POPULARITY
Podcast: Cyber Security Weekly Podcast (LS 38 · TOP 2% what is this?)Episode: Episode 414 - Winning the OT Security BattlePub date: 2024-09-24We sat down with Tim Conway and Robert Lee, two leading cybersecurity experts, to discuss pressing issues in OT cybersecurity.CrowdStrike Lessons LearnedTim and Robert began by examining the CrowdStrike incident from July 2024. They highlighted the dangers of over-relying on trusted technology without sufficient testing and verification, and the importance of integrating resilience into systems and avoiding a one-size-fits-all security approach.Cyber Threat LandscapeRobert discussed the rise of sophisticated malware like Fuxnet, Frostygoop and Pipe Dream, designed to target OT systems. Fuxnet was a highly targeted attack aimed at disrupting critical infrastructure in Russia, while Frostygop used similar techniques against Ukraine. In contrast, Pipe Dream serves as a more versatile attack framework applicable to various OT systems. He underscored an important lesson: even if specific malware isn't reused, studying its tactics can improve our prevention, detection, and response strategies. The key takeaway: threats to OT environments are growing, with increasingly targeted efforts from a range of actors.Critical Control – ICS Network VisibilityTim and Robert addressed the challenges of gaining visibility into OT devices. Tim noted that OT environments are diverse and require more than a one-size-fits-all approach. Each environment has unique characteristics that must be considered. While attackers exploit both commonalities and specific features, defenders must balance the need for visibility with the risk of disrupting operations. Legacy systems without modern security features further complicate these efforts. Despite historical challenges in visibility due to limited capabilities and resistance to change, recent technological advances have improved the situation. However, new technologies, such as encryption, introduce additional complexities. A balanced approach, using critical controls as a framework, is essential for prioritizing security efforts and adapting to evolving needs.Critical Control – Incident Response PlanTim and Robert highlighted that many organizations lack specific incident response plans for OT, relying instead on general IT plans. Backup plans for power outages often do not address cyber attack scenarios. Effective OT incident response requires a tailored plan that includes data collection, safety procedures, and appropriate tools. In addition, maturity in incident response involves having a detailed, operationally integrated plan that addresses various scenarios, including handling outages and restoring systems without SCADA support. OT and IT ConvergenceTim and Robert discussed several crucial aspects of OT security. They noted that the increasing interconnection between IT and OT systems has elevated the risk of attacks transitioning from IT to OT environments. Additionally, remote access, often used for vendor support, presents a significant security threat.They emphasized the distinct characteristics of OT systems, which necessitate specialized security approaches. Treating OT and IT as identical can lead to dangerous oversimplifications and vulnerabilities. Therefore, security measures must be tailored to the specific needs of OT environments, considering their safety, physical constraints, and unique risks.Tim and Robert also touched on cyber-informed engineering. Key takeaways include recognizing common attack vectors from IT systems, implementing distinct security strategies for OT, and avoiding the assumption that OT and IT are the same. Tailoring security measures to the specific needs and constraints of OT environments is essential for effective protection.Celebrating WinsFinally, Tim and Robert highlighted the importance of celebrating cybersecurity successes, such as defending against VOLTZITE. Recognizing and celebrating these victories can boost morale and encourage teams to continue their efforts. Tim Conway, Senior Instructor, https://www.sans.org/profiles/tim-conway/Tim serves as the Technical Director of ICS and SCADA programs at SANS, and he is responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. A recognized leader in CIP operations, he formerly served as the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO), where he was responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric.Robert M. Lee, Fellow, https://www.sans.org/profiles/robert-m-lee/ SANS fellow Robert M. Lee brings to the classroom one of the most valuable and respected of credentials: real-world experience. Robert is the CEO and founder of his own company, Dragos, Inc., that provides cyber security solutions for industrial control system networks. Further viewing; https://youtu.be/BiUpuRk6pvA?si=xQcx9oiJOxQu0n7H#mysecuritytv #otcybersecurityThe podcast and artwork embedded on this page are from MySecurity Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
We sat down with Tim Conway and Robert Lee, two leading cybersecurity experts, to discuss pressing issues in OT cybersecurity.CrowdStrike Lessons LearnedTim and Robert began by examining the CrowdStrike incident from July 2024. They highlighted the dangers of over-relying on trusted technology without sufficient testing and verification, and the importance of integrating resilience into systems and avoiding a one-size-fits-all security approach.Cyber Threat LandscapeRobert discussed the rise of sophisticated malware like Fuxnet, Frostygoop and Pipe Dream, designed to target OT systems. Fuxnet was a highly targeted attack aimed at disrupting critical infrastructure in Russia, while Frostygop used similar techniques against Ukraine. In contrast, Pipe Dream serves as a more versatile attack framework applicable to various OT systems. He underscored an important lesson: even if specific malware isn't reused, studying its tactics can improve our prevention, detection, and response strategies. The key takeaway: threats to OT environments are growing, with increasingly targeted efforts from a range of actors.Critical Control – ICS Network VisibilityTim and Robert addressed the challenges of gaining visibility into OT devices. Tim noted that OT environments are diverse and require more than a one-size-fits-all approach. Each environment has unique characteristics that must be considered. While attackers exploit both commonalities and specific features, defenders must balance the need for visibility with the risk of disrupting operations. Legacy systems without modern security features further complicate these efforts. Despite historical challenges in visibility due to limited capabilities and resistance to change, recent technological advances have improved the situation. However, new technologies, such as encryption, introduce additional complexities. A balanced approach, using critical controls as a framework, is essential for prioritizing security efforts and adapting to evolving needs.Critical Control – Incident Response PlanTim and Robert highlighted that many organizations lack specific incident response plans for OT, relying instead on general IT plans. Backup plans for power outages often do not address cyber attack scenarios. Effective OT incident response requires a tailored plan that includes data collection, safety procedures, and appropriate tools. In addition, maturity in incident response involves having a detailed, operationally integrated plan that addresses various scenarios, including handling outages and restoring systems without SCADA support. OT and IT ConvergenceTim and Robert discussed several crucial aspects of OT security. They noted that the increasing interconnection between IT and OT systems has elevated the risk of attacks transitioning from IT to OT environments. Additionally, remote access, often used for vendor support, presents a significant security threat.They emphasized the distinct characteristics of OT systems, which necessitate specialized security approaches. Treating OT and IT as identical can lead to dangerous oversimplifications and vulnerabilities. Therefore, security measures must be tailored to the specific needs of OT environments, considering their safety, physical constraints, and unique risks.Tim and Robert also touched on cyber-informed engineering. Key takeaways include recognizing common attack vectors from IT systems, implementing distinct security strategies for OT, and avoiding the assumption that OT and IT are the same. Tailoring security measures to the specific needs and constraints of OT environments is essential for effective protection.Celebrating WinsFinally, Tim and Robert highlighted the importance of celebrating cybersecurity successes, such as defending against VOLTZITE. Recognizing and celebrating these victories can boost morale and encourage teams to continue their efforts. Tim Conway, Senior Instructor, https://www.sans.org/profiles/tim-conway/Tim serves as the Technical Director of ICS and SCADA programs at SANS, and he is responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. A recognized leader in CIP operations, he formerly served as the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO), where he was responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric.Robert M. Lee, Fellow, https://www.sans.org/profiles/robert-m-lee/ SANS fellow Robert M. Lee brings to the classroom one of the most valuable and respected of credentials: real-world experience. Robert is the CEO and founder of his own company, Dragos, Inc., that provides cyber security solutions for industrial control system networks. Further viewing; https://youtu.be/BiUpuRk6pvA?si=xQcx9oiJOxQu0n7H#mysecuritytv #otcybersecurity
