Category: Security

Category Added in a WPeMatico Campaign

Posted on

Third Large Prime-Small Business VOME

Source: US Department of Homeland Security

The U.S. Department of Homeland Security will host a large and small business Vendor Outreach Matchmaking Event (VOME). Large business primes, serving as counselors, and small businesses will be able to meet virtually to discuss potential partnerships, subcontracting opportunities, and joint ventures.

DATE: December 6-7, 2023

TIME: 9:00 am – 4:00 pm EDT 

LOCATION: All sessions will be held virtually. Space is Limited

For more information about the event such as registration, please review the Third Large Prime-Small Business VOME eflyer.

Posted on

DAF leaders emphasize adapting AI for warfighting success

Source: United States Air Force

ARLINGTON, Va. (AFNS) —  

Air Force Secretary Frank Kendall made it clear that the Air Force and Space Force are fully committed — and pushing hard — to develop and deploy artificial intelligence as a key element in meeting security challenges posed by China and other adversaries Dec. 2.

Kendall’s remarks were not new, but by voicing them during a session at the influential Reagan National Defense Forum, he added additional weight to the Department of the Air Force’s efforts to use AI as part of a larger push to modernize.

“I care a lot about civil society and the law of armed conflict,” Kendall said. “Our policies are written around those laws. You don’t enforce laws against machines, you enforce them against people. Our challenge is not to limit what we can do with AI but to find how to hold people accountable for what the AI does. The way we should approach is to figure out how to apply the laws of armed conflict to the applications of AI. Who do we hold responsible for the performance of that AI and what do we require institutions to do before we field these kinds of capabilities and use them operationally.”

Kendall pointed out that China and other adversaries are aggressively using AI, and while the U.S. maintains an edge, it is shrinking. Kendall’s comments dovetailed with those from Air Force Chief of Staff Gen. David Allvin, who said at a separate session during the conference that the Air Force must modernize to properly meet the security threats of today.

Part of that effort, Allvin said, is diligently working to integrate AI and machine learning into new capabilities that mesh seamlessly with mission needs and proven technologies, while understanding performance tradeoffs.

“I do believe the future is going to be about human-machine teaming,” Allvin said. “Optimizing the performance and being able to operate at speed. That investment in our collaborative combat aircraft program is what is going to get us there.”

Speed and automation of AI systems have vastly shortened decision timelines. That’s why the DoD’s National Defense Strategy focuses on accelerating decision making and the way information is analyzed and shared.

“We are leveraging algorithms and starting with data fusion and being able to gain insights,” Allvin said. “The changing character of war is speed. If we are going to be privileging speed and have massive amounts of data, the ability to have algorithms and the tools that support and let the analysts do what only humans can do which is make that human decision.”

“Our job on the government side more than anything else is to thoroughly understand this technology, have the expertise we need to really get into the details of it and appreciate how it really works,” Kendall said. “To be creative about helping industry find new applications for that technology and developing ways to evaluate it get the confidence we’re going to need to ensure that it can be used ethically and reliably when it is in the hands of our warfighters.”

Replacing obsolete, legacy systems by harnessing emerging information, communications, and AI technologies to provide operational targeting and decision support with the speed, adaptability and resilience needed to fight in a highly contested environment is a priority for DAF and falls under Kendall’s Operation Imperatives.

“The critical parameter on the battlefield is time,” Kendall said. “The AI will be able to do much more complicated things much more accurately and much faster than human beings can. If the human is in the loop, you will lose. You can have human supervision and watch over what the AI is doing, but if you try to intervene you are going to lose. The difference in how long it takes a person to do something and how long it takes the AI to do something is the key difference.”

Rapid AI development requires DAF to be agile and adaptable in its approach, focusing on rapid testing, experimentation and deployment. The Department of Defense continues to maintain a robust regulatory and ethical framework to ensure the responsible use of AI in defense.

