EPA issues alert warning water utilities to ‘bolster cybersecurity’

Lincoln-Project-Hackers-830x415

Important Takeaways:

  • Cyberattacks on U.S. Water Facilities Are Increasing. Why?
  • The Environmental Protection Agency (EPA) issued a critical enforcement alert on Monday, warning water utilities nationwide to bolster cybersecurity measures immediately due to an increase in the frequency and severity of cyberattacks. According to the EPA, 70 percent of inspected water utilities violated standards designed to prevent security breaches, highlighting the urgent need for improved defenses. The alert comes as smaller communities become prime targets for attacks by groups linked to hostile actors in Russia, Iran, and China.
  • In recent assessments, federal officials found water systems failing to implement basic security protocols, such as changing default passwords and revoking access from former employees. With many utilities relying heavily on computer software for operations, the EPA emphasized the importance of safeguarding both information technology and process controls to ensure uninterrupted water supply and safety.
  • “In many cases, systems are not doing what they are supposed to be doing, which is to have completed a risk assessment of their vulnerabilities that includes cybersecurity and to make sure that plan is available and informing the way they do business,” said EPA Deputy Administrator Janet McCabe. She added: “China, Russia, and Iran are actively seeking the capability to disable U.S. critical infrastructure, including water and wastewater systems.”
  • Recent incidents include the Iranian-affiliated Cyber Av3ngers hacking a small Pennsylvania town’s water utility and a Russian-linked group targeting Texas utilities. In the past, most cyber attacks on utilities have been spearheaded by private actors looking to ransom back access to the owners in the hopes of receiving a cash payment. However, hostile state-aligned actors have also stepped up attacks in recent years. U.S. officials have acknowledged that ‘Volt Typhoon,’ a Chinese-affiliated cyber group, has carried out multiple attacks on U.S. infrastructure.

Read the original article by clicking here.

Rise of Artificial Intelligence poses challenges to Cybersecurity

Revelations 13:14 “…by the signs that it is allowed to work in the presence of the beast it deceives those who dwell on earth…”

Important Takeaways:

  • Criminals have been early adopters, with Zscaler citing AI as a factor in the 47 percent surge in phishing attacks it saw last year. Crooks are automating more personalized texts and scripted voice recordings while dodging alarms by going through such unmonitored channels as encrypted WhatsApp messages on personal cellphones. Translations to the target language are getting better, and disinformation is harder to spot, security researchers said.
  • That is just the beginning, experts, executives and government officials fear, as attackers use artificial intelligence to write software that can break into corporate networks in novel ways, change appearance and functionality to beat detection, and smuggle data back out through processes that appear normal.
  • “It is going to help rewrite code,” National Security Agency cybersecurity chief Rob Joyce warned the conference. “Adversaries who put in work now will outperform those who don’t.”
  • The result will be more believable scams, smarter selection of insiders positioned to make mistakes, and growth in account takeovers and phishing as a service, where criminals hire specialists skilled at AI.
  • Those pros will use the tools for “automating, correlating, pulling in information on employees who are more likely to be victimized,” said Deepen Desai, Zscaler’s chief information security officer and head of research.
  • AI will help defenders as well, scanning reams of network traffic logs for anomalies, making routine programming tasks much faster, and seeking out known and unknown vulnerabilities that need to be patched, experts said in interviews.
  • Some companies have added AI tools to their defensive products or released them for others to use freely. Microsoft, which was the first big company to release a chat-based AI for the public, announced Microsoft Security Copilot in March. It said users could ask questions of the service about attacks picked up by Microsoft’s collection of trillions of daily signals as well as outside threat intelligence.

Read the original article by clicking here.

President Biden issues warning of potential Cyber Attack

  • Biden releases Russian cyberattack warning to all Americans – here it is
  • This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience.
  • I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners.
  • Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks.
  • We need everyone to do their part to meet one of the defining threats of our time — your vigilance and urgency today can prevent or mitigate attacks tomorrow.

Read the original article by clicking here.

U.S. to tell critical rail, air companies to report hacks, name cyber chiefs

By Christopher Bing

(Reuters) -The Transportation Security Administration will introduce new regulations that compel the most important U.S. railroad and airport operators to improve their cybersecurity procedures, Homeland Security Secretary Alejandro Mayorkas said on Wednesday.

The upcoming changes will make it mandatory for “higher-risk” rail transit companies and “critical” U.S. airport and aircraft operators to do three things: name a chief cyber official, disclose hacks to the government and draft recovery plans for if an attack were to occur.