Cybersecurity is crucial for the electric sector to safeguard critical infrastructure from cyber threats and potential disruptions, ensuring the reliable and secure delivery of electricity to homes, businesses, and essential services. In episode 6, Robert M. Lee, CEO and Co-Founder of Dragos provides an overview of the top cyber threats facing electric utilities and the role that Dragos plays in strengthening ICS and OT resilience. Resources: Dragos Community Defense Program: https://www.dragos.com/community/community-defense-program/ Dragos 2023 OT Cybersecurity Year in Review report: https://www.dragos.com/ot-cybersecurity-year-in-review/ SANS Instructor Biography: https://www.sans.org/profiles/robert-m-lee/ Sandworm book: https://www.amazon.com/Sandworm-Cyberwar-Kremlins-Dangerous-Hackers/dp/0385544405 'U.S. Government Disrupts Botnet People's Republic of China Used to Conceal Hacking of Critical Infrastructure': https://www.justice.gov/opa/pr/us-government-disrupts-botnet-peoples-republic-china-used-conceal-hacking-critical 'Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation's Main Intelligence Directorate of the General Staff (GRU)': https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian 'A Global Police Operation Just Took Down the Notorious LockBit Ransomware Gang': https://www.wired.com/story/lockbit-ransomware-takedown-website-nca-fbi/ 'Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology': https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology The Five ICS Cybersecurity Critical Controls: https://www.sans.org/white-papers/five-ics-cybersecurity-critical-controls/ SECURING OPERATIONAL TECHNOLOGY: A DEEP DIVE INTO THE WATER SECTOR: https://homeland.house.gov/hearing/securing-operational-technology-a-deep-dive-into-the-water-sector/
A security researcher has been charged in an alleged multi-million dollar theft scheme targeting Apple. A House committee hearing explores OT security. Fortinet withdraws accidental CVEs. 2023 saw record highs in ransomware payments. A youtuber finds a cheap and easy bypass for Bitlocker encryption. Political pressure proves challenging for the JCDC. New Hampshire tracks down those fake Biden robocalls. European security agencies bolster warnings about Ivanti devices. HHS fines a New York medical center millions over an identity theft ring. On our sponsored Industry Voices segment, Navneet Singh, Vice President of Marketing Network Security at Palo Alto Networks, shares some practical examples of healthcare organizations transitioning to the cloud. Giving that toothbrush story the brushoff. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Navneet Singh, Vice President of Marketing Network Security at Palo Alto Networks, discusses the transition to the cloud and shares some practical examples in healthcare. Selected Reading A Security Researcher Allegedly Scammed Apple (404 Media) US House Homeland Security subcommittee addresses OT threats, CISA's role in securing OT - Industrial Cyber (Industrial Cyber) Operational Technology disruptions: An eye on the water sector. Robert M. Lee's opening statement to before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection. (Control Loop podcast) Securing Operational Technology: A Deep Dive into the Water Sector (Homeland Security Events YouTube) Fortinet Patches Critical Vulnerabilities in FortiSIEM (SecurityWeek) Fortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in error (Bleeping Computer) Ransomware hackers raked in $1 billion last year from victims (NBC News) BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico — key can be sniffed when using an external TPM (Tom's Hardware) The far right is scaring away Washington's private hacker army (POLITICO) N.H. attorney general says he found source of fake Biden robocalls (NBC News) European security agencies publish joint statement on Ivanti Connect Secure, Policy Secure vulnerabilities (Industrial Cyber) Medical Center Fined $4.75M in Insider ID Theft Incident (GovInfoSecurity) Surprising 3 Million Hacked Toothbrushes Story Goes Viral—Is It True? (Forbes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
The DOJ concludes its xDedic Marketplace investigation. A cyberattack shuts down a major mortgage lender. The Swiss Air Force suffers third party breach. An update on SilverRAT. The Space Force emphasizes collaboration for effective cyber growth. The DOE announces cyber resilience funding. Merck reaches a settlement on NotPetya. NIST warns of AI threats. Our guest is Dragos CEO Robert M. Lee, with a look at intellectual property theft in manufacturing. And Chump Change fines for big tech. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Robert M. Lee, founder and CEO of Dragos, to discuss intellectual property theft in manufacturing. Selected Reading AsyncRAT campaign targets US infrastructure. (CyberWire) 19 Individuals Worldwide Charged In Transnational Cybercrime Investigation Of The xDedic Marketplace (US Department of Justice) Space Force is crafting in-house cyber teams but sees need for closer work with USCYBERCOM (Nextgov/FCW) Energy Department has cyber threats to infrastructure in mind with $70 million funding offer (FedScoop) Swiss Air Force documents exposed via cyber attack on third party (BeyondMachines.net) Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack (SecurityWeek) Merck settles with insurers who denied $700 million NotPetya claim (The Record) Syrian Threat Group Peddles Destructive SilverRAT (DarkReading) NIST Warns of Security and Privacy Risks from Rapid AI System Deployment (The Hacker News) Mortgage firm loanDepot cyberattack impacts IT systems, payment portal (BleepingComputer) Big Tech has already made enough money in 2024 to pay all its 2023 fines (Proton) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
CISA claims "No credible threats" to yesterday's US elections. Criminals seek to profit from the .ai top level domain. A Singapore resort sustains a cyberattack. A look ahead at holiday cyber threats. A major Chinese cyberespionage effort against Cambodia. The four cyber phases of a hybrid war. Robert M. Lee from Dragos explains how outside forces affect OT and critical infrastructure security. Our guest is Dan Neault of Imperva sharing how organizations are behind the eight-ball when relying upon real-time analytics. Cyber and electronic threats to space systems. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/214 Selected reading. CISA Sees Smooth Election Day Operations, No ‘Credible' Threats (Meritalk) The rise of .ai: cyber criminals (and Anguilla) look to profit (Netcraft) Singapore's Marina Bay Sands Says It Was Hit in Data Breach (Bloomberg) Marina Bay Sands discloses data breach impacting 665,000 customers (BleepingComputer) Personal data of 665,000 Marina Bay Sands lifestyle rewards members accessed in data security breach (CNA) Report Examines Cyber Threat Trends Facing Retail and Hospitality This Holiday Season (RH-ISAC) Chinese APT Targeting Cambodian Government (Unit 42) Chinese cyberspies have widely penetrated networks of ally Cambodia (Washington Post) Cyber Escalation in Modern Conflict: Exploring Four Possible Phases of the Digital Battlefield (Flashpoint) Cyber Security of Space Systems ‘Crucial,' As US Space Force Official Notes Recent Attacks (Via Satellite) Learn more about your ad choices. Visit megaphone.fm/adchoices
In this week's security sprint, Dave and Andy talk about the following topics: Israel War Director Wray Addresses International Association of Chiefs of Police Conference. FBI director warns of rise in terror threats against Americans, potential copy-cat attacks on US soil. Faith Based Updates: FB-ISAO Newsletter, v5, Issue 10 The White House Office of Faith-Based and Neighborhood Partnerships releases Allied Against Hate: A Toolkit for Faith Communities - Tools and Resources to Protect Places of Worship DHS: Resources and Information for Faith and Community Leaders Regarding the Situation in Israel Hostile Events State Fair of Texas evacuated after shooting, one suspect in custody Suspect charged in State Fair of Texas shooting that injured 3 School plot: https://www.news4jax.com/news/local/2023/10/06/3-creekside-high-students-facing-charges-for-school-threat-hit-lists-deputies-say/ Nation State. 12 October 2023 NCSC / FBI Safeguarding Our Future bulletin – Russian Intelligence Poses a Persistent Threat to the United States. IBM Security Intelligence: 10 years in review: Cost of a Data Breach Quick Hits Signal says there is no evidence rumored zero-day bug is real. Ransomware: CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware. As part of the Ransomware Vulnerability Warning Pilot (RVWP), CISA launched two new resources for combating ransomware campaigns: Ransomware Vulnerability Warning Pilot updates: Now a One-stop Resource for Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware Colonial Pipeline was hacked. No, wait, Accenture was hacked. No, wait….. untangling claims. (2) Colonial Pipeline Denies Breach by RANSOMEDVC Ransomware Group Reports of second cyberattack on Colonial Pipeline false, company says Robert M. Lee on ransomware group statement. Newest Ransomware Trend: Attackers Move Faster with Partial Encryption The Week in Ransomware - October 13th 2023 - Increasing Attacks US Secret Service: Announcing a New Series of Live Virtual Presentations on Targeted Violence Prevention. CISA, FBI, NSA, and Treasury Release Guidance on OSS in IT/ICS Environments CISO Research Reveals 90% of Organizations Suffered At Least One Major Cyber Attack in the Last Year; 83% Report Ransomware Payments FTC Data Shows Consumers Report Losing $2.7 Billion to Social Media Scams Since 2021 UK NCSC: Mastering your supply chain: A new collection of resources from the NCSC can help take your supply chain knowledge to the next level EPA calls off cyber regulations for water sector
