Mandiant ties OT attacks to Sandworm. Russia-linked hackers target Texas water utilities. Belarusian hacktivists hit fertilizer company. CISA issues eight ICS advisories. Dave Bittner's Caveat podcast co host Ben Yelin joins him to discuss pending legislation with potential to affect critical infrastructure, as well as the Department of Energy’s assessment of the potential risks and rewards from AI. The Learning Lab is on a hiatus this episode, and will be returning soon!
Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm (Mandiant)
Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow (SecurityWeek)
Belarusian hackers claim to breach fertilizer plant in retaliation for support of Lukashenko regime (The Record)
CISA Releases Eight Industrial Control Systems Advisories (CISA)
Host Dave Bittner and his co host from the Caveat podcast on the N2K CyberWire network, Ben Yelin, share some discussion about pending legislation with potential to affect critical infrastructure, and Department of Energy’s assessment of the potential risks and rewards from AI.
Links to articles:
The Learning Lab is on a break and will be back soon. Stay tuned.
Please take a moment to fill out our super quick survey. It’s only 5 short questions. Thanks!
A companion monthly newsletter is available through free subscription and on N2K Networks website.
Chinese-manufactured devices in US networks see a 41% YoY increase. Ukraine-linked hackers deploy ICS malware against Russian infrastructure company. A look at cyberattacks that had physical consequences in 2023. Lessons from NERC’s GridEx exercise. Extension requested for comment period on CISA’s incident reporting rule. Guest Kate Ledesma, Senior Director Government Affairs at Dragos, talks about the Cybersecurity Incident Reporting for Critical Infrastructure Proposed rule (CIRCIA). The Learning Lab returns has part 2 of Mark Urban and Josh Hanrahan's discussion adversary hunting and VOLTZITE (aka Volt Typhoon).
“All your base are belong to us” – A probe into Chinese-connected devices in US networks (Forescout)
Unpacking the Blackjack Group's Fuxnet Malware (Claroty)
2024 Threat Report – OT Cyberattacks with Physical Consequences (Waterfall)
GridEx VII: Lessons Learned Report (NERC)
US Chamber of Commerce, industry groups call for 30-day delay in CIRCIA rules (The Record)
Guest Kate Ledesma, Senior Director Government Affairs at Dragos, discussing Cybersecurity Incident Reporting for Critical Infrastructure Proposed rule (CIRCIA).
On the Learning Lab segment, listen to Dragos’ Mark Urban talking with Josh Hanrahan, Principal Adversary Hunter at Dragos, in part two of their discussion on adversary hunting and VOLTZITE (aka Volt Typhoon).
Resources:
VOLTZITE Threat Group’s Under the Radar Cyber Espionage on U.S. Critical Systems.
The 5 Critical Controls for ICS/OT Cybersecurity – SANS webinar.
Please take a moment to fill out our super quick survey. It’s only 5 short questions. Thanks!
A companion monthly newsletter is available through free subscription and on N2K Networks website.
Sellafield nuclear waste site to be prosecuted for alleged cybersecurity failings. CISA issues draft proposal for cyber incident reporting by critical infrastructure entities. Threat actor targets Indian government and energy entities. Suspicious NuGet package appears to target developers in the industrial sector. Guest Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, shares their CIRCIA Notice of Proposed Rulemaking. The Learning Lab returns! Mark Urban and Josh Hanrahan discuss adversary hunting.
Sellafield nuclear waste dump to be prosecuted for alleged cybersecurity offences (The Guardian)
Sellafield nuclear site hacked by groups linked to Russia and China (The Guardian)
CISA releases draft rule for cyber incident reporting (CyberScoop)
Operation FlightNight: Indian Government Entities and Energy Sector Targeted by Cyber Espionage Campaign (EclecticIQ)
Suspicious NuGet package grabs data from industrial systems (ReversingLabs)
Guest is Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA. Eric shares their CIRCIA Notice of Proposed Rulemaking that goes into effect this week.
The Learning Lab is back! On today’s segment, listen to Dragos’ Mark Urban talking with Josh Hanrahan, Principal Adversary Hunter at Dragos, in part one of their discussion on adversary hunting and VOLTZITE (aka Volt Typhoon).
Resources:
Please take a moment to fill out our super quick survey. Thanks!