The planned regulations come after cybercriminals attacked a major U.S. pipeline operator, causing localized gas shortages along the U.S. East Coast in May. The incident led to new cybersecurity rules for pipeline owners in July.

“Whether by air, land, or sea, our transportation systems are of utmost strategic importance to our national and economic security,” Mayorkas said. “The last year and a half has powerfully demonstrated what’s at stake.”

A key concern motivating the new policies comes from a growth in ransomware attacks against critical infrastructure companies.

“It’s the first of its kind with respect to the cyber focus,” said a senior homeland security official, who declined to be named, about the railway security directive and an update to aviation security programs.

Ransomware, a type of malware variant that encrypts a victimized system until the owner pays a ransom in the form of cryptocurrency to the hacker, has become increasingly common in recent years.

“If transportation does not work, if people can’t go from A to B, then it can create pressure pretty quickly [to pay the ransom],” said the senior official.

The announcement also follows reports in June of a Chinese hacking group infiltrating New York City’s Metropolitan Transportation Authority and an August 2020 ransomware attack https://www.inquirer.com/transportation/septa-malware-attack-employees-riders-app-announcements-20200824.html against the Southeastern Pennsylvania Transportation Authority, causing a disruption to services.

The Homeland Security Department helped investigate the MTA incident alongside other federal agencies, including the FBI.

Last month, the TSA notified the private sector about the impending regulations, said the senior official, and the agency is currently receiving feedback.

The regulations will become active before the end of 2021.

(Reporting by Christopher Bing; editing by Diane Craft)

Iowa farm services firm: systems offline due to cybersecurity incident

By Karl Plume and Christopher Bing

CHICAGO (Reuters) -Iowa-based farm services provider NEW Cooperative Inc said on Monday its systems were offline to contain a “cybersecurity” incident just as the U.S. farm belt gears up for harvest.

The cooperative operates grain storage elevators in the top U.S. corn producing state, buys crops from farmers, sells fertilizer and other chemicals needed to grow crops and owns technology platforms for farmers that provide agronomic advice on the way to maximize their harvests.

“We have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained,” NEW Cooperative Inc said in a statement. “We also quickly notified law enforcement and are working closely with data security experts to investigate and remediate the situation.”

Several grain storage elevators operated by NEW Cooperative contacted by Reuters were open.

The timing of the attack is making it crucial that NEW gets their systems back online as soon as possible as many farmers will start their combines this week and begin delivering crops to NEW’s elevators across Iowa, said Don Roose, president of U.S. Commodities in West Des Moines, Iowa.

“They have got you boxed into a corner,” Roose said. “Harvest is right now. This is the week that we are just starting to ramp up harvest, particularly for soybeans.”

Cybersecurity has risen to the top of the agenda for the Biden administration after a series of high-profile attacks on network management company SolarWinds Corp, the Colonial Pipeline’s oil network, meat processing company JBS and software firm Kaseya. The attacks hurt the United States far beyond just the companies hacked, affecting fuel and food supplies.

A spokesperson for the U.S. Cybersecurity and Infrastructure Security Agency declined to comment on the incident at NEW Cooperative.

The Federal Bureau of Investigation did not immediately respond to a request for comment.

“This is a very clear attack on an organization that is part of our critical infrastructure,” said Allan Liska, a senior analyst with U.S. cybersecurity firm Recorded Future. “This could result in disruptions to food delivery in parts of the country.”

A Russian-speaking cybercriminal group named BlackMatter said on its website they had recently stolen data from NEW Cooperative.

BlackMatter is known for using ransomware to threaten their victims with data leaks, often extorting them for a crypto currency payment.

The claim follows a July meeting between U.S. President Joe Biden and Russian President Vladimir Putin, where Biden reportedly told Putin that “critical infrastructure” companies should be off limits to ransomware gangs.

Cybersecurity experts and federal prosecutors say ransomware groups often operate from Russia or Ukraine. The “food and agriculture” industry is publicly defined as a critical infrastructure sector by the Department of Homeland Security.

(Reporting by Karl Plume, Editing by Franklin Paul, David Gregorio and Marguerita Choy)

Cyber threats top agenda at White House meeting with Big Tech, finance executives

WASHINGTON (Reuters) – The White House will ask Big Tech, the finance industry and key infrastructure companies to do more to tackle the growing cybersecurity threat to the U.S. economy in a meeting with the President Joe Biden and members of his cabinet on Wednesday.

“Cybersecurity is a matter of national security. The public and private sectors must meet this moment together, and the American people are counting on us,” a senior administration official told reporters.