Building a proxy botnet. Active flaws in PowerShell Gallery. A cyber incident disrupts Clorox. Scams lure would-be mobile beta-testers. Lessons learned from the Russian cyberattack on Viasat. An update on cyber threats to Starlink. Robert M. Lee from Dragos shares his thoughts on the waves of layoffs that have gone through the industry. Steve Leeper of Datadobi explains mitigating risks associated with illegal data on your network. And hey, world leader: it's never too late to stop manifesting a chronic cranio-urological condition, as they more-or-less say in the Quantum Realm. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/157 Selected reading. ProxyNation: The dark nexus between proxy apps and malware (AT&T Alien Labs) Massive 400,000 proxy botnet built with stealthy malware infections (BleepingComputer) PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks (Aqua Security) Clorox Operations Disrupted By Cyber-Attack (Infosecurity Magazine) Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications (IC3) FBI warns about scams that lure you in as a mobile beta-tester (Naked Security) Incident response lessons learned from the Russian attack on Viasat (CSO Online) Recent Intel Report Reveals New Starlink Vulnerabilities, Increasing Concerns About the Future of Global Satellite Internet (Debrief) Hacked electronic sign declares “Putin is a dickhead” as Russian ruble slumps (Graham Cluley)
Open Bullet malware is seen in the wild. Threat actors exploit a Salesforce vulnerability for phishing. BlueCharlie (that's Russia's FSB) shakes up its infrastructure. Midnight Blizzard (and that's Russia's SVR) uses targeted social engineering. How NoName057(16) moved on to Spanish targets. Robert M. Lee from Dragos shares his reaction to the White House's national cybersecurity strategy. Our guest Raj Ananthanpillai of Trua warns against oversharing with ChatGPT. And NSA releases guidance on hardening Cisco next-generation firewalls. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/147 Selected reading. No Honour Amongst Thieves: A New OpenBullet Malware Campaign (Kasada) “PhishForce” — Vulnerability Uncovered in Salesforce's Email Services Exploited for Phishing… (Medium) Hackers exploited Salesforce zero-day in Facebook phishing attack (BleepingComputer) Hackers exploit Salesforce email zero-day for Facebook phishing campaign (Computing) Russia-based hackers building new attack infrastructure to stay ahead of public reporting (Record) Midnight Blizzard conducts targeted social engineering over Microsoft Teams (Microsoft Security) Unraveling Russian Multi-Sector DDoS Attacks Across Spain (Radware) Pro-Russian Hackers Claim Cyberattacks on Italian Banks (MarketWatch) NSA Releases Guide to Harden Cisco Next Generation Firewalls (National Security Agency/Central Security Service) Cisco Firepower Hardening Guide (US National Security Agency)
Operational Technology (OT) security has never been more important. When beginning the work of securing your Industrial Control System (ICS) environment, there are five key controls you should consider. In this episode of Wait Just an Infosec, ICS security pioneer and expert Robert M. Lee takes the chair as host, exploring which key controls to focus on in your OT environment but through the lens of Digital Forensics and Incident Response (DFIR).Wait Just an Infosec is produced by the SANS Institute. You can watch the full, weekly Wait Just an Infosec live stream on the SANS Institute YouTube, LinkedIn, Twitter, and Facebook channels on Tuesdays at 10:00am ET (2:00pm UTC). Feature segments from each episode are published in a podcast format on Wednesdays at noon eastern. If you enjoy the Wait Just an Infosec live, weekly show covering the latest cybersecurity trends and news and featuring world-renowned information security experts, be sure and become a member of our community. When you join the SANS Community, you will have access to cutting edge cyber security news, training, and free tools you can't find anywhere else. Learn more about Wait Just an Infosec at sans.org/wjai and become a member of our community at sans.org/join. Connect with SANS on social media and watch the weekly live show: YouTube | LinkedIn | Facebook | Twitter
Podcast: Control Loop: The OT Cybersecurity Podcast (LS 33 · TOP 5% what is this?)Episode: Unique OT characteristics and points of IT convergence.Pub date: 2023-04-19Cyberattacks against Canada's agriculture sector. Hitachi ransomware incident. Africa's industrial sector under cyberattack. TSA issues new aviation cybersecurity requirements. Ransomware Vulnerability Warning Pilot supports critical infrastructure operators. Patch Tuesday and OT. Guest JD Christopher, Dragos' Director of Cyber Risk, discusses ICS security standards and regulations and how efforts finalized in 2022 will shape the OT programs of the next decade. In the Learning Lab, Dragos' Mark Urban is joined by their CEO Robert M. Lee to talk about the unique characteristics of OT and points of IT convergence.Control Loop News Brief.Cyberattacks against Canada's agriculture sector.Safety Net: A flock of chickens, held for ransom — Growing cyberattacks on Canada's food system threaten disaster (Financial Post)Hitachi ransomware incident.Hitachi Energy confirms data breach after Clop GoAnywhere attacks (BleepingComputer)Africa's industrial sector targeted with malware.Threat landscape for industrial automation systems. Statistics for H2 2022 (Kaspersky ICS CERT)A border-hopping PlugX USB worm takes its act on the road (Sophos)TSA issues new cybersecurity requirements for the aviation industry.TSA issues new cybersecurity requirements for airport and aircraft operators (PRNewswire)Ransomware Vulnerability Warning Pilot supports critical infrastructure operators.CISA Establishes Ransomware Vulnerability Warning Pilot Program (CISA)CISA now warns critical infrastructure of ransomware-vulnerable devices (BleepingComputer)Patch Tuesday and ICS.ICS Patch Tuesday: Siemens, Schneider Electric Address Dozens of Vulnerabilities (SecurityWeek)Control Loop Interview.The interview is with JD Christopher, Director of Cyber Risk at Dragos, sharing ICS security standards and regulations and how the efforts finalized in 2022 will shape OT programs of the next decade.Control Loop Learning Lab.On the Learning Lab, Mark Urban is joined by Dragos CEO Robert M. Lee to discuss unique OT characteristics and points of IT convergence.Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website.The podcast and artwork embedded on this page are from N2K Networks, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Cyberattacks against Canada's agriculture sector. Hitachi ransomware incident. Africa's industrial sector under cyberattack. TSA issues new aviation cybersecurity requirements. Ransomware Vulnerability Warning Pilot supports critical infrastructure operators. Patch Tuesday and OT. Guest JD Christopher, Dragos' Director of Cyber Risk, discusses ICS security standards and regulations and how efforts finalized in 2022 will shape the OT programs of the next decade. In the Learning Lab, Dragos' Mark Urban is joined by their CEO Robert M. Lee to talk about the unique characteristics of OT and points of IT convergence. Control Loop News Brief. Cyberattacks against Canada's agriculture sector. Safety Net: A flock of chickens, held for ransom — Growing cyberattacks on Canada's food system threaten disaster (Financial Post) Hitachi ransomware incident. Hitachi Energy confirms data breach after Clop GoAnywhere attacks (BleepingComputer) Africa's industrial sector targeted with malware. Threat landscape for industrial automation systems. Statistics for H2 2022 (Kaspersky ICS CERT) A border-hopping PlugX USB worm takes its act on the road (Sophos) TSA issues new cybersecurity requirements for the aviation industry. TSA issues new cybersecurity requirements for airport and aircraft operators (PRNewswire) Ransomware Vulnerability Warning Pilot supports critical infrastructure operators. CISA Establishes Ransomware Vulnerability Warning Pilot Program (CISA) CISA now warns critical infrastructure of ransomware-vulnerable devices (BleepingComputer) Patch Tuesday and ICS. ICS Patch Tuesday: Siemens, Schneider Electric Address Dozens of Vulnerabilities (SecurityWeek) Control Loop Interview. The interview is with JD Christopher, Director of Cyber Risk at Dragos, sharing ICS security standards and regulations and how the efforts finalized in 2022 will shape OT programs of the next decade. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos CEO Robert M. Lee to discuss unique OT characteristics and points of IT convergence. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.
