Project Hyphae

Information Security News 7-17-2023

Share This Post

Former Contractor Accused of Remotely Accessing Town’s Water Treatment Facility

Article Link:

  • A federal grand jury has indicted a former contractor operating the town of Discovery Bay, California’s water treatment facility, alleging that he remotely turned off critical systems and could have endangered public health and safety.
  • The former contractor is said to have been an instrumentation and control technician between 2016 and 2022. It is alleged that he planted software that allowed him to gain remote access from a personal device, from which he began uninstalling software from the plant’s main computer hub shortly after resigning.
  • Link to the Department of Justice’s Press Release:

Rogue Azure AD Guests Can Steal Data via Power Apps

Article Link:

  • Guest accounts in Azure AD (AAD) are meant to provide limited access to corporate resources for external third parties where the idea is to enable collaboration without risking too much exposure. However, many organizations may be unknowingly oversharing access to sensitive data with guests.
  • The article highlights that potential data exposure is a two-step process. Michael Bargury, a researcher and CTO of Zenity, will be giving a presentation at Black Hat USA in August which will go deeper into both steps that can lead to exposure through AAD.
  • Step one involves utilizing a default guest account (either given by an organization or spoofed) to gain visibility on Power Apps that have been marked as “shared with everyone” by developers. Step two consists of working around internal Microsoft APIs (and circumventing Power Platform DLP) to reach out directly to the infrastructure behind front-end APIs.

Ransomware Payments on Record-Breaking Trajectory for 2023

Article Link:

  • According to a report from Chainalysis, cryptocurrency-related crime is down by 65% overall, but cryptocurrency crime related to ransomware is on pace for its second largest year ever.
  • Currently, the ransom payment amounts in the first half of 2023 are equivalent to 90% of the total for 2022. It is predicted that bad actors will make around $900 million by the end of 2023.
  • Ransomware gangs leading the pack include BlackBasta, LockBit, ALPHV/Blackcat, and Clop.
  • Link to Chainalysis’ Report:

USB Drive Malware Attacks Spiking Again in First Half of 2023

Article Link:

  • According to a report by Mandiant, malware distributed through USB drives has increased threefold in the first half of 2023 with Chinese-based threat actors primarily using the bugged USBs.
  • While USB attacks require physical access to the target computers to achieve infection, they have unique advantages that keep them both relevant and trending in 2023. These include bypassing security mechanisms, stealth, initial access to corporate networks, and the ability to infect air-gapped systems isolated from unsecured networks for security reasons.
  • The report further highlighted that print shops and hotels tend to be hotspots for USB malware.
  • Link to Mandiant’s Report:

Electrical Grid Stability Relies on Balancing Digital Substation Security

Article Link:

  • Between January and August 2022, there were 101 cyberattacks on electricity-delivering equipment across the United States. The use of systems, such as Ethernet, to transfer information between substations and enterprise systems and an overarching lack of security requirements has produced an environment ripe for bad actors to ravage.
  • Several key points are touched on in the article. These include determining security program ownership and responsibilities, creating a security strategy, staying informed on security vulnerabilities, developing top-down security policies that map to clear goals, establishing a process to enforce said policies, and communicating that risk realistically can’t be completely mitigated.
  • Ultimately, the article suggests that energy organizations should find a balance between reliability and security to ensure that systems remain online and secure from malicious hackers.

CVSS 4.0 Released to Help Assess Real-Time Threat and Impact of Vulnerabilities

Article Link:

  • FIRST, who developed the Common Vulnerability Scoring System (CVSS) has recently announced an updated version of their rating system.
  • Among other potential changes, CVSS 4.0 looks to reinforce the concept that CVSS isn’t a base score, add additional metrics and values, provide enhanced disclosure of impact metrics, an additional focus on OT/ICS/Safety, and more.
  • CVSS 4.0 is currently in a public preview comment period; however, the updated system is set to be officially published and rolled out by October 1, 2023.
  • Link to FIRST’s Update Information:

Creating a Patch Management Playbook: 6 Key Questions

Article Link:

  • As cyberattacks continue to grow, organizations face increased pressure to protect their assets and close the software vulnerability gap. Unfortunately, many organizations still struggle to get patch management right.
  • Now, more than ever, having the right patch management playbook (or strategy) is crucial to protecting data, employees, partners, and the broader business. Despite this need, a variety of factors, such as organization size, hinder patch management efforts.
  • This article looks at six key questions to consider when developing or reviewing a patch management strategy. These include identifying which updates should be installed first, determining how updates can be tested prior to being sent to production, outlining how many updates should be installed at once, determining how change management can be easier, developing how updates can be safely deployed, and outlining how the success of the playbook can be gauged.

5 Ways to Prepare a New Cybersecurity Team for a Crisis

Article Link:

  • Responding to a security crisis can be a challenge for most cybersecurity teams. It can be doubly so for a team with relatively new or inexperienced security professionals.
  • Amid a crisis, technical mistakes, communication breakdowns, and other issues can worsen the effects of a potential incident. As such, it is vital to have an outlined process that mixes theoretical knowledge with hands-on experience.
  • The article highlights five key steps to alleviate some of the chaos during an incident. These include establishing foundational organizational knowledge, defining what a crisis (or incident) looks like and developing playbooks around possible scenarios, creating an incident response plan, testing said plan and playbooks through training and tabletops, and leveraging additional immersive training courses and experiences.
  • Link to FRSecure’s Resources:

Reach out to our incident response team for help

More To Explore

Information Security News 9-18-2023

Iranian Cyberspies Target Thousands of Organizations with Password Spray Attacks Article Link: Requests via Facebook Messenger Lead to Hijacked Business Accounts Article Link:

Information Security News 9-11-2023

University of Michigan Requires Password Resets After Cyberattack Article Link: Attackers Accessed UK Military Data Through High-Security Fencing Firm’s Windows 7 Rig Article Link:

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.