Both men stressed the importance of innovation. Allvin said that innovation is a critical element of modernization and is necessary for maintaining readiness.

“War is a human thing and the ability to leverage technology with human innovation is something we can never walk away from as we’re continuing to develop and more sophisticated systems,” Allvin said.

The Reagan National Defense Forum, celebrating “10 Years of Promoting Peace Through Strength,” brings together leaders from across the political spectrum and key stakeholders in the defense community, including members of Congress, current and former presidential administration officials, senior military leadership, industry executives, technology innovators and thought leaders. Their mission is to review and assess policies that strengthen America’s national defense in the context of the global threat environment.

Posted on

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

Source: US Department of Homeland Security

SUMMARY

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as “the authoring agencies”—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated Advanced Persistent Threat (APT) cyber actors.

The IRGC is an Iranian military organization that the United States designated as a foreign terrorist organization in 2019. IRGC-affiliated cyber actors using the persona “CyberAv3ngers” are actively targeting and compromising Israeli-made Unitronics Vision Series programmable logic controllers (PLCs). These PLCs are commonly used in the Water and Wastewater Systems (WWS) Sector and are additionally used in other industries including, but not limited to, energy, food and beverage manufacturing, and healthcare. The PLCs may be rebranded and appear as different manufacturers and companies. In addition to the recent CISA Alert, the authoring agencies are releasing this joint CSA to share indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with IRGC cyber operations.

Since at least November 22, 2023, these IRGC-affiliated cyber actors have continued to compromise default credentials in Unitronics devices. The IRGC-affiliated cyber actors left a defacement image stating, “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target.” The victims span multiple U.S. states. The authoring agencies urge all organizations, especially critical infrastructure organizations, to apply the recommendations listed in the Mitigations section of this advisory to mitigate risk of compromise from these IRGC-affiliated cyber actors.

This advisory provides observed IOCs and TTPs the authoring agencies assess are likely associated with this IRGC-affiliated APT. For more information on Iranian state-sponsored malicious cyber activity, see CISA’s Iran Cyber Threat Overview and Advisories webpage and the FBI’s Iran Threat webpage.

For a PDF version of this CSA, see: 

For a downloadable copy of IOCs, see:

TECHNICAL DETAILS

Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 14. See Table 1 for threat actor activity mapped to MITRE ATT&CK tactics and techniques. For assistance with mapping malicious cyber activity to the MITRE ATT&CK framework, see CISA and MITRE ATT&CK’s Best Practices for MITRE ATT&CK Mapping and CISA’s Decider Tool.

Overview

CyberAv3ngers (also known as CyberAveng3rs, Cyber Avengers) is an Iranian IRGC cyber persona that has claimed responsibility for numerous attacks against critical infrastructure organizations.[1],[2],[3],[4],[5] The group claimed responsibility for cyberattacks in Israel beginning in 2020. CyberAv3ngers falsely claimed they compromised several critical infrastructure organizations in Israel.[2] CyberAv3ngers also reportedly has connections to another IRGC-linked group known as Soldiers of Solomon.

Most recently, CyberAv3ngers began targeting U.S.-based WWS facilities that operate Unitronics PLCs.[1] The threat actors compromised Unitronics Vision Series PLCs with human machine interfaces (HMI). These compromised devices were publicly exposed to the internet with default passwords and by default are on TCP port 20256.

These PLC and related controllers are often exposed to outside internet connectivity due to the remote nature of their control and monitoring functionalities. The compromise is centered around defacing the controller’s user interface and may render the PLC inoperative. With this type of access, deeper device and network level accesses are available and could render additional, more profound cyber physical effects on processes and equipment. It is not known if additional cyber activities deeper into these PLCs or related control networks and components were intended or achieved. Organizations should consider and evaluate their systems for these possibilities.