The FBI is investigating incidents on its networks. Frebniis backdoors Microsoft servers. ProxyShell vulnerabilities are used to install a cryptominer. Havoc's post-exploitation framework. Atlassian discloses a data breach. German airports sustain a cyber incident. An Aspen Institute report concludes that cyber assistance benefits Ukraine. US announces "Disruptive Technology Strike Force." Robert M. Lee from Dragos on the value of capture the flag events. Our guests are Commander Brandon Campbell of US Navy Cyber Defense Operations Command and Captain Steve Correia, Commanding Officer of Naval Network Warfare Command. And CISA releases fifteen ICS advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/33 Selected reading. Exclusive: FBI says it has 'contained' cyber incident on bureau's computer network (CNN) Frebniis: New Malware Abuses Microsoft IIS Feature to Establish Backdoor (Symantec, by Broadcom Software) ProxyShellMiner Campaign Creating Dangerous Backdoors (Morphisec) Attacks with novel Havoc post-exploitation framework identified (SC Media) Atlassian says recent data leak stems from third-party vendor hack (BleepingComputer) German airport websites down in possible hacker attack (Deutsche Welle) The Cyber Defense Assistance Imperative – Lessons from Ukraine (Aspen Institute) U.S. launches 'disruptive technology' strike force to target national security threats (Reuters) Justice Department to Increase Scrutiny of Technology Exports, Investments (Wall Street Journal) ICS-CERT Advisories (CISA)
War-floating. A phishing campaign pursues Ukrainian and Polish targets. Pakistan's navy is under cyberattack. A new criminal threat-actor uses screenshots for recon. ESXiArgs is widespread, but its effects are still being assessed. The UK and US issue joint sanctions against Russian ransomware operators. Robert M. Lee from Dragos addresses attacks to electrical substations. Our guest is Denny LeCompte from Portnox discussing IoT security segmentation strategies. And is LockBit next on law enforcement's wanted list? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/27 Selected reading. Chinese Balloon Had Tools to Collect Communications Signals, U.S. Says (New York Times) UAC-0114 Campaign Targeting Ukrainian and Polish Gov Entitities (The State Cyber Protection Centre of the State Service of Special Communication and Information Protection of Ukraine) NewsPenguin, a Previously Unknown Threat Actor, Targets Pakistan with Advanced Espionage Tool (BlackBerry) Screentime: Sometimes It Feels Like Somebody's Watching Me (Proofpoint) Florida state court system, US, EU universities hit by ransomware outbreak (Reuters). No evidence global ransomware hack was by state entity, Italy says (Reuters) Ransomware campaign stirs worry despite uncertain impact (Washington Post) VMware Security Response Center (vSRC) Response to 'ESXiArgs' Ransomware Attacks (VMware Security Blog) CISA and FBI Release ESXiArgs Ransomware Recovery Guidance (CISA) United States and United Kingdom Sanction Members of Russia-Based Trickbot Cybercrime Gang (U.S. Department of the Treasury) Ransomware criminals sanctioned in joint UK/US crackdown on international cyber crime (National Crime Agency)
CISA adds to its Known Exploited Vulnerability Catalog. Attacks against industrial systems. DNV is recovering from ransomware. Chinese cyberespionage is reported against Iran. The persistence of nuisance-level hacktivism. Robert M. Lee from Dragos outlines pipeline security. Our guest is Yasmin Abdi from Snap on bringing her team up to speed with zero trust. And a side-effect of Russia's war: a drop in paycard fraud. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/11 Selected reading. Bolster Your Company Defenses With Zero Trust Edge (iBoss) CISA Adds One Known Exploited Vulnerability to Catalog (CISA) GE Digital Proficy Historian (CISA) Mitsubishi Electric MELSEC iQ-F, iQ-R Series (CISA) Siemens SINEC INS (CISA) Contec CONPROSYS HMI System (CHS) Update A (CISA) Nozomi Networks Researchers Take a Deep Look into the ICS Threat Landscape (Nozomi Networks) A look at IoT/ICS threats. (CyberWire) DNV's fleet management software recovering from ransomware attack. (CyberWire) DNV says up to 1,000 ships affected by ransomware attack (Computing) Ransomware attack on maritime software impacts 1,000 ships (The Record from Recorded Future News) Chinese Playful Taurus Activity in Iran (Unit 42) Playful Taurus: a Chinese APT active against Iran. (CyberWire) Russian hackers allegedly tried to disrupt a Ukrainian press briefing about cyberattacks (Axios) Russia's Ukraine War Drives 62% Slump in Stolen Cards (Infosecurity Magazine) Annual Payment Fraud Intelligence Report: 2022 (Recorded Future)
Security vulnerabilities in automobiles. CircleCI customers should "rotate their secrets." CISA Director Easterly notes Russian failures, but warns that shields should stay up. Attempted cyberespionage against US National Laboratories. Turla effectively recycles some commodity malware infrastructure. Robert M. Lee from Dragos shares his outlook on ICS for the new year. Our CyberWire Space correspondent Maria Varmazis interviews Diane Janosek from NSA about her research on space-cyber. And the Guardian continues to recover from last month's ransomware attack. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/4 Selected reading. Hitachi Energy UNEM (CISA) Hitachi Energy FOXMAN-UN (CISA) Hitachi Energy Lumada Asset Performance Management (CISA) Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More (Sam Curry) Toyota, Mercedes, BMW API flaws exposed owners' personal info (BleepingComputer) 16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure (SecurityWeek) Ferrari, BMW, Rolls Royce, Porsche and more fix vulnerabilities giving car takeover capabilities (The Record by Recorded Future) CircleCI security alert: Rotate any secrets stored in CircleCI (CircleCI). CircleCI warns of security breach — rotate your secrets! (BleepingComputer) CircleCI Urges Customers to Rotate Secrets Following Security Incident (The Hacker News) CISA director: US needs to be vigilant, ‘keep our shields up' against Russia (The Hill) Exclusive-Russian Hackers Targeted U.S. Nuclear Scientists (Reuters via US News) Notorious Russian Spies Piggybacked on Other Hackers' USB Infections (WIRED) Turla: A Galaxy of Opportunity | Mandiant (Mandiant) Fallout from Guardian cyber attack to last at least a month (ComputerWeekly) State of Ransomware Preparedness (Axio)
A new backdoor, courtesy of the DPRK. The Medibank breach is all over but the shouting (or, all over but the suing and the arresting). Risks and opportunities in telecom's shift to cloud. Cyber risk in healthcare. An assessment of Russian cyber warfare. Robert M. Lee from Dragos assesses the growing value of the ICS security market. Our guest is Cecilia Seiden of TransUnion to discuss their 2022 Consumer Holiday Shopping Report. And it's December, which means…predictions. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/229 Selected reading. Who's swimming in South Korean waters? Meet ScarCruft's Dolphin (ESET) Medibank hackers announce ‘case closed' and dump huge data file on dark web (the Guardian) New details on commercial spyware vendor Variston (Google) Risks and opportunities in telecom's shift to cloud. (CyberWire) Moody's discusses cyber risk in healthcare. (CyberWire) 'Do something:' Ukraine works to heal soldiers' mental scars (AP NEWS) Reformed Russian Cybercriminal Warns That Hatred Spreads Hacktivism (Wall Street Journal) Cybersecurity predictions for 2023. (CyberWire)
CISA releases cross-sector cybersecurity performance goals. Trojans are spreading through scanners. Cyber seed rounds are an exception to a general downtrend in venture investment. Whistleblowing and corporate culture. Storing enterprise secrets. Robert M. Lee from Dragos explains the TSA Pipeline Security Directive. Our guests are Jenny Brinkley from Amazon AWS and Lisa Plaggemier from the National Cybersecurity Alliance with a collaborative educational project. Cyberattacks seen as opportunistic and disconnected from strategy. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/207 Selected reading. Cross-Sector Cybersecurity Performance Goals (CISA) CISA unveils voluntary cybersecurity performance goals (Federal News Network) Sending Trojans via Scanners (Avanan) DataTribe Insights - Q2 2022: Economic Storm Makes Landfall (DataTribe) Ukraine: Russian cyber attacks aimless and opportunistic (SearchSecurity)
A US Executive Order outlines US-EU data-sharing privacy safeguards. CISA, NSA, and the FBI list the top vulnerabilities currently being exploited by China. A look at election security and credit risk to US states. COVID-19-themed social engineering continues. Robert M. Lee from Dragos on securing the food and beverage industry. Carole Theriault interviews Joel Hollenbeck from Check Point Software on threat actors phishing school board meetings. Notes from the hybrid war: Killnet and US state government sites, the prospects of deterrence in cyberspace, and, finally, maybe the most motivated draft evaders in military history. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/194 Selected reading. FACT SHEET: President Biden Signs Executive Order to Implement the European Union-U.S. Data Privacy Framework (The White House) Top CVEs Actively Exploited By People's Republic of China State-Sponsored Cyber Actors (CISA) Government credit risk associated with election risk (CyberWire) Exploiting COVID-19: how threat actors hijacked a pandemic (Proofpoint) Ukraine at D+125: Abandoned tanks and discontented hawks. (CyberWire) Department Press Briefing – October 6, 2022 - United States Department of State (United States Department of State) 2 Russians fleeing military service reach remote Alaska island (Military Times)
