Colonial Pipeline paid ransom to hacker group DarkStor (source).
Smart cities, cybersecurity, and privacy:
Smart cities are vulnerable to cybersecurity and privacy risks.
Reference: comparitech
National security threats:
North Korean hackers attacked an Indian nuclear power plant.
Russian operation hacked a Vermont utility, posing a risk to the US electrical grid security.
Note: An earlier report incorrectly stated that Russian hackers penetrated the U.S. electric grid. The hacked computer at Burlington Electric was not attached to the grid.
Major cybersecurity threats to the US:
Russia: America's most sophisticated cyber adversary.
Notable attack: Interference in the 2016 US presidential election by the Internet Research Agency.
China: Initially launched noisy attacks, now more subtle.
Notable attack: Chinese military officers stole secrets on fighter jets, including the F-35, from Lockheed Martin.
Iran: Significant increase in cyber attacks in recent years.
Notable attack: Iranian Behzad Mesri charged with hacking into HBO, leaking "Game of Thrones" scripts, and demanding 6million in ransom.
North Korea: High on US watchlist despite improved diplomatic relations.
Notable attack: The US blamed North Korea for the WannaCry attack in 2017.
Potential consequences of a Russian cyber attack:
Widespread poisoning: Treatment plants leak chemicals into drinking water.
Freezing to death: Cyber invaders shut down power grids across the country.
Radiation poisoning: Hacked power plants go into meltdown.
Deadly car crashes: Compromised traffic lights cause accidents on purpose.
SolarWinds hack:
The SolarWinds hack was one of the biggest hacks of 2020.
Attacks on the energy industry:
DHS (2018): A foreign government conducted a multi-stage intrusion campaign, staging malware, spear phishing, and gaining remote access into energy sector networks to collect information pertaining to Industrial Control Systems (ICS).
United States (2013): Unknown adversaries unleashed a coordinated attack on northern California, causing more than 15M in damages by severing 6 underground lines and firing at substation transformers.
Ireland (2017): Senior engineers at the Electricity Supply Board received phishing emails with malicious software intended to infiltrate control systems.
UK (2017): Hackers gained access to a telecom network and installed a virtual wire tap to monitor all unencrypted traffic in Northern Ireland and Wales.
Ukraine (2015): Attackers targeted industrial control systems at three Ukrainian energy companies, leaving 225,000 citizens without power.
Ukraine (2016): A second attack on the Ukrainian grid caused another blackout and appears to be a trial run for a larger attack. The Crash Override malware communicated directly with ICS to turn power off.
Kazakhstan, Taiwan, Greece, and the United States (2011): Using locations in Asia, Night Dragon hacked into oil, gas, and petrochemical companies, acquiring proprietary and confidential business and personnel information.
Dragonfly/Energetic Bear (2014): Targeted grid operators and electricity-generation firms in several countries, including the Middle East, injecting malware and Trojan viruses into industrial control systems.
US Power Company (2014): US utility's control system network was compromised via its internet portal after hackers brute-forced their way through its simple password mechanism. Fined 2.7Million Over Security Flaws Impacting 'Critical Assets (2018)
Turkey (2014): Famous hacker team "Redhack" hacked into power admin system and canceling -$650K of electricity bills.
Iran (2017): State-sponsored hackers infiltrated the critical safety systems for industrial control units used in nuclear, oil, and gas plants.
Worldwide (2014): Since 2012, hackers under the name of "Operation Cleaver" have been building their skills to evade detection and have successfully penetrated and stolen data from 50+ companies.
Middle East (2012, 2016, 2017): Shamoon virus targeted major energy companies, shutting down 30,000 computers and destroying hard drives; it reappeared in more destructive variants.
Iran (2010): Programmable logic controllers were targeted by the Stuxnet computer virus, causing 20% of Iran's uranium enrichment centrifuges to spin out of control.
Geographical distribution of attackers' IP addresses:
Figure 5 represents the geographical distribution of attacking machines' IP addresses for all targeted attacks in 2011. It doesn't necessarily represent the location of the perpetrators.
Global cyber attack statistics (2017 Cybercrime Report):
Around 700million global cyber attacks were recorded in 2017, up by 44% from 2016.
Q4 2017: Russia emerged as the top attack origin, targeting US e-commerce retailers.
Vietnam was included in the list of top five attack origins for the first time.
Russia, Latvia, and Singapore first appeared in the top five attack destinations list.
Luzon and Mindanao (Philippines) belonged to the top 21-30 places of bot attack origins.
Visayas (Philippines) ranked below the top 50.
Target of attacks from the United Kingdom:
United States, United Kingdom, Ireland, France, Argentina
Target of attacks from Russia:
United States, United Kingdom, Russia, Latvia, Ireland
Target of attacks from the United States:
United States, United Kingdom, Canada, France, Argentina
Target of attacks from Germany:
United States, United Kingdom, Ireland, Germany, Austria
Target of attacks from Vietnam:
United States, United Kingdom, Australia, Singapore, Japan
Cyber attack stages:
Reconnaissance
Scanning
Gaining Access
Maintaining Access
Clearing Tracks
Cybersecurity lifecycle:
Identify
Protect
Detect
Respond
Recover
Governance
Threat Detection & Forensics
Program Development
Advisory Services
Education & Training
Cyber Assessment
Coverage Limits Continued:
Privacy Breach Response Services:
Notification to Individual Clients: 25,000 individuals
Credit Monitoring: 3 Credit Bureaus for 12 months
Identity Theft Resolutions: Up to 5,000 cases
Foreign Notification: 50,000
Breach Response Services are OUTSIDE of the Limits of Liability
First Party Coverage:
Cyber Extortion: Included
Data Protection Loss: Included
Forensic Expense: 50,000**
Business Interruption Loss: Included (higher limits available upon request)
Data Breach Class Action Lawsuits:
Data Breach Class Action Lawsuits on the Rise: How to Bullet-Proof Your Company from Data Breach Liability
Speaker Firms and Organization:
THE KNOWLEDGE GROUP
Partner Firms:
DRM
Downs Rachlin Martin PLLC
Business Sense-Legal Ingenuity Stroock
Presented By:
Matthew S. Borick, Director, Downs Rachlin Martin PLLC
Karla Grossenbacher, Partner, Seyfarth Shaw LLP
Krishna B. Narine, Partner, Meredith & Narine, LLC
Steven D. Atlee, Partner, Stroock & Stroock & Lavan LLP
Francis A. Citera, Shareholder, Greenberg Traurig, LLP
Equifax Data Breach:
State of Tennessee, Office of the Attorney General
Letter concerning the Equifax Inc. Data Breach
Date: September 19, 2017
Addressed to: Phyllis B. Sumner, Esq., Christopher C. Burris, Esq., King & Spalding LLP
From: HERBERT H. SLATERY III, ATTORNEY GENERAL AND REPORTER
Concern over the personal information of over 3 million Tennessee residents being stolen.
Concerns regarding Equifax's conduct since the breach disclosure, particularly their response to consumers' legitimate concerns after several weeks since discovering the theft of data pertaining to over 143 million individuals.