetSecurity’s ThreatResponder® Platform is an all-in-one cloud-native and machine learning powered endpoint threat detection, prevention, response, analytics, intelligence, hunting, and forensics product. Unlike traditional endpoint threat detection and response (EDR) products, ThreatResponder is designed with Swiss-Army-Knife concept by combining multiple cybersecurity capabilities into a single platform delivered in a single-pane of glass to better protect digital assets against attacks.

When there is a data breach, insider threat, or a cyber attack, organizations often struggle to identify the right skills, tools or product to use for the investigation and often resort to open source scripts, freeware, collector scripts, or traditional EDR. These technologies do not scale and are not capable of conducting forensics at scale and timely. NetSecurity recognized this problem and developed ThreatResponder to help organizations conduct remote forensics investigation, eliminating travel costs and delays.

“Today’s adversaries remain relentless and highly sophisticated, often leveraging attack techniques or exploiting vulnerabilities that are largely unknown to defenders. A technology that can drill deep and tell the full story (of the who, what, when, where, why, and how) relating to attack or breach is imperative,” said Inno Eroraha, founder and chief strategist of NetSecurity. “ThreatResponder allows digital forensic investigators to conduct forensic investigations of thousands of computer systems wherever they may be located within hours instead of weeks or…

Source…

T-Mobile Customer Alleges That ‘Inadequate’ Security Allowed Massive Data Breach in August

/in


Cyber security IT engineer working on protecting network against cyberattack from hackers on internet. Secure access for online privacy and personal data protection. Hands typing on keyboard and PCB

T-Mobile was slapped with a data breach class action Thursday in New York Western District Court over the recent cyberattack that exposed the personal information of more than 50 million individuals. The suit, filed by Thomas & Soloman LLP, is part of an onslaught of litigation accusing T-Mobile of failing to secure its customer data.

Source…

Inadequate Security, Policies Led to LifeLabs Data Breach of 15M Patients – HealthITSecurity.com

/in

Inadequate Security, Policies Led to LifeLabs Data Breach of 15M Patients  HealthITSecurity.com
“data breach” – read more