Threat Actor Activity

The authoring agencies have observed the IRGC-affiliated activity since at least October 2023, when the actors claimed credit for the cyberattacks against Israeli PLCs on their Telegram channel. Since November 2023, the authoring agencies have observed the IRGC-affiliated actors target multiple U.S.-based WWS facilities that operate Unitronics Vision Series PLCs. Cyber threat actors likely compromised these PLCs since the PLCs were internet-facing and used Unitronics’ default password. Observed activity includes the following:

  • Between September 13 and October 30, 2023, the CyberAv3ngers Telegram channel displayed both legitimate and false claims of multiple cyberattacks against Israel. CyberAv3ngers targeted Israeli PLCs in the water, energy, shipping, and distribution sectors.
  • On October 18, 2023, the CyberAv3ngers-linked Soldiers of Solomon claimed responsibility for compromising over 50 servers, security cameras, and smart city management systems in Israel; however, majority of these claims were proven false. The group claimed to use a ransomware named “Crucio” against servers where the webcams camera software operated on port 7001.
  • Beginning on November 22, 2023, IRGC cyber actors accessed multiple U.S.-based WWS facilities that operate Unitronics Vision Series PLCs with an HMI likely by compromising internet-accessible devices with default passwords. The targeted PLCs displayed the defacement message, “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is Cyberav3ngers legal target.”

INDICATORS OF COMPROMISE

See Table 1 for observed IOCs related to CyberAv3nger operations.

Table 1: CyberAv3nger IOCs

Indicator

Type

Fidelity

Description

BA284A4B508A7ABD8070A427386E93E0

MD5

Suspected

MD5 hash associated with Crucio Ransomware

66AE21571FAEE1E258549078144325DC9DD60303

SHA1

Suspected

SHA1 hash associated with Crucio Ransomware

440b5385d3838e3f6bc21220caa83b65cd5f3618daea676f271c3671650ce9a3

SHA256

Suspected

SHA256 hash associated with Crucio Ransomware

178.162.227[.]180

IP address

185.162.235[.]206

IP address

MITRE ATT&CK TACTICS AND TECHNIQUES

See Table 2 for referenced threat actor tactics and techniques in this advisory.

Table 2: Initial Access

Technique Title

ID

Use

Brute Force Techniques

T1110

Threat actors obtained login credentials, which they used to successfully log into Unitronics devices and provide root-level access.

MITIGATIONS

The authoring agencies recommend critical infrastructure organizations, including WWS sector facilities, implement the following mitigations to improve your organization’s cybersecurity posture to defend against CyberAv3ngers activity. These mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement. CISA and NIST based the CPGs on existing cybersecurity frameworks and guidance to protect against the most common and impactful threats, tactics, techniques, and procedures. Visit CISA’s Cross-Sector Cybersecurity Performance Goals for more information on the CPGs, including additional recommended baseline protections.

Note: The below mitigations are based on threat actor activity against Unitronics PLCs but apply to all internet-facing PLCs.

Network Defenders

The cyber threat actors likely accessed the affected devices—Unitronics Vision Series PLCs with HMI—by exploiting cybersecurity weaknesses, including poor password security and exposure to the internet. To safeguard against this threat, the authoring agencies urge organizations to consider the following:

Immediate steps to prevent attack:

  • Change all default passwords on PLCs and HMIs and use a strong password. Ensure the Unitronics PLC default password is not in use.
  • Disconnect the PLC from the public-facing internet.

Follow-on steps to strengthen your security posture:

  • Implement multifactor authentication for access to the operational technology (OT) network whenever applicable.
  • If you require remote access, implement a firewall and/or virtual private network (VPN) in front of the PLC to control network access. A VPN or gateway device can enable multifactor authentication for remote access even if the PLC does not support multifactor authentication.
  • Create strong backups of the logic and configurations of PLCs to enable fast recovery. Familiarize yourself with factory resets and backup deployment as preparation in the event of ransomware activity.
  • Keep your Unitronics and other PLC devices updated with the latest versions by the manufacturer.
  • Confirm third-party vendors are applying the above recommended countermeasures to mitigate exposure of these devices and all installed equipment.

