North Korea Escalating Cyber-Attacks

North Korea Escalating Cyber-Attacks With Little Fear of Retaliation (http://www.eweek.com)

Technology

Online attackers from North Korea reportedly stole confidential military documents, including war contingency plans drawn up by U.S. and South Korean forces. Without any downside, such attacks will continue, security experts say.

The data, part of a massive haul of 235 gigabytes taken during an intrusion spanning the months of August and September 2016, was only recently identified as the South Korean government pieced together what was taken.

Lee Cheol-hee, a South Korean lawmaker and member of the parliamentary defense committee, said that attackers had infiltrated the Defense Integrated Data Center, according to The Washington Post. The stolen data includes war plans and a scheme to assassinate North Korean dictator Kim Jong-un in the event of war, according to the South Korean lawmaker. The attack happened last year, but only 20 percent of the documents have so far been identified.

…….Continue reading at www.eweek.com

My Two Cents: I read that the documentation stolen was located in a network not connected to the internet. That a so called maintenance port was accessed with a laptop that acted as a go between the North Koreans and the South Korean systems. I am shocked that such a high classified network did not alert the South Koreans that a unknown device had attached itself to their system and was accessing data. But of course spies have access if they are already in the inside and are authorized access. I would review all the authorized user access records and locate the spies within the organization…. but then again don’t believe what you read…

Big Data Needs Bigger Security

Big Data Needs Bigger Security (http://www.usnews.com)

Technology

The Equifax breech shows why data companies must be held accountable.
The age of big data is here, along with a growing list of big data breaches and the big mess created for millions of affected consumers. The only thing missing is big consequences for companies that are causing these big losses. Last week, Equifax lost highly confidential personal and financial data on as many as 143 million people. The worst part? You didn’t even give them permission to obtain this information. They can legally collect, store and share it regardless. Although banks have a self-serving track record of their own (Wells Fargo, anyone?) at least as a client, you have a direct relationship that permits you to use the law to hold them accountable……Continue reading at www.usnews.com

My Two Cents: After reading this I would have to agree. If corporations are going to store highly confidential personal and financial data and they lose this data based on hacking which means this data was exposed to the internet, then this company would be responsible. What bothers me about Equifax is the time it took to notify everyone, and I mean everyone’s personal information in the USA has been exposed. This is huge. Sadly security software systems do exist that would have secured this data, but these Big Companies appear to not care to invest in these systems.

Global Cyber Attack Imminent

A devastating global cyber attack is imminent (http://www.dailymail.co.uk/)

Technology

Experts have warned that a devastating global cyber attack is imminent.
The hack, called ‘ExplodingCan’, targets computers running on Microsoft Windows 2003, which means that it could be used to attack 375,000 computers worldwide.
This puts it in the same risk category as last month’s WannaCry ransomware attack which caused mayhem around the world, crippling vital servers such as those used by the NHS.
ShadowBrokers, the group behind the WannaCry hack, stole the ExplodingCan from the NSA, along with an arsenal of other cyber weapons.

The hack targets Microsoft Windows 2003 servers running the Internet Information Services version 6.0 (IIS 6.0) web server.
According to Manchester-based security company, Secarma, Exploding Can exploits a known flaw in the IIS 6.0 servers, triggering a buffer overflow.
This in turn can be used for remote access to the computer, and could allow hackers to plant ransomware in a similar fashion to the WannaCry worm.

Continue reading at http://www.dailymail.co.uk/

My Two Cents:
Another reason supporting moving to the Adept Secure Platform. Microsoft Windows Server 2003 has been retired for many years, outdated software is just one little problem…

Buying cloud access security brokers with confidence

Buying cloud access security brokers with confidence (http://searchcloudsecurity.techtarget.com)

Technology

IT security professionals buying cloud access security broker services must focus on what the technology now offers and determine precisely what their company IT architecture requires. Here’s how.

With the explosion in cloud service adoption in the last several years, organizations are realizing a disturbing security reality — they don’t know what they don’t know. Data is being stored and accessed in cloud environments that organizations do not see and cannot control, and security capabilities within the cloud provider environments have been slow to reach parity with in-house enterprise security controls. Buying cloud security services that control and monitor the information organizations are sending to the cloud is essential to any organization’s security strategy.

Continue reading at http://searchcloudsecurity.techtarget.com

My Two Cents:
We at Adept Technologies are excited based on our new release of our Secure Cloud “Adept Secure” that protects the Adept Enterprise foundation, its modular platforms and data. Customers who are already on the myadept.com infrastructure will be moved automatically over to the adeptsecure.com infrastructure. No need for our customers to purchase cloud access security broker services. Its included in our offerings.

Reliable Grid Operations – NERC

Reliable Grid Operations – NERC (http://www.nerc.com)

Technology

Electricity is unique in that it can’t be conventionally stored for later use. It’s produced and consumed in real time.

Electricity must be produced and delivered at the same time consumers need it.

While most people take reliable electric service for granted, it is something the electrical industry makes a daily priority. Disruptions to electric service are more than an inconvenience, they are matters of health and safety. In addition, power disruptions can be costly to consumers and businesses.

The sustained dependability of electric service is a crucial component of modern life and a key to the economic vitality of the world.

The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the reliability of the bulk power system in North America. NERC develops and enforces Reliability Standards; annually assesses seasonal and long‐term reliability; monitors the bulk power system through system awareness; and educates, trains, and certifies industry personnel. NERC’s area of responsibility spans the continental United States, Canada, and the northern portion of Baja California, Mexico. NERC is the electric reliability organization for North America, subject to oversight by the Federal Energy Regulatory Commission and governmental authorities in Canada. NERC’s jurisdiction includes users, owners, and operators of the bulk power system, which serves more than 334 million people.

Cyber Security is enforced via the CIP – Critical Infrastructure Protection Reliability Standards.

Reliability Standard Violations in New England Result in $3 Million Penalty, March 30 – After completing its fact-finding, FERC’s Office of Enforcement concluded that Berkshire Power Company LLC (Berkshire) and Power Plant Management Services LLC (PPMS) violated the FPA, jurisdictional tariffs, various FERC regulations, and NERC Reliability Standards.

My Two Cents:
NERC can issue large fines if you get into their crosshairs. I understand why NERC exists today with regard to Cyber Security. My question would be will NERC help you after an event like what happened in the Ukraine last December, or would they issue you a $3 Million Penalty? Will they share information to others or fine them too? Will this type of enforcement help or make it worse?

We are at a point, where Cyber Security is going to change big time. The way it is being handled today is not the way it will be handled after a successful Cyber 911 attack takes the power grid down… Electricity must be produced and delivered at the same time consumers need it, cyber security will be a HUGE part of making sure it happens…