GRU operators masquerade as Ukrainian telecommunications providers. Another video game maker is compromised to spread malware. Noberus may be a successor to Darkside and BlackMatter ransomware. Robert M. Lee from Dragos explains Crown Jewel analysis. Our guest is Nathan Hunstad from Code42 with thoughts on insider risk events. Threat actors have their insider threats, too. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/183 Selected reading. Russia-Nexus UAC-0113 Emulating Telecommunication Providers in Ukraine (Recorded Future) Russian Cyberspies Targeting Ukraine Pose as Telecoms Providers (SecurityWeek) Shadowy Russian Cell Phone Companies Are Cropping Up in Ukraine (WIRED) CISA Alert AA22-264A – Iranian state actors conduct cyber operations against the government of Albania. (CyberWire) Iranian State Actors Conduct Cyber Operations Against the Government of Albania (CISA) 2K Games says hacked help desk targeted players with malware (BleepingComputer) 2K Games helpdesk hacked to spread malware to players (TechRadar) Rockstar parent company hacked again as 2K Support sends users malware (Dexerto) ‘Grand Theft Auto VI' leak is Rockstar's nightmare, YouTubers' dream (Washington Post) Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics (Symantec) LockBit ransomware builder leaked online by “angry developer” (BleepingComputer)
PLOT TWIST, Ben joins Dragos' leadership team in Australia and New Zealand and the news is broken LIVE to the CEO and Co-Founder on Episode 22 of Dark Mode!! Rob Lee is an all-round nice guy, pioneering in the industrial cybersecurity community, former U.S. Air Force Cyber Warfare Operations Officer and champion in safeguarding our communities. In this episode, Rob shares his perspective on why industrial control systems and operational technology security is the linchpin for achieving this mission. Time stamps: 00:00 - Introductions 04:14 - Rob serving in the United States Airforce as a Cyber Warfare Officer 09:23 - Future leaning topics and green energy with Malcolm Turnbull 14:35 - Cyber Security for Industrial Infrastructure (ICS/OT) 28:09 - Dragos mission statement to secure civilization and Rob Lees humanitarian views 35:39 - The biggest paradigm shift required to mature the security journey 41:58 - Advice for present and future Chief Security Officers (CSO) 48:49 - Australian critical infrastructure bill Links:
Podcast: Control Loop: The OT Cybersecurity Podcast (LS 26 · TOP 10% what is this?)Episode: CMMC and your industrial environment, plus the five most critical security controls.Pub date: 2022-07-13A cyberattack hits a Ukrainian energy provider. A Chinese-speaking threat actor targets building automation systems. An Iranian steel mill suspends production due to a cyberattack. The US US TSA issues relaxed pipeline cybersecurity directives. A US cybersecurity bill focuses on training. Ian Frist from BlueVoyant joins us to discuss on what CMMC will mean for ICS environments. And in the Learning Lab, Robert M Lee joins us to explain the five critical controls for ICS.Control Loop News Brief.Russian hackers allegedly target Ukraine's biggest private energy firm (CNN) Russian hackers carried out a "cyberattack" on Ukraine's biggest private energy conglomerate in retaliation for its owner's opposition to Russia's war in Ukraine, the firm said Friday.Attacks on industrial control systems using ShadowPad (Kaspersky) In mid-October 2021 Kaspersky ICS CERT researchers uncovered an active ShadowPad backdoor infection on industrial control systems (ICS) in Pakistan.Cyberattack Forces Iran Steel Company to Halt Production (SecurityWeek) One of Iran's major steel companies said Monday it was forced to halt production after being hit by a cyberattack that also targeted two other plants, apparently marking one of the biggest such assaults on the country's strategic industrial sector in recent memory.Iran's steel industry halted by cyberattack (The Jerusalem Post) Predatory Sparrow, a hacktivist group that is little known, took credit for the hacking that halted Iran's steel industry.Iranian steel facilities suffer apparent cyberattacks (CyberScoop) Three Iranian steel companies suffered apparent cyberattacks Monday, claimed a hacktivist group that previously took responsibility for a digital assault on the Iranian train system with wiper malware.Smart Factories Need to Prioritize Cybersecurity (Capgemini) Smart factories are increasingly being utilized by industry as part of the transition toward digitization. Being connected to cloud or the internet, they bring a plethora of communicative advantages. However, this network connection also creates a larger surface area vulnerable to attack via digital means.TSA Eases Pipeline Cybersecurity Rules Issued After Colonial Hack (Wall Street Journal) The Transportation Security Administration is loosening pipeline cybersecurity rules imposed after ...House Passes ICS Cybersecurity Training Bill (SecurityWeek) The House of Representatives has passed the Industrial Control Systems Cybersecurity Training Act.Cyber Yankee exercise hones New England Guard skills to fight digital threats (C4ISRNet) “Whether it's a state or a federal effort, the importance of being prepared to respond to a cyber ...Control Loop Interview.Ian Frist from BlueVoyant joins us to discuss the Cybersecurity Maturity Model Certification from the US Department of Defense and what it means for industrial environments.Ian Frist on LinkedInControl Loop Learning Lab.Robert M. Lee teaches us about the five critical controls for OT cybersecurity.5 Critical Controls for OT CybersecuritySubscribe to the Control Loop Newsletter here with new editions published every month.The podcast and artwork embedded on this page are from CyberWire Inc., which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
A cyberattack hits a Ukrainian energy provider. A Chinese-speaking threat actor targets building automation systems. An Iranian steel mill suspends production due to a cyberattack. The US US TSA issues relaxed pipeline cybersecurity directives. A US cybersecurity bill focuses on training. Ian Frist from BlueVoyant joins us to discuss on what CMMC will mean for ICS environments. And in the Learning Lab, Robert M Lee joins us to explain the five critical controls for ICS. Control Loop News Brief. Russian hackers allegedly target Ukraine's biggest private energy firm (CNN) Russian hackers carried out a "cyberattack" on Ukraine's biggest private energy conglomerate in retaliation for its owner's opposition to Russia's war in Ukraine, the firm said Friday. Attacks on industrial control systems using ShadowPad (Kaspersky) In mid-October 2021 Kaspersky ICS CERT researchers uncovered an active ShadowPad backdoor infection on industrial control systems (ICS) in Pakistan. Cyberattack Forces Iran Steel Company to Halt Production (SecurityWeek) One of Iran's major steel companies said Monday it was forced to halt production after being hit by a cyberattack that also targeted two other plants, apparently marking one of the biggest such assaults on the country's strategic industrial sector in recent memory. Iran's steel industry halted by cyberattack (The Jerusalem Post) Predatory Sparrow, a hacktivist group that is little known, took credit for the hacking that halted Iran's steel industry. Iranian steel facilities suffer apparent cyberattacks (CyberScoop) Three Iranian steel companies suffered apparent cyberattacks Monday, claimed a hacktivist group that previously took responsibility for a digital assault on the Iranian train system with wiper malware. Smart Factories Need to Prioritize Cybersecurity (Capgemini) Smart factories are increasingly being utilized by industry as part of the transition toward digitization. Being connected to cloud or the internet, they bring a plethora of communicative advantages. However, this network connection also creates a larger surface area vulnerable to attack via digital means. TSA Eases Pipeline Cybersecurity Rules Issued After Colonial Hack (Wall Street Journal) The Transportation Security Administration is loosening pipeline cybersecurity rules imposed after ... House Passes ICS Cybersecurity Training Bill (SecurityWeek) The House of Representatives has passed the Industrial Control Systems Cybersecurity Training Act. Cyber Yankee exercise hones New England Guard skills to fight digital threats (C4ISRNet) “Whether it's a state or a federal effort, the importance of being prepared to respond to a cyber ... Control Loop Interview. Ian Frist from BlueVoyant joins us to discuss the Cybersecurity Maturity Model Certification from the US Department of Defense and what it means for industrial environments. Ian Frist on LinkedIn Control Loop Learning Lab. Robert M. Lee teaches us about the five critical controls for OT cybersecurity. 5 Critical Controls for OT Cybersecurity Subscribe to the Control Loop Newsletter here with new editions published every month.