In addition, the authoring agencies recommend network defenders apply the following mitigations to limit potential adversarial use of common system and network discovery techniques, and to reduce the impact and risk of compromise by cyber threat actors:

  • Reduce risk exposure. CISA offers a range of services at no cost, including scanning and testing to help organizations reduce exposure to threats via mitigating attack vectors. CISA Cyber Hygiene services can help provide additional review of organizations’ internet-accessible assets. Email vulnerability@cisa.dhs.gov with the subject line, “Requesting Cyber Hygiene Services” to get started.

Device Manufacturers

Although critical infrastructure organizations using Unitronics (including rebranded Unitronics) PLC devices can take steps to mitigate the risks, it is ultimately the responsibility of the device manufacturer to build products that are secure by design and default. The authoring agencies urge device manufacturers to take ownership of the security outcomes of their customers by following the principles in the joint guide Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software, primarily:

  • Do not charge extra for basic security features needed to operate the product securely.
  • Support multifactor authentication, including via phishing-resistant methods.

By using secure by design tactics, software manufacturers can make their product lines secure “out of the box” without requiring customers to spend additional resources making configuration changes, purchasing tiered security software and logs, monitoring, and making routine updates.

For more information on common misconfigurations and guidance on reducing their prevalence, see joint advisory NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations. For more information on secure by design, see CISA’s Secure by Design and Default webpage and joint guide.

VALIDATE SECURITY CONTROLS

In addition to applying mitigations, the authoring agencies recommend exercising, testing, and validating your organization’s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory. The authoring agencies recommend testing your existing security controls inventory to assess how they perform against the ATT&CK techniques described in this advisory.

To get started:

  1. Select an ATT&CK technique described in this advisory (see Table 2).
  2. Align your security technologies against the technique.
  3. Test your technologies against the technique.
  4. Analyze your detection and prevention technologies’ performance.
  5. Repeat the process for all security technologies to obtain a set of comprehensive performance data.
  6. Tune your security program, including people, processes, and technologies, based on the data generated by this process.

The authoring agencies recommend continually testing your security program, at scale, in a production environment to ensure optimal performance against the MITRE ATT&CK techniques identified in this advisory.

RESOURCES

REPORTING

All organizations should report suspicious or criminal activity related to information in this CSA to CISA via CISA’s 24/7 Operations Center (report@cisa.gov or 888-282-0870). The FBI encourages recipients of this document to report information concerning suspicious or criminal activity to their local FBI field office or IC3.gov. For NSA client requirements or general cybersecurity inquiries, contact Cybersecurity_Requests@nsa.gov.

Additionally, the WaterISAC encourages members to share information by emailing analyst@waterisac.org, calling 866-H2O-ISAC, or using the online incident reporting form. State, local, tribal, and territorial governments should report incidents to the MS-ISAC (SOC@cisecurity.org or 866-787-4722).

REFERENCES

  1. CBS News: Municipal Water Authority of Aliquippa hacked by Iranian-backed cyber group
  2. Industrial Cyber: Digital Battlegrounds – Evolving Hybrid Kinetic Warfare
  3. Bleeping Computer: Israel’s Largest Oil Refinery Website Offline After DDoS Attack
  4. Dark Reading: Website of Israeli Oil Refinery Taken Offline by Pro-Iranian Attackers
  5. X: @CyberAveng3rs

DISCLAIMER

The information in this report is being provided “as is” for informational purposes only. The authoring agencies do not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by the authoring agencies.

VERSION HISTORY

December 1, 2023: Initial version.

Posted on

Around the Air Force: Rated Preparatory Program, Reserve Cyber Commissions, Commercial Air Refueling

Source: United States Air Force

FORT GEORGE G. MEADE, Md. (AFNS)  —  

In this week’s look around the Air Force, the application window for Airmen to become rated officers is now open, the Air Reserve component launches a direct commissioning program for cyber career fields, and commercial aircraft refuel Air Force fighters for the first time. (Hosted by Tech. Sgt. Vernon Young)

Watch on DVIDS | Watch on YouTube
For previous episodes, click here for the Air Force TV page.

