NSA, CISA release Kubernetes Hardening Guidance

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance,”. This report details threats to Kubernetes environments and provides configuration guidance to minimize risk.
Kubernetes is an open source system that automates the deployment, scaling, and management of applications run in containers. Kubernetes clusters are often hosted in a cloud environment, and provide increased flexibility from traditional software platforms.
Kubernetes is commonly targeted for three reasons: data theft, computational power theft, or denial of service. Data theft is traditionally the primary motivation; however, cyber actors may attempt to use Kubernetes to harness a network’s underlying infrastructure for computational power for purposes such as cryptocurrency mining.
The report details recommendations to harden Kubernetes systems. Primary actions include the scanning of containers and Pods for vulnerabilities or misconfigurations, running containers and Pods with the least privileges possible, and using network separation, firewalls, strong authentication, and log auditing.
To ensure the security of applications, system administrators should follow the guidance in the Cybersecurity Technical Report and keep up to date with patches, updates, and upgrades to minimize risk. NSA and CISA also recommend periodic reviews of Kubernetes settings and vulnerability scans to ensure appropriate risks are accounted for and security patches are applied.
NSA and CISA’s guidance focuses on security challenges and recommends system administrators harden their environments where possible. NSA is releasing this guidance as part of our mission to support the Department of Defense, the Defense Industrial Base, and National Security Systems.

Water-related hazards dominate disasters in the past 50 years

Water-related hazards dominate the list of disasters in terms of both the human and economic toll over the past 50 years, according to a comprehensive analysis by the World Meteorological Organization (WMO).
Of the top 10 disasters, the hazards that led to the largest human losses during the period have been droughts (650 000 deaths), storms (577 232 deaths), floods (58 700 deaths) and extreme temperature (55 736 deaths), according to the forthcoming WMO Atlas of Mortality and Economic Losses from Weather, Climate and Water Extremes (1970-2019).
With regard to economic losses, the top 10 events include storms (US$ 521 billion) and floods (US$ 115 billion), according to an excerpt from the Atlas, which will be published in September.
Floods and storms inflicted the largest economic losses in the past 50 years in Europe, at a cost of US$ 377.5 billion. The 2002 flood in Germany caused US$ 16.48 billion in losses and was the costliest event in Europe between 1970 and 2019. However, heatwaves had the highest human toll.
The data show that over the 50-year period, weather, climate and water hazards accounted for 50% of all disasters (including technological hazards), 45% of all reported deaths and 74% of all reported economic losses at global level.
Climate Change
“Weather, climate and water-related hazards are increasing in frequency and intensity as a result of climate change. The human and economic toll was highlighted with tragic effect by the torrential rainfall and devastating flooding and loss of life in central Europe and China in the past week, said WMO Secretary-General Prof. Petteri Taalas.
“Recent record-breaking heatwaves in North America are clearly linked to global warming,” said Prof. Taalas, citing a rapid attribution analysis that climate change, caused by greenhouse gas emissions, made the heatwave at least 150 times more likely to happen.
“But, increasingly, heavy rainfall episodes also bear the footprint of climate change. As the atmosphere gets warmer it holds more moisture which means it will rain more during storms, increasing the risk of floods,” said Prof. Taalas.
“No country – developed or developing – is immune. Climate change is here and now. It is imperative to invest more in climate change adaptation, and one way of doing this is to strengthen multi-hazard early warning systems.”
Water is the primary vehicle through which we feel the impacts of climate change. To effectively address both water and climate challenges, we must bring climate change and water to the same table – into the same conversation: Tackling them as one. This is why WMO is spearheading a new Water and Climate Coalition, a community of multi-sectoral actors, guided by high-level leadership and focused on integrated water and climate action, said Prof. Taalas.
Extreme rainfall events
The German national meteorological service, DWD, said up to two months worth of rainfall fell in 2 days (14 and 15 July) on soils that were already near saturation in the most affected regions of Germany, Belgium, Netherlands, and Luxembourg. Switzerland and Austria were also hit by severe flooding.
According to DWD, about 100 to 150 mm of precipitation occurred in 24 hours between 14 and 15 July. The DWD weather station of Wipperfuerth-Gardeweg (North Rhine-Westphalia) recorded 162 mm followed by Cologne-Stammheim (North Rhine-Westphalia) with 160 mm, Kall-Sistig (North Rhine-Westphalia) with 152 mm and Wuppertal-Buchenhofen (North Rhine-Westphalia) with 151 mm. DWD issued timely and accurate early warnings.
Some parts of the central Chinese province of Henan received more accumulated rainfall between 17-21 July than the annual average. The national meteorological observation station in Zhengzhou reached 720 mm – compared to its annual average of 641 mm.
Zhengzhou, the capital of Henan, received the equivalent of half its annual rainfall in the space of six hours. The 6-hour rainfall was 382mm and from 16:00-17:00 on 20 July, the 1-hour rainfall in Zhengzhou exceeded 200mm.
More than 600 stations recorded precipitation over 250mm. The maximum precipitation was 728mm. The Henan Meteorological Service initiated the highest level emergency response to deal with the flooding.
An increasing number of studies are finding human influence on extreme rainfall events. One example is the extreme rainfall in eastern China in June and July 2016, where found that human influence significantly increased the probability of the event, with the signal less clear in a third peer review study published in the annual supplement to the Bulletin of the American Meteorological Society.
European trends
Despite the ongoing tragedy, the death toll from extreme weather is generally falling because of improved early warnings and better disaster management. A high death toll from heatwaves in Europe in 2003 and 2010 ushered in new heat-health action plans and early warnings which have been credited with saving many lives in the most recent decade.
In Europe in total, 1 672 recorded disasters cumulated 159 438 deaths and US$ 476.5 billion in economic damages from 1970–2019. Although floods (38%) and storms (32%) were the most prevalent cause in the recorded disasters, extreme temperatures accounted for the highest number of deaths (93%), with 148 109 lives lost over the 50 years.
The two extreme heatwaves of 2003 and 2010 accounted for the highest number of deaths (80%), with 127 946 lives lost in the two events. These two events skew the statistics on the number of deaths in Europe. The 2003 heatwave was responsible for half of the deaths in Europe (45%) with a total of 72 210 deaths within the 15 affected countries, according to one of the chapters in the forthcoming Atlas.
Within Europe, the distribution of disasters by related hazard shows that riverine floods (22%), general storms (14%) and general floods (10%) were most prevalent hazards in Europe.
The WMO Atlas of Mortality and Economic Losses from Weather, Climate and Water Extremes (1970-2019) (hereafter called Atlas), which will be published ahead of the United Nations General Assembly in September. The Atlas is based on the Centre for Research on the Epidemiology of Disasters’ (CRED) Emergency Events Database (EM-DAT).
It is one of a series of WMO initiatives to provide decision-makers with scientifically-based information about the weather and climate extreme and the state of the global climate.