A companion monthly newsletter is available through free subscription and on N2K Networks website.
Researchers discover a way to hijack web-based PLCs. Threat actor targets manufacturing entities in North America. US Department of Defense launches CORA program. CISA issues ICS advisories. Guest Aura Sabadus, Senior Journalist at ICIS, joins us to discuss how energy insiders are approaching the renewed risks of China's ramp up toward potential attacks on critical infrastructure and what the energy industry is saying about these risks. The Learning Lab is taking a break and will return soon. Stay tuned.
Critical Infrastructure Systems Are Vulnerable to a New Kind of Cyberattack (Georgia Tech)
Blind Eagle's North American Journey (eSentire)
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (Trend Micro)
JFHQ-DODIN Officially Launches its New Cyber Operational Readiness Assessment Program (US Department of Defense)
CISA Releases Fifteen Industrial Control Systems Advisories (CISA)
Guest Aura Sabadus, Senior Journalist at ICIS, joins us to discuss how energy insiders are approaching the renewed risks of China's ramp up toward potential attacks on critical infrastructure and what the energy industry is saying about these risks.
The Learning Lab is on break and will return in the near future. Stay tuned.
Please take a moment to fill out our super quick survey. Thanks!
A companion monthly newsletter is available through free subscription and on N2K Networks website.
NIST releases Cybersecurity Framework 2.0. Biden administration issues executive order on maritime cybersecurity. Suspected Chinese threat actor continues to exploit Ivanti vulnerabilities. ThyssenKrupp sustains ransomware attack. Guests Liz Martin, Global Advisory Solution Architect at Dragos, and Blake Benson, Senior Director at ABS Group, talk through the latest Maritime Executive Order. The Learning Lab is taking a break and will return soon. Stay tuned.
NIST Releases Version 2.0 of Landmark Cybersecurity Framework (NIST)
On-the-Record Press Call on the Biden-Harris Administration Initiative to Bolster the Cybersecurity of U.S. Ports (The White House)
Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts (Mandiant)
German Steelmaker Thyssenkrupp Confirms Ransomware Attack (SecurityWeek)
Guests Liz Martin, Global Advisory Solution Architect at Dragos, and Blake Benson, Senior Director at ABS Group, talk through the latest Maritime Executive Order. For more information, review the Executive Order on Amending Regulations Relating to the Safeguarding of Vessels, Harbors, Ports, and Waterfront Facilities of the United States and White House’s FACT SHEET: Biden-Harris Administration Announces Initiative to Bolster Cybersecurity of U.S. Ports.
The Learning Lab is on break and will return in the near future. Stay tuned.
Please take a moment to fill out our super quick survey. Thanks!
A companion monthly newsletter is available through free subscription and on N2K Networks website.
Five Eyes publish report on Volt Typhoon. Volt Typhoon targets emergency management services in the US. Siemens and Schneider Electric issue patches. Guest is Magpie Graham, Principal Adversary Hunter Technical Director at Dragos, sharing the findings of Dragos Cybersecurity Year in Review report. The Learning Lab segment will return next episode.
PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure (CISA)
VOLTZITE Espionage Operations Targeting U.S. Critical Systems (Dragos)
ICS Patch Tuesday: Siemens Addresses 270 Vulnerabilities (SecurityWeek)
Guest Magpie Graham, Principal Adversary Hunter Technical Director at Dragos, reviews the key findings of Dragos’ Cybersecurity Year in Review report. You can download a copy of the report here.
The Learning Lab segment will return next episode.
Please take a moment to fill out our super quick survey. Thanks!
A companion monthly newsletter is available through free subscription and on N2K Networks website.
Volt Typhoon targets US critical infrastructure. Ransomware attacks in the OT sector. Ransomware attack against Johnson Controls cost $27 million. Bill would add ICS security to President’s Cup Cybersecurity Competition. Guest is Dragos CEO and Founder Robert M. Lee from the hearing before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection on February 6, 2024. We share Rob’s opening statement before the committee. On the Learning Lab, we have the concluding part of a 2-part discussion on building community in OT that Dragos Mark Urban had with Dragos Strategic Accounts Director Sam Van Ryder.
