Cyberscoop reports
A joint federal advisory Wednesday says that foreign government-linked hackers are targeting specific industrial processes with tools meant to breach and disrupt them, with one cybersecurity firm noting that the prospective intruders demonstrate an unprecedented “breadth of knowledge” about industrial control systems.
The alert arrives one day after Ukrainian officials and a cyber firm discussed deflecting another ICS-targeting malware that attempted to shut down power in Ukraine. “ICS” is a term that encompasses a number of systems that are especially common in the energy and manufacturing sectors, including a variety known as supervisory control and data acquisition (SCADA).
Cybersecurity company Dragos, which aided in Wednesday’s alert, said it had named the advanced persistent threat (APT) group behind the tools Chernovite, and named the tools themselves Pipedream. Dragos said one potential use of the tools would be to disable an emergency shutdown system. Mandiant, which also aided in the alert, said the malware posed the greatest risk to Ukraine and other nations responding to the Russian invasion.
It’s helpful to know where the Russians are focusing their cyberattack. The latest Bleeping Computer’s Ransomware Week adds “The tables have turned with the NB65 hacking group modifying the leaked Conti ransomware to use in attacks on Russian entities.”
On the other hand, STAT News tells us,
Ransomware is no longer a threat reserved for only the largest health institutions. Small and rural providers are also getting hit with a wave of attacks, in some cases forcing them to resort to pen-and-paper record keeping to continue serving patients. “We were woefully unprepared,” said John Gaede, director of information services at Sky Lakes Medical Center in rural Oregon. The health system was hit with an attack in October 2020, just as it was responding to its first local surge of Covid cases, making a tough situation nearly impossible to manage.
Such attacks not only create logistical challenges, but also cut off access to electronic medical histories needed to safely care for patients. Read the full story from Marion Renault.
This past week, the Cybersecurity and Infrastructure Security Agency added nine new vulnerabilities to its catalog. CISA explains
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.
From the cybersecurity business front, Cybersecurity Dive informs us,
Kaseya, an IT security and remote monitoring firm, said Monday it will buy Datto for $6.2 billion cash. The deal comes about nine months after Kaseya was hit by a major ransomware and supply chain attack that targeted the company’s small- and medium-size customers.
The price tag is being funded by an equity consortium, led by Insight Partners, along with significant participation from TPG and Temasek, as well as other firms, including Sixth Street. The agreement represents a 52% premium to Datto’s stock price of $23.37 as of March 16th.
Also on Monday, software investment firm Thoma Bravo announced it struck a $6.9 billion deal for identity management firm SailPoint Technologies Holdings and will take the firm private. SailPoint stockholders will receive $65.25 per share in cash, a 48% premium above the 90-day volume weighted average price. However, the deal has a special “go-shop” provision that allows the board to seek higher bids until May 16th.
From the cyberdefenses front —
- Federal News Network offers a transcript of an expert conversation about the Administration’s “signature cybersecurity initiative, namely to get every agency to move to zero trust systems architectures.”
- Cybersecurity Dive stresses the importance of any HIPAA-covered business going well beyond the minimum HIPAA privacy and security rule standards.
- Security Week reviews necessary cyberdefenses in the healthcare context.
- Another Security Week article recommends that the good guys think like hackers in order to improve their cyberdefenses.