Fixing Hacks Has Deadly Impact on Hospitals

This is a truly sobering report and points to the need for focused planning and preparation when considering cyber threats in critical industries.  Hospitals can be viewed as microcosms of a larger threat.  If critical infrastructure was significantly hampered due to an attack and the response was slow or inadequate, we could see injury and death on a truly massive scale at the local, regional or even national level.

https://www.darkreading.com/endpoint/privacy/fixing-hacks-has-deadly-impact-on-hospitals/d/d-id/1331386

UVA Defeats UMBC, in Stunning Upset

Revenge is certainly a dish best served cold!  In all seriousness, these types of competitions are so valuable in terms of growing and fostering strong cybersecurity talent.  Congrats to UVA, UMBC and all the schools working hard to educate the next generation of IT security talent!

https://www.darkreading.com/careers-and-people/uva-defeats-umbc-in-stunning-upset/a/d-id/1331379

Atlanta Struggling to Recover from Ransomware Infection Days After Attack

Atlanta continues to struggle in the aftermath of their ransomware attack.  The timing for the city is difficult in the wake of the NCAA basketball tournament.  This article is interesting in that officials are speaking concerning the attackers.  I look forward to more details down the road.

https://www.tripwire.com/state-of-security/latest-security-news/atlanta-struggling-to-recover-from-ransomware-infection-days-after-attack/

City of Atlanta IT Systems Shut Down by SamSam Ransomware. Demand Is $51K To Decrypt

Ransomware is far from dead and is still a significant threat to all organizations with sensitive data they cannot live without.  The City of Atlanta is suffering a compromise as we speak.  Please make sure you have addressed this threat.  Have a tested and viable backup of your key data in place.  Make sure you can recover quickly after an incident.  Run some form of DNS-based content filtering.  Consider non-signature based advanced malware protection.  Most importantly, train your employees and associates!

https://www.infosecurity-magazine.com/news/atlanta-city-ransomware/

https://www.welivesecurity.com/2018/03/23/city-of-atlanta-computers-held-hostage-in-ransomware-attack/

https://blog.knowbe4.com/city-of-atlanta-it-systems-shut-down-by-samsam-ransomware

AMD Acknowledges Vulnerabilities, Will Roll Out Patches in Coming Weeks

We are a week removed from the announcement from CTS Labs concerning the very serious vulnerabilities discovered in the Ryzen and EPYC chipsets from AMD.  AMD has acknowledged these vulnerabilities and is working toward patches and mitigation methods.  There are 13 vulnerabilities in total and several are software/firmware related, while at least one is hardware related and specific to support for the core processor.

I am including an article from ThreatPost as well as a link to the source material from CTS Labs.  CTS Labs has been extremely thorough in their explanations of these vulnerabilities and related media coverage.  Educate yourself and be prepared to patch and remediate your environment and those of your customers if these chips are present and in production.

https://threatpost.com/amd-acknowledges-vulnerabilities-will-roll-out-patches-in-coming-weeks/130593/

https://amdflaws.com/

Russian APT Compromised Cisco Router in Energy Sector Attacks

The phrase I think you need to focus on in this article is “end of life”.  The Cisco router in question was end of life and therefore no longer capable of receiving security updates or patches*.  No level of diligence by downstream corporations or government agencies can defend against upstream entities running out of date and indefensible network components…or can they?  A mandatory vulnerability scan or penetration test against the vendor network in question would have revealed this weakness.

Two pieces of advice this morning:

  1. Maintain your hardware and software investments.  IT spends are not forever.  Hardware must be updated on a regular basis based on manufacturer support standards.  Software must be upgraded and regularly patched.  Do not roll the dice.  They always eventually come up snake eyes.
  2. Hold your vendors to a reasonable IT security standard.  Require and review periodic testing.  build enforceable language into your contracts and SLA’s.  You are only as strong as the weakest link in your supply chain!

https://www.darkreading.com/endpoint/privacy/russian-apt-compromised-cisco-router-in-energy-sector-attacks/d/d-id/1331306

*Point of clarification – Thank you to @MrJeffMan for reminding me that “end of life” technically means that patches and updates are no longer being developed.  Previously developed updates can be applied and special (often expensive) extended support options are often available for purchase.