The FBI and MI-5 warn of Chinese industrial espionage. Revelations of Trickbot's privateering role. Russian influence operations target France, Germany, Poland, and Turkey. Chinese APTs target Russian organizations in a cyberespionage effort. Robert M. Lee from Dragos on CISA expanding the Joint Cyber Defense Collaborative. Ben Yelin speaks with Matt Kent from Public Citizen about the American Innovation and Online Choice Act. And who would guess it, but NFT scams are pestering Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/129 Selected reading. Heads of FBI, MI5 Issue Joint Warning on Chinese Spying (Wall Street Journal) FBI and MI5 leaders give unprecedented joint warning on Chinese spying (the Guardian) FBI and MI5 bosses: China cheats and steals at massive scale (Register) FBI director suggests China bracing for sanctions if it invades Taiwan (Washington Post) Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine (Security Intelligence) Trickbot may be carrying water for Russia (Washington Post) Russia Info Ops Home In on Perceived Weak Links (VOA) Targets of Interest | Russian Organizations Increasingly Under Attack By Chinese APTs (SentinelOne) Chinese hackers targeting Russian government, telecoms: report (The Record by Recorded Future) Near-undetectable malware linked to Russia's Cozy Bear (Register) Russia's Cozy Bear linked to nearly undetectable malware (Computing) When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors (Unit 42) NFT scammers see an opportunity in Ukraine donations (The Record by Recorded Future)
Reviewing Russian cyber campaigns in the war against Ukraine, and the complexity of Ukraine's IT Army. ICEFALL advice and reactions. Carole Theriault looks at Hollywood's relationship with VPNs. Robert M. Lee from Dragos provides a rundown on Pipedream. And CISA updates its Cloud Security Technical Reference Architecture. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/120 Selected reading. [Blog] Defending Ukraine: Early Lessons from the Cyber War (Microsoft On the Issues) [Report] Defending Ukraine: Early Lessons from the Cyber War (Microsoft) Russian cyber spies attack Ukraine's allies, Microsoft says (Reuters) Research questions potentially dangerous implications of Ukraine's IT Army (CyberScoop) The IT Army of Ukraine Structure, Tasking, and Ecosystem (Center for Security Studies) CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report (CISA) Industry Reactions to 'OT:Icefall' Vulnerabilities Found in ICS Products (SecurityWeek) Cloud Security Technical Reference Architecture (CISA)
Dragos CEO and founder Robert M. Lee has been talking about cybersecurity risks to critical infrastructure long before threats to utility operators and water plants were making headlines. In this episode of WE'RE IN!, he discusses the ongoing dangers to the grid from nation-state hackers and ransomware gangs, but also the progress the U.S. is making to better secure its most vulnerable assets. And there's also a great conversation about pay transparency that anyone working in infosec will want to hear. A few more reasons to listen:*It's a candid and sobering interview with one of the world's leading experts on industrial cybersecurity.*You might be surprised how Dragos approaches pay transparency, hiring and job interviews. *Better understand how critical infrastructure operators should approach cybersecurity differently from enterprise technology. Key quotes:* "If you are an oil and gas pipeline or a manufacturing company, and you haven't had ransomware scenarios at a board level with an understanding of what you're doing specifically in OT, your liability and your lawsuit is going to be bad."* "One hundred percent of our engineers are in the United States. We don't outsource anything where they're related to our product, because if we're deploying software into nuclear power plants and similar, I'd like control of the supply chain."* "We've been talking about cyber at a presidential, international leader, board level for a long time. But they never knew they needed to differentiate between IT and OT. And now they're realizing all the resources have been spent on the non-revenue generating side of the business and they're going, "Holy crap! What's our OT cybersecurity strategy?" Links:* https://www.dragos.com/* https://www.synack.com/* https://readme.security/
Podcast: Control Loop: The OT Cybersecurity PodcastEpisode: Welcome to Control Loop: Giving back to the OT community.Pub date: 2022-06-01Every two weeks, get the latest in OT news in Control Loop News Brief, an interview featuring a thought leader in the OT space sharing current industry trends, and the Control Loop Learning Lab's educational segment. A companion monthly newsletter is available through free subscription and on the CyberWire's website.Headlines include: Russia's hybrid war against Ukraine. Russian threat actors against industrial control systems. Exploits for Bluetooth Low Energy. Hacktivists claim attacks against Russian ground surveillance robots. New wiper loader. Turla threat actor reconnaissance in Estonian and Austrian networks. Robert M. Lee, CEO of Dragos, talks giving back to the OT community and shares insights on Pipedream malware. Learning Lab has Dragos' Mark Urban and Jackson Evans-Davies talking about the fundamentals of OT cybersecurity.Control Loop News Brief.Continuing expectations of escalation in cyberspace.Microsoft President: Cyber Space Has Become the New Domain of Warfare - Infosecurity MagazineCyber Attacks on Ukraine: Not What You Think | PCMag Warning: threat actor targets industrial systems.US warns energy firms of a rapidly advancing hacking threat - E&E NewsPIPEDREAM: CHERNOVITE's Emerging Malware Targeting Industrial Environments | DragosPipedream Malware: Feds Uncover 'Swiss Army Knife' for Industrial System Hacking | WIREDIndestroyer2 and Ukraine's power grid. Twitter: @ESETresearchIndustroyer2: Industroyer reloaded | WeLiveSecurityRussian hackers tried to bring down Ukraine's power grid to help the invasion | MIT Technology ReviewBluetooth vulnerabilities demonstrated in proof-of-concept.NCC Group uncovers Bluetooth Low Energy (BLE) vulnerability that puts millions of cars, mobile devices and locking systems at riskTesla Hacker Proves a Way of Unlocking Doors, Starting Engine - BloombergCISA and its international partners urge following best practices to prevent threat actors from gaining initial access.Weak Security Controls and Practices Routinely Exploited for Initial Access | CISAHacktivists claim to have compromised Russian-manufactured ground surveillance robots.Did hackers commandeer surveillance robots at a Russian airport?Twitter: @caucasnetPolitically motivated DDoS attack on Port of London Authority website.Twitter: @LondonPortAuthPro-Iran Group ALtahrea Hits Port of London Website by DDoS Attack New loader identified in wiper campaigns.Sandworm uses a new version of ArguePatch to attack targets in Ukraine | WeLiveSecurity Turla reconnaissance detected in Austrian and Estonian networks.Russian hackers perform reconnaissance against Austria, Estonia TURLA's new phishing-based reconnaissance campaign in Eastern Europe SANS ICS Summit is coming to Florida, June 1-9.ICS Security Summit & Training 2022Colonial Pipeline's ransomware attack, one year later.How the Colonial Pipeline attack instilled urgency in cybersecurityOT vulnerabilities as credit risk.Operational Technology Cyberattacks Are a Credit Risk for UtilitiesA Cyber Resilience Pledge. Global CEOs Commit to Collective Action on Cyber Resilience Recent threat intelligence findings from Dragos.Dragos ICS/OT Ransomware Analysis: Q1 2022Control Loop Interview.Robert M. Lee, CEO of Dragos, on giving back