February Meeting Notes – Tales from the Time of COVID

From Cliff Richman

We experienced a couple of Cyber events.  The first was Oct of 2020.  We detected after a user was phished and the attacker was mapping, establishing C2, attempting password extraction and moving laterally.  We detected and evicted them without data loss or encryption.  They were identified to be UNC1878 a Russian ransomware gang.  Once targeted and evicted they escalated their attacks and these continue but have not been successfully again.  I setup an SOC in by basement to support this as it was in the middle of covid isolation.  In the end we replaced 34 systems in a total of three locations that the attackers had touched.  WE only took a 8 hour outage on a Sunday to replace some of the critical systems that our business needed.

Another incident February of 2022 indicates how far we came since that Russian attack.  An attacker detected missed vulnerability in Microsoft library used in our CMS for our ecommerce website.  He executed a Metasploit package against this vulnerability.  Our systems detected this attempt and isolated the webserver.  The entire attack was less than 4 seconds and the command did not ever even get written to disk.  Working with an ITR vendor we were able to identify the individual online handle for this Initial Threat actor.  He was a Chinese University student.

Yet another Covid topic was the Pandemic Defense Production act.  Some of what we produced are N95 masks testers and flowmeters the active measurement in a respirator.  We make the majority of flowmeters for respirator OEMs.  We would ship a N95 mask tester to our customer and they would pay for the transaction.  During shipping the Fed would commandeer the shipment from the shipper and send it to another manufacturer and order them to make N95 masks.   This was a huge headache for our Finance, Operation and The ERP team.  WE had to develop methods to deal with al that unexpected change and then adjust.

In the late spring and summer of 2020 our Management team hired nurses in our locations checking temperatures and asking the covid screening questions.  No only was the very expensive but had a few incidents where they were influencing our employees politically and speaking on behalf of management.  I was tasked with finding an automated solution.  I located a company that had a HIPA compliant platform already for compliance solutions that was developing a kiosk for this purpose.  They sent me their prototype and we integrated it with our badge system  and also we helped to perfect the sensing of the thermal camera to work more efficiently and also with a mask on.  We purchased the first 4 units and they when on to sell hundreds of units globally thereafter.

Many of the typical supply change adjustment issue to manufacturing and supplying credentials for shifting workloads to adjust for manufacturing employees who would shift jobs and work areas as components were available.

From Scott Stone

Changes seen during COVID:

Remote Work Security: The sudden shift to remote work created significant security challenges, as many organizations were not prepared for the security implications of a fully remote workforce. This included ensuring secure connections (like VPNs), securing personal devices used for work (BYOD policies), and managing the increased risk of data breaches.

Phishing and Scams: There was a significant increase in phishing attacks and scams exploiting the COVID-19 situation. Cybercriminals used pandemic-related themes for phishing emails and messages, preying on people’s fears and uncertainties to steal sensitive information or spread malware.

Overloaded Infrastructure: The increased reliance on digital platforms for work, education, and communication put a strain on IT infrastructure, leading to potential security vulnerabilities. Overloaded systems could lead to reduced effectiveness of security measures and increased opportunities for cyber attacks.

Supply Chain Attacks: The pandemic disrupted global supply chains, affecting the cybersecurity supply chain as well. Organizations faced challenges in securing their supply chains against cyber threats, as attackers could exploit vulnerabilities in third-party services and software to gain access to sensitive data.

Insider Threats: The stress, uncertainty, and changes in work environments increased the risk of insider threats. Employees dealing with personal issues or dissatisfaction might pose a greater risk of intentional or unintentional data breaches.

Healthcare Sector Targeting: Cybersecurity challenges were particularly acute in the healthcare sector, which was under immense pressure due to the pandemic. Hospitals and healthcare providers faced increased cyber attacks, including ransomware, at a time when their services were most critical.

Rapid Digital Transformation: Organizations accelerated their digital transformation initiatives to adapt to the new normal, which often involved rapidly deploying new technologies and services without fully vetting their security. This led to potential vulnerabilities and increased attack surfaces.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.