Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label US Cybersecurity. Show all posts

CISA Investigates Sisense Breach: Critical Infrastructure at Risk

 

In the fast-paced landscape of cybersecurity, recent events have once again brought to light the vulnerabilities that critical infrastructure organizations face. The breach of data analytics company Sisense, under investigation by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), serves as a stark reminder of the importance of robust security measures in protecting sensitive data and systems. 

Sisense, a prominent American business intelligence software company, found itself at the center of a security incident impacting not only its own operations but also critical infrastructure sector organizations across the United States. 

With offices in New York City, London, and Tel Aviv, and a clientele including major players like Nasdaq, ZoomInfo, Verizon, and Air Canada, the breach sent shockwaves through the cybersecurity community. CISA's involvement underscores the severity of the situation, with the agency actively collaborating with private industry partners to assess the extent of the breach and its implications for critical infrastructure. 

As investigations unfold, the focus is on understanding the nature of the compromise and mitigating potential risks to affected organizations. In response to the breach, CISA has issued recommendations for all Sisense customers to reset any credentials and secrets that may have been exposed or used to access the company's platform and services.

This proactive measure aims to prevent further unauthorized access and protect sensitive information from exploitation. Sisense's Chief Information Security Officer, Sangram Dash, echoed CISA's advice in a message to customers, emphasizing the importance of promptly rotating credentials used within the Sisense application. This precautionary step aligns with best practices in cybersecurity, where rapid response and mitigation are essential to minimizing the impact of security incidents. 

Additionally, customers are urged to report any suspicious activity related to potentially exposed credentials or unauthorized access to Sisense services to CISA. This collaborative approach between organizations and government agencies is crucial in addressing cybersecurity threats effectively and safeguarding critical infrastructure from harm. The incident involving Sisense is not an isolated event. 

Similar supply chain attacks have targeted critical infrastructure organizations in the past, highlighting the need for heightened vigilance and resilience in the face of evolving cyber threats. One such attack, involving the 3CX breach a year ago, had far-reaching consequences, impacting power suppliers responsible for generating and distributing energy across the grid in the United States and Europe. 

As organizations grapple with the aftermath of the Sisense breach, lessons learned from this incident can inform future cybersecurity strategies. Proactive measures such as continuous monitoring, regular security assessments, and robust incident response plans are essential for mitigating risks and protecting critical infrastructure assets. 

The Sisense breach serves as a wake-up call for the cybersecurity community, emphasizing the interconnected nature of cyber threats and the imperative of collaboration in defending against them. By working together and adopting a proactive stance, organizations can bolster their defenses and safeguard critical infrastructure from cyber adversaries.

Schools in California are Taking Precautions to Monitor Potential Cyberattacks

School districts across California and the country are attempting to determine the best ways to lower the risk and safeguard their data and information technology as cyberattacks continue to target educational systems. 

Authorities have implemented additional safeguards such as requiring double authentication for access to data, backup systems, and a shift to cyber insurance. State and federal governments are starting to take action to scrutinize threats in the meantime.

"A cybersecurity crisis will happen in a school system; the question is when." The regional director of the nonprofit K12 Security Information Exchange and cybersecurity expert Doug Levin stated, "It's only a matter of when. Those hazards need to be taken into account in the continuing administration and management of school systems."

San Luis Coastal Unified, which experienced a ransomware assault in May, is "really trying to double down now and do anything we can to guarantee that, if it does happen again, that we can make it as little and less disruptive as possible," said Ryan Pinkerton, the superintendent of business.

A notable recent instance was when Los Angeles Unified was attacked over the Labor Day holiday. After the district decided not to negotiate or pay a ransom on the advice of law enforcement, the crime syndicate that attacked it posted some of its data online.

Although LAUSD did not pay the ransom, some experts believe that other districts may have. According to Levin, districts do not always make this information available. That choice is influenced by the sensitivity of the compromised data and the time and money needed to retrieve lost data.

According to data from cybersecurity company Emsisoft, which keeps track of known occurrences, ransomware attacks have so far this year affected more than 60 school districts, colleges, and universities across the nation. At least 30 K–12 public school systems are included, but since districts are not compelled to record such occurrences, the situation may be considerably worse, according to Brett Callow, a security analyst for Emsisoft.

The education sector is predicted to experience fewer assaults in 2022 than the previous two years, in which each had more than 80 occurrences, but this year's ransomware attacks nevertheless show that hackers are still quite interested in the school industry.

Even though no school days were ever missed, Superintendent Tracey Quarne said that since then, recovery has been gradual. The outcome was that the district had to develop a new financial system as well as a second email system. He claimed that it had been frustrating.

Quarne refused to comment on if the Glenn County Office of Education paid a ransom or if any of its data had been made public after the breach, claiming that the situation was still being investigated.

This year, the criminal organization Vice Society, which appears to be based in Russia, has claimed responsibility for ten different attacks on the American educational system. As a result, the U.S. Cybersecurity and Infrastructure Security Agency issued a warning in September about Vice Society's disproportionate attacks on schools.

The Federal Communications Commission has been urged by educational institutions and school systems like LAUSD to permit the use of E-rate funds, which are intended to lower the cost of digital information services for libraries and schools, for cybersecurity.

The Department of Education's cybersecurity policies have not been updated since 2010, and the U.S. Government Accountability Office has advised that they be. These initiatives have not yet yielded any noticeable effects, nonetheless.

CISA: High-Severity Flaws in Schneider & GE Digital's SCADA Software

 

Schneider Electric's Easergy medium voltage protection relays are vulnerable to several vulnerabilities, according to the advisory by US Cybersecurity and Infrastructure Security Agency (CISA). 

The agency said in a bulletin on February 24, 2022, "Successful exploitation of these vulnerabilities may disclose device credentials, cause a denial-of-service condition, device reboot, or allow an attacker to gain full control of the relay. This could result in loss of protection to your electrical network."

Easergy P3 versions prior to v30.205 and Easergy P5 versions before v01.401.101 are affected by the two high-severity flaws. The following are the weaknesses in detail: 
  • CVE-2022-22722 (CVSS score: 7.5) - Use of hardcoded credentials that could be used to monitor and alter device traffic with the device.
  • CVE-2022-22723 and CVE-2022-22725 (CVSS score: 8.8) – A buffer overflow vulnerability that could lead to programme crashes and execution of arbitrary code by sending specially crafted packets to the relay over the network. 

Schneider Electric patched the weaknesses detected and reported by Red Balloon Security researchers Timothée Chauvin, Paul Noalhyt, and Yuanshe Wu as part of updates released on January 11, 2022. The alert comes less than ten days after CISA released another alert warning of several key vulnerabilities in Schneider Electric's Interactive Graphical SCADA System (IGSS) that, if exploited, could lead to data disclosure and loss of control of the SCADA system with IGSS running in production mode. 
 
In similar news, the US Federal Bureau of Investigation has issued a security alert for General Electric's Proficy CIMPLICITY SCADA software, alerting of two security flaws that might be exploited to expose sensitive information, gain code execution, and escalate local privileges. 

The advisories follow a report from industrial cybersecurity firm Dragos that discovered that 24 per cent of the total 1,703 ICS/OT vulnerabilities reported in 2021 had no fixes available, with 19 per cent having no mitigation, restricting operators from taking any steps to protect their systems from potential threats. 

Dragos also discovered malicious activity from three new groups that were discovered attacking ICS systems last year, including Kostovite, Erythrite, and Petrovite. Each of which targeted the OT environments of renewable energy, electrical utility, and mining and energy firms in Canada, Kazakhstan, and the United States.