The previous month in cybersecurity:
- FBI Chats with Bad Guys
- Will Water Utilities Be the Next Colonial Pipeline?
- From Fitness Fad to Cybersecurity Risk
- Biden Takes Putin to Task Over Ransomware, Cybersecurity in Summit
- The Coast Guard Gets into Cybersecurity
Perhaps the biggest news of the month came from an FBI sting. However, this was no ordinary operation with door rams and body armor, at least not at first. It all started with a smartphone app dubbed ANOM and a collaborative stance toward taking down cyber criminals within organized crime organizations worldwide.
Task forces within the US, Europe, New Zealand, and Australia reported dealing “a huge blow to organized crime” by tricking criminals into using a messaging app. It was supposed to protect them from the prying eyes of law enforcement but was actually being run and monitored by the FBI. On June 8, global law enforcement took action against criminals who were using the app, launching raids within 16 different countries. As a result, authorities seized over 32 tons of drugs and 250 firearms, shutter 50 drug labs, and arrested over 800 people.
It’s important to note that the app was not made available for public download. Instead, the FBI developed the app and then installed it directly on about 12,000 devices. They then handed those devices out to criminals over about two years. The app’s popularity grew as more and more criminals used it, and because they believed the platform was secure, they communicated directly without code words or other forms of secrecy.
May saw the Colonial Pipeline debacle. The meat production attack occurred on its heels. Now, some predict that water utilities will be the next victim of cybercriminals hoping to make cash by holding people’s lives hostage.
According to a survey conducted by the Water Information Sharing and Analysis Center (Water ISAC) and the Water Sector Coordinating Council (WSCC), many water utilities cannot defend against even basic cyber-attacks due to a lack of skilled IT workers and a lack of funding. They also continue to battle aging infrastructure while providing clean, safe water for the communities they serve.
The survey noted that over 60% of water utilities have not even fully identified IT-networked assets within their networks. Only 21% of those surveyed are even attempting this. 70% reported not knowing the full extent of operational technology networked assets, and less than 25% were trying to identify them.
Should water utilities worry about cyberattacks, though? Yes. The Water ISAC revealed several credible threats against water utilities.
Peloton devices have taken the home fitness world by storm. If you haven’t noticed the sleek, modern fitness bikes with their massive screens and slick workout videos, you’ve been living under that proverbial rock. They’re everywhere, and it seemed like their popularity could not be diminished.
Now, the king of fitness may have stumbled. What tripped up Peloton?
A flaw in the company’s cyber defense created a vulnerability that may allow hackers to steal customers’ personal information. A research team found that hackers could install fake versions of several popular apps, such as Netflix, on the company’s Bike+ system to spy on users and steal their information, including providing the attacker complete root access to the bike from a remote location. No trace of the attack would be found either because the attacker never needs to unlock the device to boot a modified image.
President Biden made history by signing an executive order that immediately accelerated government cybersecurity efforts following the Colonial Pipeline breach. Now he’s taking Russian President Vladimir Putin to task over that nation’s lax approach to ferreting out cybercriminals within its borders.
President Biden provided few details to the press, but cybersecurity was a significant component of the June Geneva summit. The President did say that he’d spoken about making certain portions of national infrastructures off-limits to national cyberattacks (and conventional attacks) and that further attacks would lead to “reputational consequences”. While President Putin denied Russia safeguards such groups, he reportedly did agree to the need to locate and disband hacker organizations around the world.
The US Coast Guard is most famous for rescuing those lost at sea and providing vital assistance to endangered or sinking vessels. However, as part of the US Armed Forces, the Coast Guard plays many other roles. Now they’re adding yet one more: cybersecurity strike team.
In early June 2021, the Coast Guard announced that the branch would be creating a cybersecurity red team that would test and attempt to penetrate the organization’s defenses. The branch’s existing blue team is being reinvented into the Cyber Operational Assessments Branch, which will focus on 5G wireless security as part of a Defense Department initiative.
We hope you enjoyed this month’s roundup. Did we miss something important? While we strive to cover the most relevant events in the industry, sometimes things slip through, so let us know!.