Cybersecurity has risen to the top of the agenda for the Biden administration after a series of high-profile attacks on network management company SolarWinds Corp, the Colonial Pipeline company, meat processing company JBS and software firm Kaseya. The attacks hurt the United States far beyond just the companies hacked, affecting fuel and food supplies.

The guest list includes Amazon.com Inc CEO Andy Jassy, Apple Inc CEO Tim Cook, Microsoft Corp CEO Satya Nadella, Google’s parent Alphabet Inc CEO Sundar Pichai and IBM Chief Executive Arvind Krishna, according to two people familiar with the event.

One official said private sector executives were expected to announce commitments across key areas, including technology and staffing.

The meeting comes as Congress weighs legislation concerning data breach notification laws and cybersecurity insurance industry regulation, historically viewed as two of the most consequential policy areas within the field.

Executives for energy utility firm Southern Co and financial giant JPMorgan Chase & Co are also expected to attend the event.

The event will feature top cybersecurity officials from the Biden administration, including recently confirmed National Cybersecurity Director Chris Inglis, as well as Secretary of Homeland Security Alejandro Mayorkas, to lead different conversations with industry representatives.

(Reporting by Andrea Shalal and Christopher Bing; Editing by Lisa Shumaker)

White House calls on America’s most critical companies to improve cyber defenses

By Christopher Bing and Nandita Bose

WASHINGTON (Reuters) – The White House is signaling to U.S. critical infrastructure companies, such as energy providers that they must improve their cyber defenses because additional potential regulation is on the horizon.

U.S. President Joseph Biden signed a national security memorandum on Wednesday, launching a new public-private initiative that creates “performance controls” for cybersecurity at America’s most critical companies, including water treatment and electrical power plants.

The recommendations are voluntary in nature, but the administration hopes it will cause companies to improve their cybersecurity ahead of other policy efforts, said a senior administration official.

The announcement comes after multiple high profile cyberattacks this year crippled American companies and government agencies, including a ransomware incident which disrupted gasoline supplies.

“These are the thresholds that we expect responsible owners and operators to go,” said the official. “The absence of mandated cybersecurity requirements for critical infrastructure is what in many ways has brought us to the level of vulnerability that we have today.”

“We are pursuing all options we have in order to make the rapid progress we need,” they added.

Biden on Tuesday warned that if the United States ended up in a “real shooting war” with a “major power” it could be the result of a significant cyber attack on the United States, highlighting what Washington sees as a growing threat posed by hackers from Russia, China, Iran and North Korea.

“The federal government cannot do this alone,” said the official. “Almost 90% of critical infrastructure is owned and operated by the private sector. Securing it requires a whole of nation effort.”

The official described the current state of cybersecurity rules for critical infrastructure companies as “patchwork” and “piecemeal.”

“We’ve kicked the can down the road for a long time,” said the official.

(Reporting by Christopher Bing; Editing by Lincoln Feast.)

U.S. and Russian officials will meet next week on ransomware – White House

By Raphael Satter and Andrea Shalal

WASHINGTON (Reuters) -Ransomware attacks on U.S. businesses, such as the latest one centered on Florida IT firm Kaseya, will be discussed at a meeting of senior U.S. and Russian officials next week, the White House said on Tuesday.

“We expect to have a meeting next week focused on ransomware attacks,” spokeswoman Jen Psaki told reporters.

The ransomware attack on Friday scrambled the data of hundreds of small businesses worldwide, including many in the United States. Kaseya said in a statement on Tuesday they were never a threat to critical U.S. infrastructure, however.

The cyberattack was the latest in a series of intrusions from hackers who have made a lucrative business out of holding organizations’ data hostage in return for digital currency payments.

Although cybercrimes have been going on for years, the attacks have escalated dramatically recently, and an intrusion at Colonial Pipeline in May snarled U.S. gasoline supplies up and down the East Coast.

Psaki said Biden would meet with officials from the Justice Department, State Department, the Department of Homeland Security and the intelligence community on Wednesday to discuss ransomware and U.S. efforts to counter it.

The hack that struck Kaseya’s clients – many of whom are back office IT shops commonly referred to as managed service providers – did not have the same kind of impact in the United States as the ransoming of Colonial Pipeline.

Disruption elsewhere was more severe.

In Sweden, many of the 800 grocery stores run by the Coop chain are still in the process of recovering from the attack, which knocked out most of its supermarkets, though a spokesman told Reuters “we have more open stores than closed ones now.”

In New Zealand, 11 schools and several kindergartens were affected.

Germany’s cybersecurity watchdog, BSI, said on Tuesday that it was aware of three IT service providers in Germany that have been affected, with a spokesperson estimating that several hundred companies were touched overall.