to the OT cybersecurity community, the idea behind the Control Loop podcast and newsletter, and his candid thoughts on the Pipedream malware and its creators.Follow Rob on LinkedIn and Twitter.Control Loop Learning Lab.Dragos' Mark Urban and Jackson Evans-Davies on the fundamentals of OT cybersecurity and network architecture.Dragos 2021 ICS Cybersecurity Year in ReviewHow to Build a Roadmap for ICS/OT Cybersecurity: 3 Steps to a Sustainable ProgramManaging External Connections to Your Operational Technology EnvironmentImproving ICS/OT Security Perimeters with Network SegmentationThe podcast and artwork embedded on this page are from CyberWire Inc., which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Costa Rica's healthcare system comes under renewed ransomware attack. Cyber phases of the hybrid war. Charity fraud exploits sympathy for Ukraine. US FBI attributes last year's attack on Boston Children's Hospital to Iran. CISOs surveyed on their challenges (and they're particularly worried about exposure to 3rd-party risk). Robert M. Lee joins us for the launch of the new Control Loop podcast. Josh Ray from Accenture looks at ransomware trends. Razzlekhan and Dutch: a cryptocurrency love song. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/105 Selected reading. Latest cyberattack in Costa Rica targets hospital system (Reuters) Costa Rica's public health agency hit by Hive ransomware (BleepingComputer) Costa Rican Social Security Fund hit with ransomware attack (The Record by Recorded Future) Costa Rica May Be Pawn in Conti Ransomware Group's Bid to Rebrand, Evade Sanctions (KrebsOnSecurity) Ukraine joins its first NATO cyber defense center meeting (TheHill) US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command (Sky News) The FBI Warns of Scammers Soliciting Donations Related to the Crisis in Ukraine (Internet Crime Complaint Center (IC3)) FBI director blames Iran for ‘despicable' attempted cyberattack on Boston Children's Hospital (CNN) Hackers ransom 1,200 exposed Elasticsearch databases (TechTarget) The CISOs Report (Security Current) New York couple accused of laundering $4.5 bln in crypto still in plea talks (Reuters)
Every two weeks, get the latest in OT news in Control Loop News Brief, an interview featuring a thought leader in the OT space sharing current industry trends, and the Control Loop Learning Lab's educational segment. A companion monthly newsletter is available through free subscription and on the CyberWire's website. Headlines include: Russia's hybrid war against Ukraine. Russian threat actors against industrial control systems. Exploits for Bluetooth Low Energy. Hacktivists claim attacks against Russian ground surveillance robots. New wiper loader. Turla threat actor reconnaissance in Estonian and Austrian networks. Robert M. Lee, CEO of Dragos, talks giving back to the OT community and shares insights on Pipedream malware. Learning Lab has Dragos' Mark Urban and Jackson Evans-Davies talking about the fundamentals of OT cybersecurity. Control Loop News Brief. Continuing expectations of escalation in cyberspace. Microsoft President: Cyber Space Has Become the New Domain of Warfare - Infosecurity Magazine Cyber Attacks on Ukraine: Not What You Think | PCMag Warning: threat actor targets industrial systems. US warns energy firms of a rapidly advancing hacking threat - E&E News PIPEDREAM: CHERNOVITE's Emerging Malware Targeting Industrial Environments | Dragos Pipedream Malware: Feds Uncover 'Swiss Army Knife' for Industrial System Hacking | WIRED Indestroyer2 and Ukraine's power grid. Twitter: @ESETresearch Industroyer2: Industroyer reloaded | WeLiveSecurity Russian hackers tried to bring down Ukraine's power grid to help the invasion | MIT Technology Review Bluetooth vulnerabilities demonstrated in proof-of-concept. NCC Group uncovers Bluetooth Low Energy (BLE) vulnerability that puts millions of cars, mobile devices and locking systems at risk Tesla Hacker Proves a Way of Unlocking Doors, Starting Engine - Bloomberg CISA and its international partners urge following best practices to prevent threat actors from gaining initial access. Weak Security Controls and Practices Routinely Exploited for Initial Access | CISA Hacktivists claim to have compromised Russian-manufactured ground surveillance robots. Did hackers commandeer surveillance robots at a Russian airport? Twitter: @caucasnet Politically motivated DDoS attack on Port of London Authority website. Twitter: @LondonPortAuth Pro-Iran Group ALtahrea Hits Port of London Website by DDoS Attack New loader identified in wiper campaigns. Sandworm uses a new version of ArguePatch to attack targets in Ukraine | WeLiveSecurity Turla reconnaissance detected in Austrian and Estonian networks. Russian hackers perform reconnaissance against Austria, Estonia TURLA's new phishing-based reconnaissance campaign in Eastern Europe SANS ICS Summit is coming to Florida, June 1-9. ICS Security Summit & Training 2022 Colonial Pipeline's ransomware attack, one year later. How the Colonial Pipeline attack instilled urgency in cybersecurity OT vulnerabilities as credit risk. Operational Technology Cyberattacks Are a Credit Risk for Utilities A Cyber Resilience Pledge. Global CEOs Commit to Collective Action on Cyber Resilience Recent threat intelligence findings from Dragos. Dragos ICS/OT Ransomware Analysis: Q1 2022 Control Loop Interview. Robert M. Lee, CEO of Dragos, on giving back to the OT cybersecurity community, the idea behind the Control Loop podcast and newsletter, and his candid thoughts on the Pipedream malware and its creators. Follow Rob on LinkedIn and Twitter. Control Loop Learning Lab. Dragos' Mark Urban and Jackson Evans-Davies on the fundamentals of OT cybersecurity and network architecture. Dragos 2021 ICS Cybersecurity Year in Review How to Build a Roadmap for ICS/OT Cybersecurity: 3 Steps to a Sustainable Program Managing External Connections to Your Operational Technology Environment Improving ICS/OT Security Perimeters with Network Segmentation
Russian information operations surrounding the invasion of Ukraine. VMware patches vulnerabilities. F5 BIG-IP vulnerabilities undergoing active exploitation. Texas Department of Insurance clarifies facts surrounding its data incident. Robert M. Lee from Dragos is heading to Davos to talk ICS. Rick Howard speaks with author Chase Cunningham on his book "Cyber Warfare –Truth, Tactics and Strategies”. Robo-calling the Kremlin. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/96 Selected reading. Information Operations Surrounding the Russian Invasion of Ukraine (Mandiant) CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities (CISA) Emergency Directive 22-03 (CISA) Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control (CISA) Threat Actors Exploiting F5 BIG IP CVE-2022-1388 (CISA) CISA Alert AA22-138A – Threat Actors Exploiting F5 BIG-IP CVE-2022-1388. (The CyberWire) Additional facts: TDI data security event (Texas Department of Insurance) This Hacktivist Site Lets You Prank Call Russian Officials (Wired)
In this episode we chat with Robert M. Lee, the Founder and CEO of Dragos, which is an industrial cybersecurity company that detects and responds to threats in industrial controls systems. Dragos has raised over $360 million and is backed by Blackrock, Koch Disruptive Technologies, Canaan Partners, and others. Robert M. Lee is a recognized pioneer in the industrial security incident response and threat intelligence community. He gained his start in security as a U.S. Air Force Cyber Warfare Operations Officer. He went on to build the industrial community's first dedicated monitoring and incident response class at the SANS Institute. We hope you enjoy the show.
