SophosLabs, the Sophos Managed Threat Response team, and the Sophos Artificial Intelligence (AI) data science group released the 2022 Sophos Threat Report today. The report represents the collective knowledge of Sophos malware analysts, machine and network forensics specialists, and machine learning experts and offers some analysis of the events that transpired in 2021, and how Sophos believes they will shape the threat landscape in 2022 and beyond. The report covers five main topics: 1) Malware, 2) Mobile, 3) Machine Learning/AI, 4) Ransomware, and 5) Where next?
In an offensive move, the U.S. State Department is offering a $10,000,000 reward for “information leading to the identification or location of any individual(s) who hold(s) a key leadership position in the DarkSide ransomware variant transnational organized crime group.”
“In addition, the Department is also offering a reward offer of up to $5,000,000 for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a DarkSide variant ransomware incident.” These rewards are offered under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP).
The ransomware-as-a-service group responsible for the Colonial Pipeline attack, is back as BlackMatter (Threatpost article). Starting in September with a $5.9 million attack on the Iowa Farm Cooperative they moved to tech company Olympus in October. Strong passwords, multi-factor authentication (MFA), network segmentation, and least privilege access are all recommended to help mitigate the spread. CISA: "Using embedded, previously compromised credentials, BlackMatter leverages the Lightweight Directory Access Protocol (LDAP) and Server Message Block (SMB) protocol to access the Active Directory (AD) to discover all hosts on the network. BlackMatter then remotely encrypts the hosts and shared drives as they are found."
Click here for a PDF version of the CISA report.
The report is available here. It examines dangerous vulnerabilities across different types of devices and operating systems. Includes an investigation into the security of low-powered Long Range Wide Area Network (LoRaWAN) technology that is widely used in internet of things (IoT) configurations around the world.
Great article in the WSJ bringing awareness to Building cybersecurity. Congratulations to Fred Gordy and Intelligent Buildings on bringing this awareness to a wider audience. As Fred is quoted, "...anything that you can think that a building does can be exposed...”
#leadership #cybersecurity #iotsecurity #CRE
DHS/CISA recently released a two-page flyer that lays out reasons why investing in security is "Good for business" - like avoiding: 50% decease in productivity, 20-40% employee turnover, and $500,000 average out-of-court settlement after an event.
Honeywell released a report (full report available at link), "Protecting Operational Technology in Facilities from Cyber Threats: Constraints and Realities," highlighting that improving cybersecurity for operational technology (OT) systems ranks as one of the top priorities for surveyed facility managers over the next 12 to 18 months. This is likely because more than 7 in 10 (71%) of surveyed facility managers consider OT cybersecurity a concern or worry. Respondents cite OT cybersecurity as the building improvement that would provide the greatest benefit to their stakeholders. The report is the third in Honeywell's 2021 Building Trends series. The survey findings indicate that facility managers recognize the potential threat of an OT cyberattack and acknowledge the importance for building occupants.
NIST published an important non-technical baseline today (8259B) that RECC wants all manufacturers and service providers to support. Vendors should provide:
Poor cybersecurity can have costs that go beyond the breach itself. The SEC recently charged an issuer with misleading investors and failing to maintain cybersecurity-related disclosure controls and procedures.
Sullivan & Cromwell memo
It has been another challenging year. Malware and vulnerabilities are at an all-time high. Starting with SolarWinds in December, we have seen the escalation and expansion of malware tools and strategies (double ransom) to levels we have never seen. What appears to be a Global Cyberwar has come to the built environment as IoT and ICS building operational technologies are beset by the latest exploits.
The RECC was formed to address this threat and to help educate the real estate technology industry. We have formalized our incorporation and are ready to begin accepting new members, including select vendors and industry professionals. Starting with our August Leadership Board meeting we hope to introduce these new members and continue our integrated best practices effort.
Highlights from the July 2021 RECC Leadership Board meeting:
We have four active programs looking for support, please reach out to the following members to participate:
With a National focus on improving cybersecurity for Critical Infrastructure Control Systems the time is now. Be a part of our effort to improve building technologies. Join us and make a difference!