Exclusive: US disabled Chinese hacking network targeting critical infrastructure (Reuters)
Wray warns Chinese hackers are aiming to 'wreak havoc' on U.S. critical infrastructure (NPR)
Dragos Industrial Ransomware Analysis: Q4 2023 (Dragos)
The Crisis of Convergence: OT/ICS Cybersecurity 2023 (TXOne Networks)
Johnson Controls says ransomware attack cost $27 million, data stolen (BleepingComputer)
Schneider Electric confirms it was hit by ransomware attack (Silicon Republic)
Energy giant Schneider Electric hit by Cactus ransomware attack (BleepingComputer)
Treasury Sanctions Actors Responsible for Malicious Cyber Activities on Critical Infrastructure (OFAC)
US House Energy Subcommittee holds hearing on safeguarding drinking water infrastructure from cyberattacks (Industrial Cyber)
Senate HSGAC Approves Cyber, Software Bills (Meritalk)
Dragos CEO and Founder Robert M. Lee testified at the hearing before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection on February 6, 2024. We share Rob’s opening statement before the committee. The purpose of the hearing was to discuss threats to water and wastewater ICS/OT systems in the U.S. that have the potential to disrupt operations and pose safety risks and examine the steps needed to secure operational technology in the water sector.
Read the press release. Watch the video of the hearing: Securing Operational Technology: A Deep Dive into the Water Sector.
On the Learning Lab, Mark Urban is joined by Dragos Strategic Accounts Director Sam Van Ryder to conclude their discussion of building community in OT. Learn more about Hou.Sec.Con. Learn more about the Dragos Community Defense Program which provides free access to Dragos OT cybersecurity technology for qualifying utility providers to better protect their communities from potentially destructive cyber attacks.
Please take a moment to fill out our super quick survey. Thanks!
A companion monthly newsletter is available through free subscription and on N2K Networks website.
An analysis of cyberattacks against Danish energy infrastructure. US government outlines threats posed by Chinese-manufactured drones. Vulnerability in Bosch thermostats. OIG says CISA needs to improve collaboration with the water sector. Guests Mark Stacey of Dragos and Charles Kano from WestCap discuss cyber insurance as an important part of your organization's security plan. On the Learning Lab, we have the first part of a 2-part discussion on building community in OT that Dragos Mark Urban had with Dragos Strategic Accounts Director Sam Van Ryder.
CISA needs better collaboration with the EPA and water sector, watchdog says (Nextgov)
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure (Dark Reading)
Israeli Ports Hit in Cyberattack: Anonymous Sudan Takes Credit (The Cyber Express)
Clearing the Fog of War: A Critical Analysis of Recent Energy Sector Attacks in Denmark and Ukraine (Forescout)
Cybersecurity Guidance: Chinese-Manufactured UAS (CISA)
Vulnerabilities identified in Bosch BCC100 Thermostat (Bitdefender)
On this episode, we are joined by Mark Stacey of Dragos and Charles Kano from WestCap discussing cyber insurance as an important part of your organization's security plan.
On the Learning Lab, Mark Urban is joined by Dragos Strategic Accounts Director Sam Van Ryder to discuss building community in OT. Learn more about Hou.Sec.Con. Learn more about the Dragos Community Defense Program which provides free access to Dragos OT cybersecurity technology for qualifying utility providers to better protect their communities from potentially destructive cyber attacks.
Please take a moment to fill out our super quick survey. Thanks!
A companion monthly newsletter is available through free subscription and on N2K Networks website.
Responses to Aliquippa water authority attack. Predatory Sparrow disrupts Iran’s gas stations. MITRE launches a threat model for critical infrastructure embedded devices. Guest Dawn Cappelli, Head of Dragos's OT-Cyber Emergency Readiness Team shares details about the launch of Dragos’s free community initiative to protect small utilities that serve majority of Americans. Learn more about the Dragos Community Defense Program that includes Dragos Platform and Neighborhood Keeper. On the Learning Lab, we have the final part of the 3-part discussion on building automation systems that Dragos Mark Urban had with colleagues Daniel Gaeta and Zach Spencer.
States and Congress wrestle with cybersecurity after Iran attacks small town water utilities (AP)
A suspected cyberattack paralyzes the majority of gas stations across Iran (AP)
Iran petrol stations hit by cyberattack, oil minister says (Reuters)
Israel-linked group claims cyberattack that shut down 70% of Iran’s gas stations (The Times of Israel)
Energy Department offers $70 million in funding for cybersecurity research.