Remote working putting organisations at risk of ransomware

CERT NZ says the majority of ransomware attacks occur through poorly configured remote access systems, which businesses use to allow staff to access systems from outside the office.
While there are a range of these in use, one of the most commonly used is Remote Desktop Protocol (RDP), with over 2,500 identified in New Zealand. RDP has a number of weaknesses, which means when it is used over the internet it can be exploited by attackers, and is a leading contributor to the ransomware incidents that CERT NZ receives.
“It’s essential that organisations urgently review their remote access systems, and make sure these systems are as secure as they can be. You may need to talk to your IT team or service provider about how to do this,” says Michael Shearer, Principal Advisor – Threats and Vulnerabilities at CERT NZ.
CERT NZ is partnering with internet service providers to contact organisations that use internet-exposed RDP to provide advice on how they can make remote working more secure.
“Regardless of what technology organisations use to enable remote working, it’s important to keep your system up to date and enable two-factor authentication for logins.”
As RDP is often exploited by attackers to gain access to an organisation’s network, CERT NZ recommends organisations consider other options to enable remote working, such as a virtual private network (VPN). Good VPN solutions support two-factor authentication, which adds an extra layer of security, and are designed to be used over the internet.
More broadly, CERT NZ is concerned about the growing impact ransomware attacks are having on New Zealand.
“Recent events have brought to light the devastating effects a ransomware attack can have on an organisation. There’s been an increasing trend of these types of attacks globally over the past 18 months, and they’re only going to continue.”
CERT NZ has seen an increase in ransomware reports in the second quarter of 2021 (April to June), compared to the first quarter of the year. Reaching a total of 30 reports, this is the highest number of ransomware reports made to CERT NZ within one quarter.
“These figures do not paint a complete picture of the extent of ransom attacks in New Zealand. These numbers only reflect what has been reported to us, however conversations with our industry partners indicate there are a lot more attacks happening.”
CERT NZ will soon be releasing more guidance for organisations about how to protect themselves against ransomware.