Posted on

Readout of Chairman of the Joint Chiefs of Staff Gen. CQ Brown, Jr.’s Meeting with Chief of Defence of Denmark Gen. Flemming Lentfer

Source: US Defense Joint Chiefs of Staff

November 30, 2023

WASHINGTON, D.C., — Joint Staff Spokesperson Navy Capt. Jereal Dorsey provided the following readout:

Chairman of the Joint Chiefs of Staff Gen. CQ Brown, Jr., met with Chief of Defence of Denmark Gen. Flemming Lentfer today at the Pentagon. This was their first meeting since Gen. Brown became Chairman.

The two military leaders discussed strategic security cooperation, Russia’s ongoing invasion of Ukraine, and the security environment in Europe.

Denmark is a founding member of NATO and a key ally with the U.S. around the globe.

For more Joint Staff news, visit: www.jcs.mil.
Connect with the Joint Staff on social media: 
FacebookTwitterInstagramYouTube,
LinkedIn and Flickr.

Posted on

Coast Guard approves oil recovery plan as clean-up efforts continue for WAPA’s tank 11 discharge, Lindbergh Bay oil spill in St. Thomas

Source: United States Coast Guard

 

11/30/2023 01:40 PM EST

The Coast Guard Federal On-Scene Coordinator approved Virgin Islands Water and Power Authority’s (WAPA) Oil Removal Action Plan Wednesday, as clean-up efforts continue for the tank 11 diesel discharge at the Randolph Harley Power Plant in St. Thomas and the affected area of Lindbergh Bay. The Coast Guard Federal On-Scene Coordinator received and approved WAPA’s Oil Removal Action Plan in consultation with members of the Caribbean Regional Response Team (CRRT). “Cleanup efforts continue to move in the right direction,” said Capt. Robert M. Pirone, Coast Guard Federal On-Scene Coordinator for the response. “There are a lot of moving parts as clean-up crews utilize heavy mechanical equipment to expedite oil recovery activities and build access roads while working in a challenging geographical landscape.  These efforts seek to ensure the oil is cleaned up as soon as possible to remove this pollution threat from the environment in the best and safest possible way.”

For more breaking news follow us on Twitter and Facebook.

Posted on

Air Force announces FY24 Experienced Aviator Retention Incentive, Rated Officer Retention Demonstration Programs

Source: United States Air Force

ARLINGTON, Va. (AFNS) —  

The Air Force recently announced the opening of two Regular Air Force FY24 Aviation Bonus programs – the FY24 Experienced Aviator Retention Incentive, formerly known as the Aviation Bonus, and the FY24 Demonstration Bonus. 

Eligible active-duty aviators have until Aug. 1, 2024, to apply for EARI and the FY24 Demonstration Bonus; however, the program eligibility window will close early if the budgetary maximum number of contracts are met before Aug. 1. 

Additionally, eligible Guard and Reserve aviators continue to have until Dec. 31, 2023, to apply for the Air National Guard and Air Force Reserve’s current 2023 Aviation Bonus programs. 

EARI builds upon the previous years’ offers to deliberately shape and retain experienced rated officers to meet Air Force retention, training, and mission readiness requirements to maintain the lethality of the force. Information will be announced separately in the future regarding the Reserve Component offering the FY24 EARI. 

“In today’s strategic environment, the requirement to preserve critical skills in our Air Force has never been more important,” said Maj. Gen. Adrian Spain, Director of Training and Readiness, Deputy Chief of Staff for Operations at Headquarters, Air Force. “Specifically, aviation-related skillsets, formed through the crucible of combat and daily execution of high-intensity operations, is the foundation necessary to continue to effectively deliver warfighting capability to the Joint Force and the American people. Retaining these professional aviators’ experience and expertise within the Total Force is imperative in order to outpace future challenges that may emerge throughout the spectrum of conflict.” 