Energy Department has cyber threats to infrastructure in mind with $70 million funding offer (FedScoop)
Homeland Threat Assessment 2024 (DHS)
Guest Dawn Cappelli, Dragos's Head of OT-Cyber EmergencyReadiness Team, joins us this episode to discuss the launch of free community initiative to protect small utilities that serve majority of Americans. Learn more about the Dragos Community Defense Program that includes Dragos Platform and Neighborhood Keeper.
On the Learning, Mark Urban is back with part 3 of his discussion on building automation systems with Dragos' Daniel Gaeta, ICS/OT Cybersecurity Senior Solutions Architect, and Zach Spencer. Senior Enterprise Account Executive.
A companion monthly newsletter is available through free subscription and on N2K Networks website.
Rockwell Stratix routers vulnerable to Cisco zero-day. SecurityWeek’s ICS Cyber Security Conference. Malware attacks against IoT devices increase by 400%. Nuclear power plant operator cited over cybersecurity plan. CISA’s ICS advisories. Guest Garrett Bladow, Distinguished Engineer at Dragos, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Garrett discusses active visibility into OT systems. On the Learning Lab, Mark Urban shares the second part of his conversation about cyber threat intelligence with Paul Lukoskie, who is Dragos’ Director of Intelligence Services.
PN1653 | Stratix® 5800 & 5200 vulnerable to Cisco IOS XE Web UI Privilege Escalation (Active Exploit) (Rockwell Automation)
2023 ICS Cybersecurity Conference (SecurityWeek)
Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report (Zscaler)
UK Cites Nuclear Plant Operator Over Cybersecurity Strategy (Silicon UK)
Dragos and Rockwell Automation Strengthen Industrial Control System Cybersecurity for Manufacturers with Expanded Capabilities (Business Wire)
CISA Releases Two Industrial Control Systems Advisories (CISA)
Hitachi Energy’s RTU500 Series Product (Update B) (CISA)
CISA Releases Nine Industrial Control Systems Advisories (CISA)
Guest is Garrett Bladow, Distinguished Engineer at Dragos, discussing active visibility into OT systems.
On the Learning Lab, Mark Urban is joined by Dragos’ Director of Intelligence Services, Paul Lukoskie, for part two of their discussion on cyber threat intelligence.
A companion monthly newsletter is available through free subscription and on the CyberWire's website.
Iranian hacktivists hit Pennsylvania water utility. Attacks against water systems are an instance of a larger threat. Supply chain vulnerabilities in the electrical sector. Guest Nick Sanna of the FAIR Institute and Safe Security talks about the challenges the White House faces in attempting to harmonize critical infrastructure regulations. The Learning Lab has part 2 of the 3-part discussion on building automation systems that Dragos Mark Urban had with colleagues Daniel Gaeta and Zach Spencer.
Municipal Water Authority of Aliquippa hacked by Iranian-backed cyber group (CBS News)
Iranian-Linked Cyber Army had Partial Control of Aliquippa Water System (BeaverCountian)
A hack in hand is worth two in the bush (Securelist)
How cybersecurity teams should prepare for geopolitical crisis spillover (CSO)
Iran-Backed Cyber Av3ngers Escalates Campaigns Against U.S. Critical Infrastructure (SentinelOne)
Anti-Israel hacking campaign highlights danger of internet-connected devices (CyberScoop)
China’s cyber army is invading critical U.S. services (Washington Post)
A Software Supply Chain Dependent on Adversaries (Fortress)
Guest Nick Sanna of the FAIR Institute and Safe Security details the challenges the White House faces in attempting to harmonize critical infrastructure regulations.
On the Learning, Mark Urban is back with part 2 of 3 of his discussion on building automation systems with Dragos' Daniel Gaeta, ICS/OT Cybersecurity Senior Solutions Architect, and Zach Spencer. Senior Enterprise Account Executive.
A companion monthly newsletter is available through free subscription and on N2K Networks website.
Your feedback is valuable to us. Should you encounter any bugs, glitches, lack of functionality or other problems, please email us on [email protected] or join Moon.FM Telegram Group where you can talk directly to the dev team who are happy to answer any queries.