Understanding the increase in Supply Chain Security Attacks

The European Union Agency for Cybersecurity mapping on emerging supply chain attacks finds 66% of attacks focus on the supplier’s code.
Supply chain attacks have been a concern for cybersecurity experts for many years because the chain reaction triggered by one attack on a single supplier can compromise a network of providers. Malware is the attack technique that attackers resort to in 62% of attacks.
According to the new ENISA report - Threat Landscape for Supply Chain Attacks, which analysed 24 recent attacks, strong security protection is no longer enough for organisations when attackers have already shifted their attention to suppliers.
This is evidenced by the increasing impact of these attacks such as downtime of systems, monetary loss and reputational damage.
Supply chain attacks are now expected to multiply by 4 in 2021 compared to last year. Such new trend stresses the need for policymakers and the cybersecurity community to act now. This is why novel protective measures to prevent and respond to potential supply chain attacks in the future while mitigating their impact need to be introduced urgently.
Why is a good level of cybersecurity not good enough?
Composed of an attack on one or more suppliers with a later attack on the final target, namely the customer, supply chain attacks may take months to succeed. In many instances, such an attack may even go undetected for a long time. Similarly to Advanced Persistence Threat (APT) attacks, supply chain attacks are usually targeted, quite complex and costly with attackers probably planning them well in advance. All such aspects reveal the degree of sophistication of the adversaries and the persistence in seeking to succeed.
The report reveals that an organisation could be vulnerable to a supply chain attack even when its own defences are quite good. The attackers explore new potential highways to infiltrate organisations by targeting their suppliers. Moreover, with the almost limitless potential of the impact of supply chain attacks on numerous customers, these types of attacks are becoming increasingly common.
In order to compromise the targeted customers, attackers focused on the suppliers’ code in about 66% of the reported incidents. This shows that organisations should focus their efforts on validating third-party code and software before using them to ensure these were not tampered with or manipulated.
For about 58% of the supply chain incidents analysed, the customer assets targeted were predominantly customer data, including Personally Identifiable Information (PII) data and intellectual property.
For 66% of the supply chain attacks analysed, suppliers did not know, or failed to report on how they were compromised. However, less than 9% of the customers compromised through supply chain attacks did not know how the attacks occurred. This highlights the gap in terms of maturity in cybersecurity incident reporting between suppliers and end-users.

EU mobilises planes to tackle forest fires

Turkey, ravaged by unprecedented forest fires, activated the EU Civil Protection Mechansim. In an immediate response, the European Commission has already helped mobilise 1 Canadair plane from Croatia and 2 Canadairs from Spain. These firefighting aeroplanes are part of rescEU, the European reserve of civil protection assets.
Commissioner for Crisis Management Janez Lenarčič said: "The EU stands in full solidarity with Turkey at this very difficult time. I thank all the countries which have offered help. Our thoughts are with the Turkish people who have lost their loved ones and with the brave first responders who are doing their best to battle the deadly fires. We stand ready to provide further assistance."
In response to Italy's request for assistance through the EU Civil Protection Mechanism to help in the fight against the ongoing wildfires in Sardinia, the EU is mobilising immediate support from France and Greece.
France and Greece are deploying two aerial forest firefighting planes (Canadair) each. The planes offered by France come from the European Civil Protection Pool, whereas the ones offered by Greece are part of the rescEU assets.
The wildfires have hit the area of Montiferru, in the centre-west of the island following high temperatures. Initial reports indicate that over 4,000 hectares have been burnt and 355 people evacuated.
The European Union's 24/7 Emergency Response Coordination Centre is in regular contact with the Turkish authorities to closely monitor the situation and channe the EU assistance.

Biden Administration Announces Further Actions to Protect U.S. Critical Infrastructure

