• 9 Nov 2021 1:00 PM | Anonymous member (Administrator)

    SophosLabs, the Sophos Managed Threat Response team, and the Sophos Artificial Intelligence (AI) data science group released the 2022 Sophos Threat Report today. The report represents the collective knowledge of Sophos malware analysts, machine and network forensics specialists, and machine learning experts and offers some analysis of the events that transpired in 2021, and how Sophos believes they will shape the threat landscape in 2022 and beyond. The report covers five main topics: 1) Malware, 2) Mobile, 3) Machine Learning/AI, 4) Ransomware, and 5) Where next?

  • 5 Nov 2021 9:00 AM | Anonymous member (Administrator)

    In an offensive move, the U.S. State Department is offering a $10,000,000 reward for “information leading to the identification or location of any individual(s) who hold(s) a key leadership position in the DarkSide ransomware variant transnational organized crime group.”

    “In addition, the Department is also offering a reward offer of up to $5,000,000 for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a DarkSide variant ransomware incident.” These rewards are offered under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP).

    #Ransomware #Cybersecurity

  • 19 Oct 2021 11:00 AM | Anonymous member (Administrator)

    The ransomware-as-a-service group responsible for the Colonial Pipeline attack, is back as BlackMatter (Threatpost article). Starting in September with a $5.9 million attack on the Iowa Farm Cooperative they moved to tech company Olympus in October. Strong passwords, multi-factor authentication (MFA), network segmentation, and least privilege access are all recommended to help mitigate the spread. CISA: "Using embedded, previously compromised credentials, BlackMatter leverages the Lightweight Directory Access Protocol (LDAP) and Server Message Block (SMB) protocol to access the Active Directory (AD) to discover all hosts on the network. BlackMatter then remotely encrypts the hosts and shared drives as they are found."

    Click here for a PDF version of the CISA report.

    #infrastructure #cybersecurity

  • 14 Sep 2021 8:00 AM | Anonymous member (Administrator)

    The report is available here. It examines dangerous vulnerabilities across different types of devices and operating systems. Includes an investigation into the security of low-powered Long Range Wide Area Network (LoRaWAN) technology that is widely used in internet of things (IoT) configurations around the world.

  • 9 Sep 2021 12:00 PM | Anonymous member (Administrator)

    LinkedIn post

    Great article in the WSJ bringing awareness to Building cybersecurity. Congratulations to Fred Gordy and Intelligent Buildings on bringing this awareness to a wider audience. As Fred is quoted, "...anything that you can think that a building does can be exposed...”
    #leadership #cybersecurity #iotsecurity #CRE

  • 3 Sep 2021 3:00 PM | Anonymous member (Administrator)

    LinkedIn post

    DHS/CISA recently released a two-page flyer that lays out reasons why investing in security is "Good for business" - like avoiding: 50% decease in productivity, 20-40% employee turnover, and $500,000 average out-of-court settlement after an event.

  • 30 Aug 2021 12:00 PM | Anonymous member (Administrator)

    LinkedIn post

    Honeywell released a report (full report available at link), "Protecting Operational Technology in Facilities from Cyber Threats: Constraints and Realities," highlighting that improving cybersecurity for operational technology (OT) systems ranks as one of the top priorities for surveyed facility managers over the next 12 to 18 months. This is likely because more than 7 in 10 (71%) of surveyed facility managers consider OT cybersecurity a concern or worry. Respondents cite OT cybersecurity as the building improvement that would provide the greatest benefit to their stakeholders. The report is the third in Honeywell's 2021 Building Trends series. The survey findings indicate that facility managers recognize the potential threat of an OT cyberattack and acknowledge the importance for building occupants.

    Press release
  • 25 Aug 2021 12:00 PM | Anonymous member (Administrator)

    LinkedIn post

    NIST published an important non-technical baseline today (8259B) that RECC wants all manufacturers and service providers to support. Vendors should provide:

    • 1)     Adequate Documentation for customers on securing IoT products;
    • 2)     Information and Query Reception – Create a customer interaction ability to submit questions related to securing IoT products and associated systems; 
    • 3)     Information Dissemination to customers on 1) the disclosure of newly discovered cybersecurity vulnerabilities for the device, associated systems and software, and 2) notifications about IoT device updates used by the manufacturer to update cybersecurity; 
    • 4)     Education and Awareness – Provide educational content required to support customers and others in the secure use and safeguarding of IoT devices and associated systems, software, and hardware.
  • 19 Aug 2021 1:59 PM | Anonymous member (Administrator)

    LinkedIn post

    Poor cybersecurity can have costs that go beyond the breach itself. The SEC recently charged an issuer with misleading investors and failing to maintain cybersecurity-related disclosure controls and procedures.

    #cybersecurity #secreporting

    Sullivan & Cromwell memo

  • 2 Aug 2021 7:15 PM | Anonymous member (Administrator)
    • It has been another challenging year. Malware and vulnerabilities are at an all-time high. Starting with SolarWinds in December, we have seen the escalation and expansion of malware tools and strategies (double ransom) to levels we have never seen. What appears to be a Global Cyberwar has come to the built environment as IoT and ICS building operational technologies are beset by the latest exploits.

      The RECC was formed to address this threat and to help educate the real estate technology industry. We have formalized our incorporation and are ready to begin accepting new members, including select vendors and industry professionals. Starting with our August Leadership Board meeting we hope to introduce these new members and continue our integrated best practices effort.

      Highlights from the July 2021 RECC Leadership Board meeting:

      • RECC Leadership Board will meet the 3rd Wednesday of every month
      • RECC Leadership Board members are entitled to 5 partipants and Leadership Advisor members are entitled to 2 participants, from each of their respective organizations. All other memberships are individual.
      • Membership site click-through agreements will ensure new members abide by our Code of Principles and non-disclosure requirements.
      • New official trademark logos are available on MS Teams.
    • We have four active programs looking for support, please reach out to the following members to participate:

      • Realcomm / Cyber Day – Contact Jim Young or Howard Berger
      • Threat Assessment team – Contact Sarah Bemporad
      • Best Practices Legal Language team – Contact Jim Whalen
      • MS Teams Oversight team – Contact Ryan Allbaugh

    With a National focus on improving cybersecurity for Critical Infrastructure Control Systems the time is now. Be a part of our effort to improve building technologies. Join us and make a difference!

© Copyright 2023 Real Estate Cyber Consortium Inc.™ All Rights Reserved. Real Estate Cyber Consortium (RECC) is a 501(c)6 non-profit organization.  Privacy Policy and Terms of Use.
Powered by Wild Apricot Membership Software