EARI, combined with the Rated Officer Retention Demonstration Bonus, offers specific rated officers with experience in flying critical weapon systems, both monetary and non-monetary incentives to extend their service commitment.  The monetary options range from $15,000 per year to $50,000 per year for contracts ranging from three to 12 years of additional service.  Non-monetary options continue to include an assignment of choice, assignment declination, or remain in place. 

EARI will be available for RegAF, Air National Guard, and Air Force Reserve rated officers. However, the Rated Officer Retention Demonstration Program will be only available to select RegAF rated officers. 

Complete eligibility requirements and application instructions is available on the myFSS website Welcome Page at myFSS (or by copying/pasting the following link into your browser: https://myfss.us.af.mil/USAFCommunity/s/knowledge-detail?xid=34479) 

Posted on

UPDATE: Unified Command continues response to tar balls near Long Branch, New Jersey

Source: United States Coast Guard

U.S. Coast Guard sent this bulletin at 11/29/2023 06:30 PM EST

 

 

11/29/2023 06:11 PM EST

NEW YORK— The unified command composed of the Coast Guard, New Jersey Department of Environmental Protection, and Monmouth County, New Jersey, continued their response, Wednesday, to reports of tar balls on the beach from Sea Bright, New Jersey, south to Asbury Park, New Jersey.

Posted on

USCGC Frederick Hatch concludes historic patrol with engagements in the Philippines, fisheries enforcement in Republic of Palau, Papua New Guinea

Source: United States Coast Guard

 

11/30/2023 03:20 AM EST

SANTA RITA, Guam — The USCGC Frederick Hatch (WPC 1143) successfully concluded a routine 47-day expeditionary patrol covering more than 8,200 nautical miles under Operation Blue Pacific, returning to Guam on Thanksgiving, distinguished by a series of historic and strategic engagements across the Western Pacific and Oceania. “USCGC Frederick Hatch’s highly successful patrol is a testament to the diligence and expertise of the crew onboard, always remaining positive and overcoming numerous challenges to continually set the standard for Coast Guard operations in the Pacific. Their efforts to keep our equipment functioning properly, go over the rail regularly for boardings, and cook meals in heavy seas is what makes the U.S. Coast Guard’s commitment to the Indo-Pacific region so strong. Our people are the best at what they do and always ready to go above and beyond when asked, which is the basis for being a trusted partner and fostering strong international alliances,” said Lt. Patrick Dreiss, commanding officer of the Frederick Hatch.

For breaking news follow us on twitter @USCGHawaiiPac

Posted on

San Francisco-based U.S. Coast Guard Cutter Alder returns to home port after conducting first high-seas boardings off the coast of Peru, under new SPRFMO measure

Source: United States Coast Guard

 

11/29/2023 06:00 PM EST

The crew of the Coast Guard Cutter Alder, along with the crews of the Terrell Horne and an HC-130 Hercules aircraft recently completed the first high-seas boardings and inspections, in the Eastern Pacific Ocean, under a newly adopted conservation and management measure to monitor and inspect fishing and supply vessel operations at-sea in the South Pacific Regional Fisheries Management Organization (SPRFMO) Convention Area.  The crew of the Alder performed many new operations that took them south of the equator, where they would participate in SPRFMO inspections, conducting boardings and overflights within the SPRFMO Convention Area on the high seas off the coast of Peru. For years, the Coast Guard has executed counter-illegal, unreported, and unregulated (IUU) fishing operations and participated in high seas boarding and inspections (HSBI) around the globe. This operation was significant as it was timed to implement newly adopted rules in the SPRFMO Convention Area, which comprises nearly a quarter of the Earth’s high seas. The SPRFMO Commission consists of 17 members from Asia, Europe, the Americas, and Oceania, as well as two cooperating non-contracting parties.