“In Germany there are no cases as prominent as the one in Sweden,” the spokesperson added.

The hackers who claimed responsibility for the breach have demanded $70 million to restore all the affected businesses’ data, although they have indicated a willingness to temper their demands in private conversations with a cybersecurity expert and with Reuters.

(Reporting by Raphael Satter; Douglas Busvine in Frankfurt and Johan Ahlander in Stockholm also contributed reporting. Editing by Kirsten Donovan, Alistair Bell and Sonya Hepinstall)

White House warns companies to step up cybersecurity

By Doina Chiacu

WASHINGTON (Reuters) – The White House warned corporate executives and business leaders on Thursday to step up security measures to protect against ransomware attacks after intrusions disrupted operations at a meatpacking company and a southeastern oil pipeline.

There has been a significant hike in the frequency and size of ransomware attacks, Anne Neuberger, cybersecurity adviser at the National Security Council, said in a letter.

“The threats are serious and they are increasing. We urge you to take these critical steps to protect your organizations and the American public,” she added.

The recent cyberattacks have forced companies to see ransomware as a threat to core business operations and not just data theft, as ransomware attacks have shifted from stealing to disrupting operations, she said.

Strengthening the country’s resilience to cyberattacks was one of President Joe Biden’s top priorities, she added.

“The private sector also has a critical responsibility to protect against these threats. All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” Neuberger wrote.

The letter came after a major meatpacker resumed U.S. operations on Wednesday following a ransomware attack that disrupted meat production in North America and Australia.

A Russia-linked hacking group that goes by the name of REvil and Sodinokibi was behind the cyberattack against JBS SA, a source familiar with the matter told Reuters.

The cyberattack followed one last month by a group with ties to Russia on Colonial Pipeline, the largest fuel pipeline in the United States, which crippled fuel delivery for several days in the U.S. Southeast.

Biden believes Russian President Vladimir Putin has a role to play in preventing these attacks and planned to bring up the issue during their summit this month, White House press secretary Jen Psaki said on Wednesday.

Neuberger’s letter outlined immediate steps companies can take to protect themselves from ransomware attacks, which can have ripple effects far beyond the company and its customers.

Those include best practices such as multifactor authentication, endpoint detection and response, encryption and a skilled security team. Companies should back up data and regularly test systems, as well as update and patch systems promptly.

Neuberger advised that companies test incident response plans and use a third party to test the security team’s work.

She said it was critical that corporate business functions and production operations be run on separate networks.

(Reporting by Doina Chiacu; Editing by David Holmes and Steve Orlofsky)

White House cyber adviser says it will take months to investigate Russian hack

By Christopher Bing

(Reuters) – The White House’s top cybersecurity adviser said on Wednesday an investigation into a sprawling Russian hacking operation against the United States, known as the SolarWinds hack, will take several more months to complete.

White House Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger said that a total of nine federal agencies and 100 private-sector companies had been affected by the hack, which first came to light in December.

She also said that a number of the affected private-sector companies were technology companies, which were breached to facilitate access to other victims.

The FBI, the Department of Homeland Security and several other U.S. government agencies have been digging into affected computer networks ever since the hacks’ discovery to find clues about the attackers. While multiple U.S. government officials have said the hackers came from Russia, they have offered little additional detail.

“We believe it took them months to plan and compromise,” said Neuberger. “It will take us some time to uncover this layer by layer.”

The Biden administration is currently working on set of cybersecurity policies to prevent a similar style attack, and Neuberger predicted some of these recommendations would become part of an upcoming “executive action.”

Government statements and public reporting have revealed that a diverse list of federal agencies were breached by the hackers, including the Justice, Treasury, Homeland Security and Commerce departments. In those cases, the hackers typically attempted to steal emails belonging to high-ranking officials, Reuters previously reported.

“When there is a compromise of this scope & scale, both across govt & across the U.S. technology sector to lead to follow on intrusions, it is more than a single incident of espionage,” said Neuberger. “It’s fundamentally of concern for the ability for this to become disruptive.”

The recent government cyberattack is commonly referred to as the SolarWinds hack because of how the cyber spies exploited software created and sold by Texas technology company SolarWinds, which makes a popular network management tool that is commonly deployed across both U.S. government and private sector computer networks.

While SolarWinds was the first known supply chain victim of this hacking campaign, cybersecurity experts and government officials have cautioned that other technology companies were similarly exploited as part of the same operation.

(Reporting by Christopher Bing; Editing by Chris Reese, Nick Macfie and Jonathan Oatis)