Critical Infrastructure Security Information Weekly 20211008

Technical standard specification

1. Strive to compose a wonderful chapter in the construction of a strong Internet country – a summary of the development achievements of my country’s Internet informatization business

General Secretary Xi Jinping attaches great importance to network security and informatization work, and has put forward a series of groundbreaking new ideas, new viewpoints and new judgments, forming General Secretary Xi Jinping’s important thought on strengthening the country through the Internet. Under the guidance of this important thought, my country’s Internet informatization business has made positive progress and remarkable achievements.

2. Follow | The “New Generation Artificial Intelligence Code of Ethics” is released!

On September 25, the National New Generation Artificial Intelligence Governance Professional Committee released the “New Generation Artificial Intelligence Code of Ethics” (hereinafter referred to as the “Code of Ethics”), which aims to integrate ethics into the whole life cycle of artificial intelligence, and to engage in artificial intelligence-related activities. Provide ethical guidelines for natural persons, legal persons and other relevant institutions.

3. Build an information security standard guarantee system for intelligent networked vehicles

With the rapid development of new infrastructure such as 5G, artificial intelligence, and the Internet of Things, intelligent connected vehicles have become an important part of the integration and innovation of emerging technologies and the automotive industry.

4. Eight departments including the Ministry of Industry and Information Technology issued the “Three-Year Action Plan for the Construction of New Internet of Things Infrastructure (2021-2023)”

Eight departments, including the Ministry of Industry and Information Technology, the Office of the Central Cyber ​​Security and Information Commission, the Ministry of Science and Technology, the Ministry of Ecology and Environment, the Ministry of Housing and Urban-Rural Development, the Ministry of Agriculture and Rural Affairs, the National Health Commission, and the National Energy Administration, jointly issued the “Internet of Things”. Three-Year Action Plan for New Infrastructure Construction (2021-2023).

5. Notice | Nine departments including the Cyberspace Administration of China issued the “Guiding Opinions on Strengthening the Comprehensive Governance of Internet Information Service Algorithms” (full text attached)

In order to strengthen the comprehensive governance of Internet information service algorithms and promote the healthy and orderly development of the industry, the State Internet Information Office, the Central Propaganda Department, the Ministry of Education, the Ministry of Science and Technology, the Ministry of Industry and Information Technology, the Ministry of Public Security, the Ministry of Culture and Tourism, and the National Market Supervision Nine ministries and commissions including the State Administration of Administration and the State Administration of Radio and Television formulated the “Guiding Opinions on Strengthening the Comprehensive Governance of Internet Information Service Algorithms”.

Industry development trends

6. The Conti ransomware attack is fierce, and the three major federal departments of the United States jointly issued an early warning

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the FBI and the National Security Agency issued a joint warning on Wednesday, urging organizations to update their systems as soon as possible to address the real-world threat of Conti ransomware attacks.

7. Analysis of Japanese cyberspace combat power

In September 2020, the Ministry of Defense of Japan announced the defense budget application for fiscal year 2021, and the funding in the cyber field has reached a record high. The budget plans to create a new cyber warfare force, the Self-Defense Forces Cyber ​​Defense Force, and transfer the cyber warfare personnel originally affiliated to the Army, Navy, and Air Self-Defense Forces to the newly established force.

8. India uses Pegasus spyware for cyber operations

Recently, an investigation by 17 prominent media outlets led by the French non-profit journalist organization “Forbidden Stories” revealed that Pegasus spyware was successfully used to steal the smartphones of senior government officials, journalists and politicians. Activists in different governments around the world.

9. The computer network of an important US port was hacked, but the operation was not affected

CNN reported, citing an accident analysis report by the Coast Guard and a public statement from a senior U.S. cybersecurity official, that the Port of Houston, an important port on the Gulf Coast, suffered a cyberattack last month (August), and the attackers were suspected of having national background.

10. Original | Tiandi Hexing: Global Power Industry Cyber ​​Threat Trends

The number of cyber intrusions and attacks targeting the power industry is increasing, and in 2020 Dragos has identified three new Active Groups (AGs) targeting the power industry: TALONITE, KAMACITE and STIBNITE.

11. The latest development trend of network security at home and abroad

The cybersecurity industry has developed into a fast lane.

12. Research on the Layered Method of Network Attack Technology

How to effectively protect against attacks from the network has become an urgent problem to be solved. In order to effectively defend against network attacks, it is necessary to have a comprehensive understanding and awareness of the evolution of network attacks. Starting from the security incidents formed by network attacks in recent years, from the perspectives of managers, academia and industry, the classification and development path of network attack technologies are analyzed, and the current situation and characteristics are summarized.

13. Digital trade agreement | An overview of the game of data cross-border flow between China, the United States and Europe in trade negotiations

On September 16, China formally applied to join the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP). But at the same time, some CPTPP member states have questioned whether my country’s data cross-border and data localization regulations can meet the disciplinary requirements of the relevant provisions of the CPTPP.

14. The U.S. government strengthens the deep meaning of zero trust: achieving multi-layered cybersecurity

The frequent occurrence of major cyber attacks on U.S. businesses and infrastructure underscores the high importance of cybersecurity to the government.

15. Data security protection in the era of big data

In the era of big data, data leakage incidents are emerging one after another, and data security has become one of the main factors hindering the development of big data.

16. NSA cybersecurity chief warns: Attackers increasingly use commercial tools to hide identities

The increasing use of widely available commercial tools such as virtual private networks by advanced persistent threat actors has made it more difficult to trace the origin of cyberattacks, said the head of the National Security Agency’s cyber division.

