Print Page   |   Contact Us   |   Sign In   |   Register
IAMU Informer
Blog Home All Blogs

Cyber Intel Advisory: Potential for Cyberattacks Following Strikes Against Senior Iranian Military Official

Posted By IAMU, Tuesday, January 7, 2020

The Multi-State Information Sharing & Analysis Center (MS-ISAC) assesses that Iran is highly likely to retaliate against the United States and its interests following the airstrikes on Jan. 3 that killed a prominent Iranian military official. This assessment is based on historical Iranian retaliatory efforts. Iran specializes in asymmetric warfare, and its response will highly likely be physical or cyber in nature, targeting U.S. interests globally. If tensions continue to escalate, this response will likely include cyberattacks against U.S. critical infrastructure.

For more on this developing issue, click here.

To learn what your organization can do to prepare for the increased geopolitical tensions and threats of aggression with Iran, click here.

Read the latest Joint Intelligence Bulletin here.

Russell Saffell, IAMU Director of Member Security & Critical Infrastructure Protection, should be your first contact (before MS-ISAC or the DHS CISA Protective Security Advisor) in case of any incidents. Russ will report any incidents to all of the appropriate agencies and coordinate resources for response/assistance. You can reach Russ at 515.289.1999 (office), 515.988.8686 (cell), or by email at rsaffell@iamu.org.

Tags:  Cyber Security  Iran  MS-ISAC 

Share |
PermalinkComments (0)
 

Ransomware: Is Your System Prepared for an Attack?

Posted By IAMU, Tuesday, August 27, 2019

On Aug. 16, more than 20 entities in Texas reported a ransomware attack with the majority of these entities being smaller local governments. The evidence gathered indicates the attacks came from one-single threat actor. If this happened in your community, are your prepared? Do you know how to respond?

If you are a member of the IAMU Safety Group Insurance Group, you can get coverage for such an event. Currently, only about 20% of all safety group members purchase the coverage. If your utility or municipality doesn’t currently have such coverage, be sure to ask your agent for more information.

According to the Department of Homeland Security (DHS) and its Cybersecurity and Infrastructure Security Agency (CISA), ransomware has rapidly emerged as the most visible cybersecurity risk playing out across the nation’s networks, locking up private-sector organizations and government agencies alike. And that’s only what is seen – many more infections are going unreported, ransoms are being paid, and the vicious ransomware cycle continues. Organizations are strongly urged to consider ransomware infections as destructive attacks, not an event where you can simply pay off the bad guys and regain control of your network.

According to CISA, ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. Ransomware can be devastating to an individual or an organization. Anyone with important data stored on their computer or network is at risk, including government or law enforcement agencies and healthcare systems or other critical infrastructure entities. Recovery can be a difficult process that may require the services of a reputable data recovery specialist, and some victims pay to recover their files. However, there is no guarantee that individuals will recover their files if they pay the ransom.

Helping organizations protect themselves from ransomware attacks is a chief priority for the CISA. The agency has assisted many ransomware response and recovery efforts, building an understanding of how ransomware attacks unfold, and what potential steps can be taken to better defend systems. But there is also a recognition that there’s no such thing as perfect cybersecurity, and ransomware infections can still happen. The agency has also developed recommendations to help organizations limit damage and recover smartly and effectively.

RANSOMWARE MITIGATIONS TO HELP YOU DEFEND TODAY AND SECURE TOMORROW

The CISA recommendations outline three sets of straightforward steps any organization can take to manage their risk. These recommendations are written broadly for all levels within an organization. It is never as easy as it should be, so if your organization needs help, the agency urges you to reach out for assistance – CISA is here to help, but so is the FBI, numerous private sector security firms, state authorities, and others.

  1. Backup your data, system images, and configurations and keep the backups offline.

  2. Update and patch systems.

  3. Make sure your security solutions are up to date.

  4. Review and exercise your incident response plan.

  5. Pay attention to ransomware events and apply lessons learned.

Actions to Recover If Impacted – Don’t Let a Bad Day Get Worse

  1. Ask for help. Contact IAMU immediately. You may reach Russ Saffell, Director of Member Security & Critical Infrastructure Protection at 515.289.1999 or 515.988.8686 (cell).