The Biden Administration continues to take steps to safeguard U.S. critical infrastructure from growing, persistent, and sophisticated cyber threats. Recent high-profile attacks on critical infrastructure around the world, including the ransomware attacks on the Colonial Pipeline and JBS Foods in the United States, demonstrate that significant cyber vulnerabilities exist across U.S. critical infrastructure, which is largely owned and operated by the private sector.
Currently, federal cybersecurity regulation in the United States is sectoral. It has a patchwork of sector-specific statutes that have been adopted piecemeal, as data security threats in particular sectors have gained public attention. Given the evolving threat faced today, it must consider new approaches, both voluntary and mandatory. It is critical infrastructure owners and operators responsibility to follow voluntary guidance as well as mandatory requirements in order to ensure that the critical services the American people rely on are protected from cyber threats.
President Biden has signed a National Security Memorandum (NSM) on “Improving Cybersecurity for Critical Infrastructure Control Systems,” which addresses cybersecurity for critical infrastructure and implements long overdue efforts to meet the threats. The NSM:
- Directs the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) and the Department of Commerce’s National Institute of Standards and Technology (NIST), in collaboration with other agencies, to develop cybersecurity performance goals for critical infrastructure.
- Formally establishes the President’s Industrial Control System Cybersecurity (ICS) Initiative. The ICS initiative is a voluntary, collaborative effort between the federal government and the critical infrastructure community to facilitate the deployment of technology and systems that provide threat visibility, indicators, detections, and warnings.

TSA Takes Steps to Address Some Pipeline Security Program Weaknesses

The nation's pipelines are vulnerable to cyber-based attacks due to increased reliance on computerized systems. In May 2021 malicious cyber actors deployed ransomware against Colonial Pipeline's business systems. The company subsequently disconnected certain systems that monitor and control physical pipeline functions so that they would not be compromised.
Protecting the nation's pipeline systems from security threats is a responsibility shared by both the Transportation Security Administration (TSA) and private industry stakeholders. Prior to issuing a cybersecurity directive in May 2021, TSA's efforts included issuing voluntary security guidelines and security reviews of privately owned and operated pipelines. GAO reports in 2018 and 2019 identified some weaknesses in the agency's oversight and guidance, and made 15 recommendations to address these weaknesses. TSA concurred with GAO's recommendations and has addressed most of them, such as clarifying portions of its Pipeline Security Guidelines improving its monitoring of security review performance, and assessing staffing needs.
As of June 2021, TSA had not fully addressed two pipeline cybersecurity-related weaknesses that GAO previously identified. These weaknesses correspond to three of the 15 recommendations from GAO's 2018 and 2019 reports.
Incomplete information for pipeline risk assessments. GAO identified factors that likely limit the usefulness of TSA's risk assessment methodology for prioritizing pipeline security reviews. For example, TSA's risk assessment did not include information consistent with critical infrastructure risk mitigation, such as information on natural hazards and cybersecurity risks. GAO recommended that TSA develop data sources relevant to pipeline threats, vulnerabilities, and consequences of disruptions. As of June 2021, TSA had not fully addressed this recommendation.
Aged protocols for responding to pipeline security incidents. GAO reported in June 2019 that TSA had not revised its 2010 Pipeline Security and Incident Recovery Protocol Plan to reflect changes in pipeline security threats, including those related to cybersecurity. GAO recommended that TSA periodically review, and update its 2010 plan. TSA has begun taking action in response to this recommendation, but has not fully addressed it, as of June 2021.
TSA's May 2021 cybersecurity directive requires that certain pipeline owner/operators assess whether their current operations are consistent with TSA's Guidelines on cybersecurity, identify any gaps and remediation measures, and report the results to TSA and others. TSA's July 2021 cybersecurity directive mandates that certain pipeline owner/operators implement cybersecurity mitigation measures; develop a Cybersecurity Contingency Response Plan in the event of an incident; and undergo an annual cybersecurity architecture design review, among other things. These recent security directives are important requirements for pipeline owner/operators because TSA's Guidelines do not include key mitigation strategies for owner/operators to reference when reviewing their cyber assets. TSA officials told GAO that a timely update to address current cyber threats is appropriate and that they anticipate updating the Guidelines over the next year.

NSA, CISA, and FBI detail Chinese State-Sponsored Actions, Mitigations

The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a Cybersecurity Advisory, Chinese State-Sponsored Cyber Operations: Observed TTPs. This advisory describes over 50 tactics, techniques, and procedures (TTPs) Chinese state-sponsored cyber actors used when targeting U.S. and allied networks, and details mitigations.
Chinese state-sponsored cyber activity poses a major threat to U.S. and allied systems. These actors aggressively target political, economic, military, educational, and critical infrastructure personnel and organizations to access valuable, sensitive data. These cyber operations support China’s long-term economic and military objectives.
One significant tactic detailed in the advisory includes the exploitation of public vulnerabilities within days of their public disclosure, often in major applications, such as Pulse Secure, Apache, F5 Big-IP, and Microsoft products. This advisory provides specific mitigations for detailed tactics and techniques aligned to the recently released, NSA-funded MITRE D3FEND framework.
General mitigations outlined include: prompt patching; enhanced monitoring of network traffic, email, and endpoint systems; and the use of protection capabilities, such as an antivirus and strong authentication, to stop malicious activity.