Security Threat Analysis

17. Original | Why does the construction of control system information security need to be based on behavior analysis

The industrial control system consists of controllers, PLC modules, DCS control cabinets, touch screens, HMI devices, communication cards and other hardware, as well as SCADA configuration software, programming software, operating system software and other software. It is used in industrial field environments and used in different industries. production business scenarios.

18. CISA, FBI: Nation-state APT groups may be exploiting Zoho vulnerabilities

The Coast Guard Cyber ​​Command (CGCYBER) warned today that newly discovered vulnerabilities in Zoho’s single sign-on and password management tools have been actively exploited since early last month, while some state-sponsored Advanced Persistent Threat (APT) actors may is one of them.

19. Talking about the status of cyberspace security in the U.S. military’s digital modernization strategy

2020 is a year in which the U.S. military’s digital modernization strategy will be steadily advanced and various strategic goals will be implemented in stages. Cyberspace security is a crucial part of the U.S. military’s digital modernization strategy.

20. The branch of the European call center giant was hit by ransomware, and the customer service of many related organizations was interrupted

Covisian is one of the largest customer service and call center providers in Europe, and GSS is Covisian’s Spanish and South American division. A few days ago, GSS suddenly suffered a ransomware attack, which paralyzed most of its IT systems, and the call center for the Spanish-speaking customer group fell.

21. iCloud private relay service was exposed to leaking user IP addresses

In the latest version of Apple’s operating system, iOS devices, there is a new, yet-to-be-fixed vulnerability in the iCloud Private Relay feature that could reveal a user’s real IP address.

22. The WPBT function of the Microsoft operating system is exposed to a high-risk vulnerability – a rootkit can be implanted by hackers on Windows 8 and above

Security researchers at firmware security firm Eclypsium have discovered a vulnerability in Microsoft’s Windows Platform Binary Table (WPBT) that could be exploited to install a rootkit on all Windows computers released since 2012.

23. APT gang FamousSparrow starts spying on hotels and government departments

A cyber espionage group dubbed “FamousSparrow” by researchers has used a custom backdoor (dubbed “SparrowDoor”) to attack hotels, governments, and private organizations around the world. According to ESET, this is one of the Advanced Persistent Threats (APTs) targeted for the ProxyLogon vulnerability earlier this year, although its activity was only recently exposed.

24. Colossus ransomware hits a US car company

On Friday, September 24, 2021 local time in the United States, the zerox threat intelligence team discovered a ransomware variant called “Colossus” that affects machines running Microsoft’s Windows operating system. The ransomware has many features, including binary packaging and sandbox evasion via Themida. The ransomware has a support website to establish communication with victims, which was likely launched on September 20, 2021.

25. Targeted DNS Hijacking: Suspected to be Tomiris, a new Trojan that attacked the team after the SolarWinds incident

Kaspersky’s threat hunting team has intercepted a new cyber-espionage implant that hijacks the DNS of Eastern European governments via targeted DNS hijacking. The research team released a new report on September 29, which provides clues linking the malware to the SolarWinds attackers.

26. Why is IoT security so important?

Malware targeting IoT devices is on the rise, and cybercriminals are using botnets more frequently in their attacks. Especially during the pandemic, remote work has contributed to a dramatic increase in cybercrime, making all kinds of networks more vulnerable to attack.

Safety Technology Solutions

27. The US intelligence community is also using it, including the NSA, CIA, DHS, etc.

I believe everyone is using an ad blocker, this is a good thing, showing that it is just to block ads, polish your eyes, and clear your vision. But even more so, it can also block malicious ads that sometimes hack into your device or collect sensitive information about it.

28. Microsoft Patches Frequently Exploited Windows 0-Day Vulnerability

In a series of security patches released on Patch Tuesday in September, Microsoft released patches for 66 CVEs, three of which were classified as critical in Microsoft’s four-tier system, and one of these three was named The zero-day vulnerability in Windows MSHTML has been under active attack for nearly two weeks.

29. US Public IPV6 Guidelines: “Completing the Transition to the Internet”

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Friday that it is seeking public feedback on the federal agency’s new IPv6 guidelines. The document, IPv6 Considerations for TIC 3.0, was issued under Office of Management and Budget (OMB) Memorandum 21-07, which requires CISA to strengthen the Trusted Internet Connectivity (TIC) program to ensure Internet Protocol version 6 (IPv6) is implemented within the federal IT system.

30. Urban rail transit CBTC signal system network security scheme

Based on the business model of the CBTC signal system, from the perspective of relevant national regulations and standards such as the network security law, industrial control information security and network security level protection, the current situation of network security protection and the existing security risks of urban rail transit signal system are analyzed, and the proposed A signal system network security protection scheme can comprehensively protect the network security of the signal system.

31. Original | Countermeasures for U.S.-Japan Cooperation and China to Launch 5G Technology Competition

The article “Winning the 5G Technology Race with China: A Winning Strategy for U.S.-Japan Cooperation to Block Competition, Rapid Development, and Solve Problems” provides a corresponding strategy for the United States and Japan to win the 5G technology race with China . This article further summarizes and analyzes the 5G competition strategies and characteristics of the United States and Japan against China, and puts forward corresponding strategic suggestions based on this, in order to promote the development of my country’s 5G industry.–SiKIqdww

32. Original | Schneider Electric PLC ModiPwn Vulnerability Review

Armis researchers discovered a new vulnerability, CVE-2021-22779, in Schneider Electric (SE) Modicon PLCs, dubbed ModiPwn, affecting Modicon M340, M580, and other models of the Modicon family of PLCs.

33. The US NSA and CISA released solutions for VPN selection and hardening

Foreign government-backed hackers are actively exploiting vulnerabilities in virtual private network (VPN) equipment, the National Security Agency and CISA, the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security, have warned.

The Links:   ADP3336ARMZ HD4890 NEC-LCD

Related Posts