  2. Isolate the infected systems and phase your return to operations

  3. Review the connections of any business relationships (customers, partners, vendors) that touch your network

  4. Apply business impact assessment findings to prioritize recovery.

Actions to Secure Your Environment Going Forward – Don’t Let Yourself be an Easy Mark

  1. Practice good cyber hygiene; backup, update, whitelist apps, limit privilege, and use multifactor authentication.

  2. Segment your networks; make it hard for the bad guy to move around and infect multiple systems.

  3. Develop containment strategies; if bad guys get in, make it hard for them to get stuff out

  4. Know your system’s baseline for recovery.

  5. Review disaster recovery procedures and validate goals with executives.

For more information on ransomware, visit the CISA Resource Page on Ransomware (www.us-cert.gov/Ransomware). Victims of ransomware should report it immediately to CISA at www.us-cert.gov/report, a local FBI Field Office, or Secret Service Field Office.

Tags:  Cyber Security  Randsomware 

Share |
PermalinkComments (0)
 

2019 Midwest Regional Municipal Utility Cybersecurity Summit

Posted By IAMU, Wednesday, July 3, 2019

The American Public Power Association is holding a Midwest Regional Municipal Utility Cybersecurity Summit on July 24 and 25 at the University of Nebraska at Kearney. The summit will provide education on the tools, technologies, and resources available to municipal utilities to establish and maintain a successful cybersecurity program, no matter what the size of your utility.

For more information about the summit or to register, go to:

https://www.publicpower.org/event/2019-midwest-regional-municipal-utility-cybersecurity-summit

Tags:  APPA  Cyber Security 

Share |
PermalinkComments (0)
 

Attention Members’ IT Staff: Certain Gateway Vulnerabilities Found

Posted By IAMU, Tuesday, February 12, 2019

The National Cybersecurity and Communications Integration Center (NCCIC) is aware of several vulnerabilities affecting Kunbus PR100088 Modbus industrial gateways running software versions prior to Release R02 (1.1.13166). These vulnerabilities could allow attackers to gain full control of vulnerable devices, create a denial-of-service condition, and/or perform other actions.

NCCIC has published ICS Advisory ICSA-19-036-05: Kunbus PR100088 Modbus Gateway (TLP:WHITE). To read the advisory, go to  https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05 

For questions about physical security, cybersecurity, emergency planning, training or exercise development or facilitation, contact Russell Saffell, IAMU Director of Member Security and Critical Infrastructure Protection, at rsaffell@iamu.org or by phone at (515) 289-1999.

For more resources related to security and preparedness, visit www.iamu.org/security.

Tags:  Cyber Security  Kunbus  Modbus  NCCIC 

Share |
PermalinkComments (0)
 

How Prepared is Your Utility for Security Threats & Emergencies?

Posted By IAMU, Tuesday, October 2, 2018

 

There is still time to register for the IAMU Energy Pre-Conference Workshop that focuses on preparing for and guarding against a physical or cyber security threat or natural disaster. IAMU is bringing in leading experts in physical and cybersecurity and emergency preparedness to share their knowledge and help members as they develop or revise their security and emergency plans, processes, and procedures.

How Prepared is Your Utility for Security Threats & Emergencies?
Wednesday, Oct. 10, 1 – 5 p.m.
Prairie Meadows
Altoona, Iowa

For more information or to register for the pre-conference workshop, click here.

You may also contact Russ Saffell, IAMU Director of Member Security and Critical Infrastructure Protection, at rsaffell@iamu.org.

Tags:  Cyber Security  Energy Conference  IAMU Events  Prairie Meadows  PreConference 

Share |
PermalinkComments (0)
 
Page 1 of 5
1  |  2  |  3  |  4  |  5
Membership Software Powered by YourMembership  ::  Legal