CISA ICS Advisory: goTenna Pro ATAK Plugin
The company, goTenna, provides mobile mesh networking capabilities, including off-grid capabilities. First responders may need these kinds of capabilities for emergency communications, geolocation, navigation, and other response activities that are enhanced by mobile networked technologies.
The Team Awareness Kit (TAK) is deployed by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) to support the complex communication and coordination needs of a multi-jurisdictional incident response. This software provides geospatial information and user collaboration over geography. ATAK, or Android Team Awareness Kit, is the version of TAK for Android mobile devices.
On Sept. 26, CISA posted an Industrial Control System (ICS) Advisory that outlines security vulnerabilities of the goTenna Pro Plugin for ATAK. If your agency is using goTenna Pro software and/or ATAK software, please review and implement the suggested mitigation options in this advisory.
(Source: CISA)
More LockBit hackers arrested, unmasked as law enforcement seizes servers
Europol, the UK and the US have all issued press releases in addition to the announcements made on the former LockBit sites. Europol announced new law enforcement actions, including the arrest of an alleged LockBit developer at the request of France while he was vacationing outside of Russia, and the arrests of two individuals in the UK for supporting the activity of a LockBit affiliate.
In Spain, police arrested the alleged administrator of a bulletproof hosting service, which enabled authorities to seize nine servers that were part of LockBit infrastructure. The suspect, authorities say, “was one of the main facilitators of infrastructure for LockBit”, and the information they obtained will be useful for prosecuting core members and affiliates of the cybercrime enterprise.
The most important announcement, however, is related to the unmasking of a Russian national, who authorities say is not only a LockBit affiliate, but also a member of Evil Corp, the infamous profit-driven cybercrime organization that may have also run cyberespionage operations on behalf of the Russian government.
The US Justice Department on Tuesday announced charges against the Russian national, but not for LockBit attacks. Instead, he has been charged over BitPaymer ransomware attacks.
According to government agencies, the LockBit operation hit over 2,500 entities across more than 120 countries.
(Source: Security Week)
Hawaii health center discloses data breach after ransomware attack
Local media reported in May that it took the Maui healthcare organization more than two weeks to reopen after experiencing “major computer problems”.
In June, the notorious LockBit ransomware group took credit for the attack on the Community Clinic of Maui.
The organization last week published a data breach notice on its website, informing customers that it detected a cybersecurity incident on May 7 and later determined that the attackers may have stolen personal data between May 4 and May 7. The organization has told the Maine Attorney General’s Office that the incident impacts 123,882 individuals.
It’s unclear if the LockBit ransomware group has made the stolen information available on its leak website.
Operations of the LockBit group were disrupted by law enforcement earlier this year and the gang’s alleged leader has been unmasked.
(Source: Security Week)
City of Killeen touts response to ransomware attack
The Killeen City Council heard a presentation Tuesday on an after-action report on the Aug. 7 “incident” in which the city of Killeen, Texas, touted what officials considered a successful recovery from the cyberattack.
Executive Director of Information Technology Willie Resto gave the presentation and said that the issues were resolved within 36 hours.
The ransomware attack, first reported on Aug. 8 and publicly acknowledged by the city of Killeen on the same day, impacted services related to utility collections, police records and electronic employee timekeeping. The BlackSuit hackers, who claimed responsibility for the hack, gained access to the city of Killeen’s systems on July 30th and weren’t detected until Aug. 7 when an airport worker could not clock in, Resto said.
“We can’t confirm with certainty of how the initial attack was comprised,” Resto said. “We can speculate that it was a result of pfishing or brute force.”
Resto said the City Council’s approval of backup systems is, “what saved us.” Neither the city of Killeen nor its insurance had paid any ransom.
BlackSuit is a new iteration of Royal Ransomware, which was responsible for the hack on the city of Dallas, ultimately costing the city as much as $8.6 million, according to the Dallas Morning News. On Aug. 7, the same day as the ransomware attack on the city of Killeen, the FBI and Cybersecurity and Infrastructure Security Agency released a joint statement announcing the rebranding of Royal ransomware as BlackSuit.
(Source: Killeen Daily Herald)
Securing Cities: The Fight Against Local Level Cyberthreats
Imagine waking up to news of a city plunged into chaos. The water supply has been disrupted, emergency services are offline, and local transportation is at a standstill. A ransomware attack has crippled local government, holding critical infrastructure hostage. Sensitive personal data, from Social Security numbers to medical records, are at risk of being leaked to criminal organizations. Citizens wonder what they should do and how long it will take for their community to recover. This is not a hypothetical scenario but a stark reality that cities across the country face.
The growing threat of cyberattacks on state and local governments emphasizes the need for comprehensive, robust cybersecurity measures, and preparedness.
Read the full article in Domestic Preparedness for an overview of notable cyberattacks targeting state and local governments in the last 8 years; common vulnerabilities in government systems; and tools and actions to improve a government agency’s cybersecurity posture.
The article cites several alliances that various state and local governments are currently using to collaborate with each other to increase information sharing and threat awareness. It reviews the crucial role of public-private partnerships, but notes that it takes money to sustain these alliances and partnerships. The article cites several funding sources that state and local governments can use to increase their cyber resilience.
(Source: Domestic Preparedness)
|