New ITU standards project to define a sustainability passport for digital products

A new ITU standard is under development to describe the information that a sustainability passport for digital products should contain to support consumers, industry and government in applying the principles of circular economy.
The project is underway in ITU’s standardization expert group for ‘environment and circular economy’, ITU-T Study Group 5.
Circular economy can be described as extending a product’s lifespan over multiple lifecycles or increasing the value delivered by a product over its lifespan. Supporting the shift towards circular economy is a key priority for ITU-T Study Group 5, with e-waste now the world’s fastest-growing waste stream.
Experts see considerable potential for a sustainability passport to provide an instrument to help manage e-waste in a sustainable way, on a global scale – e-waste often crosses borders, and often to developing countries ill-equipped to manage a growing e-waste burden.
Our national passports describe our attributes at birth but also record where we have travelled. Should a sustainability passport for digital products be the same?
“Digital products have one set of attributes at manufacture, but these attributes can change over time as products are upgraded, recycled or resold,” highlights the standard’s Editor and Co-Rapporteur for the responsible working group (Q7/5), Leandro Navarro of Spain’s Colegio Oficial Ingenieros de Telecomunicación.
The new standard aims to define the requirements and semantics necessary to represent information relevant to circular product lifecycles. Its development will consider the inclusion of information available at the time of manufacture as well as dynamic information representing changes to product attributes over product lifecycles.
“We need verifiable data to support us in assessing the extent to which we are achieving principles of circular economy and our ambition to achieve net zero emissions,” explains Leandro. “There is currently no international agreement on the product information required to facilitate and achieve circularity in the digital technology industry.”
Clarifying the necessary information could help to put theory into practice, highlights Leandro, making an example of ITU L.1023, an international standard outlining an assessment method for circular scoring.
“Verifiable, machine-readable information could enable automatic comparisons of product attributes relevant to circularity,” says Leandro. "And with the required degree of interoperability, all stakeholders and systems could make use of this information."

Agencies Should Strengthen Collaborative Mechanisms and Processes to Address Potential Interference

In the U.S., the FCC and the National Telecommunications and Information Administration regulate radio-frequency spectrum use to ensure enough is available for 5G networks, satellites, etc. when there could be interference, FCC and NTIA coordinate with other federal agencies via interagency agreements and groups.
To address potential interference among proposed uses of spectrum, these agencies employ various coordination mechanisms. For domestic matters, the agencies coordinate through an NTIA-led committee that provides input to FCC’s spectrum proceedings. For U.S. participation in the International Telecommunication Union’s (ITU) World Radiocommunication Conferences (WRC), agencies coordinate via a preparatory committee that provides input used to develop U.S. positions that the Department of State submits to a regional body or directly to the WRC.
These mechanisms reflect some key collaboration practices but do not fully reflect others. For example, while the documents that guide coordination between FCC and NTIA and the preparatory committee emphasize reaching consensus whenever possible, there are no clearly defined and agreed-upon processes for resolving matters when agencies cannot do so. Additionally, neither document has been updated in almost 20 years, though agency officials said conditions regarding spectrum management activities have changed in that time. GAO’s review of U.S. participation in ITU’s 2019 WRC shows that these issues affected collaboration. For example, disputes among the agencies and the inability to reach agreement on U.S. technical contributions challenged the U.S.’s ability to present an agreed-upon basis for decisions or a unified position.
NOAA and NASA conduct and FCC and NTIA review technical interference studies on a case-by-case basis. When originating from ITU activities, the agencies conduct or review technical interference studies through participation in international technical meetings and the preparatory committee process. However, the lack of consensus on study design and, within the U.S. process, specific procedures to guide the design of these types of studies, hampered U.S. efforts to prepare for the 2019 WRC. For example, the U.S. did not submit its studies on certain key issues to the final technical meeting, resulting in some stakeholders questioning whether the corresponding U.S. positions were technically rooted. Agreed-upon procedures could help guide U.S. efforts to design these studies and consider tradeoffs between what is desirable versus practical, to mitigate the possibility of protracted disagreements in the future.
1 28 29 30 31 32 53