This week, the White House, in collaboration with the Environmental Protection Agency (EPA) and Cybersecurity and Infrastructure Security Agency (CISA), rolled out a one hundred day plan to improve the cybersecurity of country's water treatment systems. This comes a year after an attack on a Florida water treatment facility where hackers unsuccessfully tried to poison the water supply. FOX's Trey Yingst speaks to Robert M. Lee, Founder of cybersecurity firm Dragos, about the White House plan and current threats to our utility providers. Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, the White House, in collaboration with the Environmental Protection Agency (EPA) and Cybersecurity and Infrastructure Security Agency (CISA), rolled out a one hundred day plan to improve the cybersecurity of country's water treatment systems. This comes a year after an attack on a Florida water treatment facility where hackers unsuccessfully tried to poison the water supply. FOX's Trey Yingst speaks to Robert M. Lee, Founder of cybersecurity firm Dragos, about the White House plan and current threats to our utility providers. Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, the White House, in collaboration with the Environmental Protection Agency (EPA) and Cybersecurity and Infrastructure Security Agency (CISA), rolled out a one hundred day plan to improve the cybersecurity of country's water treatment systems. This comes a year after an attack on a Florida water treatment facility where hackers unsuccessfully tried to poison the water supply. FOX's Trey Yingst speaks to Robert M. Lee, Founder of cybersecurity firm Dragos, about the White House plan and current threats to our utility providers. Learn more about your ad choices. Visit megaphone.fm/adchoices
ICS vendors address Log4j vulnerabilities. Regulators and legislators think about addressing issues in the software supply chain. Ransomware gangs were quick to exploit Log4shell. An old, and patched, Windows vulnerability is being exploited by the Malsmoke gang. Social engineering of Google Docs users is up. Mr. Klyshin pleads not guilty. Robert M. Lee from Dragos makes the case for salary transparency. Our guest is George Gerchow from Sumo Logic with new approaches for the modern threat landscape. And call spoofing is making robocalls moderately more plausible. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/4
An update of where things stand with respect to the Log4j vulnerabilities, and a reminder that there are other matters to attend to as well. RSAC postpones its annual security shindig to June, hoping to avoid the COVID. A German court awards pain-and-suffering damages for a data breach. Carole Theriault looks at hiring challenges in cyber. Robert M. Lee from Dragos with insights from his own entrepreneurial journey. And a new start-up seeks to take lemons and make them into lemonade. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/245
The Log4shell vulnerability is trouble, and its remediation isn't going to be quick or easy. In India, Prime Minister Modi's Twitter account was hijacked. Official Brazilian COVID vaccination data bases are stolen and rendered unavailable. Extortionists claim to have taken sensitive, proprietary R&D information from Volvo. Phishing sites appear and vanish in a matter of hours. Rick the Toolman Howard expands his cast of characters. Robert M. Lee from Dragos shines a light on solar storms and risk management. And sentence is passed in a case related to the Kelihos botnet. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/237
Disinformation about a radiation leak that wasn’t. Another warning about Trickbot. The FBI says cybercrime cost victims more than $4.2 billion last year. Investigation and remediation of the SolarWinds and Exchange Server compromises continue. Crypters become a commodity for malware developers. Robert M. Lee from Dragos on lessons from the recent Texas power outages. Our guest is Bob Shaker from Norton Lifelock looking at baddies targeting online gamers. And some people are looking for jobs in all the wrong places. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/52
On the occasion of this, our 200th episode of the Recorded Future podcast, we welcome back our very first guest, Robert M. Lee, CEO of industrial control systems security company Dragos. They recently published their 2020 ICS security year in review report, and Rob joins us to share some of the insights he and his team have gained over the past year, as well as the long term security trends they're tracking.
Podcast: Recorded Future - Inside Security Intelligence (LS 46 · TOP 1.5% what is this?)Episode: 200 The Journey Ahead is the Challenge in ICSPub date: 2021-03-15On the occasion of this, our 200th episode of the Recorded Future podcast, we welcome back our very first guest, Robert M. Lee, CEO of industrial control systems security company Dragos. They recently published their 2020 ICS security year in review report, and Rob joins us to share some of the insights he and his team have gained over the past year, as well as the long term security trends they’re tracking.The podcast and artwork embedded on this page are from Recorded Future, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Recorded Future - Inside Threat Intelligence for Cyber Security
On the occasion of this, our 200th episode of the Recorded Future podcast, we welcome back our very first guest, Robert M. Lee, CEO of industrial control systems security company Dragos. They recently published their 2020 ICS security year in review report, and Rob joins us to share some of the insights he and his team have gained over the past year, as well as the long term security trends they’re tracking.
Threat actors rush to exploit Exchange Server vulnerabilities before victims get around to patching--it’s like a worldwide fire sale. Rick Howard digs into third party platforms and cloud security. Robert M. Lee from Dragos shares insights on the recent Florida water plant event. The US mulls some form of retaliation against Russia for the SolarWinds supply chain campaign, and it will also need to consider how to respond to China’s operations against Exchange Server. (And another Chinese threat actor may have been exploiting SolarWinds late last year.) For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/44
In our increasingly technology dependent world, cybersecurity threats have become an unfortunate feature of our daily lives. So many of us have been victims of identity theft or data breeches. But what happens when the target is an industrial control system like those that control large campuses, industrial operations, or the power grid? In this episode, Dave Whitehead talks about industrial control system cybersecurity with Robert M. Lee, the CEO of Dragos and a leading expert in the fields of industrial security incident response and threat intelligence.
Dragos is an industrial cyber security company.
Well-constructed phishing and smishing are reported out of Tehran. Estimates of SolarWinds compromise insurance payouts. Notes from industry on the convergence of criminal and espionage TTPs. Social engineering hooks baited with greed. Ring patches a bug that could have exposed users’ geolocation (and their reports of crime). Advice on cyber best practices from CISA and NSA. Robert M. Lee has thoughts for the incoming Biden administration. Our guest is Sir David Omand, former Director of GCHQ, on his book, How Spies Think: Ten Lessons in Intelligence. And an ethics officer is accused of cyberstalking. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/10
CISA updates its guidance on Solorigate, and issues an alert that the threat actor may have used attack vectors other than the much-discussed SolarWinds backdoor. Some reports suggest that a widely used development tool produced by a Czech firm may have been compromised. The cyberespionage campaign is now known to have extended to the Department of Justice and the US Federal Courts. Robert M. Lee shares lessons learned from a recent power grid incident in Mumbai. Our guest is Yassir Abousselham from Splunk on how attackers find new ways to exploit emerging technologies. Cyber implications of the Capitol Hill riot. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/4
Cozy Bear’s software supply chain compromise and its massive cyberespionage effort against the US Government and the associated private sector, is still being untangled. But it’s very extensive, very bad, and very tough to remediate. Both CISA and NSA have advice about the incident, and we check in with Robert M. Lee from Dragos for his thoughts. John Pescatore from SANS advocates renewing our focus on information security. Iran may be running a ransomware campaign for influence purposes. The Joker’s Stash criminal souk appears to have taken a hit. And don’t let your guard down during the holidays. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/243
Hidden Cobra inserts Lazarus malware into security management chains. Malsmoke malvertizing doesn’t need exploit kits, anymore. Ransomware operators shift toward social engineering as the ransomware-as-a-service criminal market flourishes. Draft EU data transfer regulations implement the Schrems II decision. Robert M. Lee from Dragos shares a little love for the lesser-known areas of ICS security. Our guest is Greg Smith from CAMI with insights on promoting cyber capabilities at the state level. And the next thing in disinformation? No surprises here: it’s COVID-19 vaccines. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/222
CISA declares a modest but satisfying victory for election security, but cautions that it’s not over yet. Criminal gangs are using election-themed phishbait in malspam campaigns. A new strain of ransomware attacks virtual machines. Robert M. Lee from Dragos on the impact climate change could have on ICS security. Our guest is Kelly White of RiskRecon on healthcare organizations managing risk across extensive third party relationships. And if you wondered if the criminals who offered to securely destroy the data they stole if the victims paid the ransom, well, signs point to “no.” For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/215
Coming up with an idea for Comedic YouTube Web SeriesGeneral approach/process involved with writing the scriptThree-act StructureThinking about character psychology and goalsProduction logistics: Planning, budgeting, venue-scouting, schedulingDifference between Writer, Director, Producer, and Editor rolesYou can find the YouTube Web Series comedy "Low Key" here.