20/10/21
Critical Infrastructure Daily Brief
Statewide Terrorism & Intelligence Center
Critical Infrastructure Daily Brief
**UNCLASSIFIED **
(U) STIC is providing this information to our partner agencies for situational awareness. This document contains information obtained from open source information. While STIC has gone to great lengths to verify the information found in open source documents on the internet, this information may not be accurate.
Situational Awareness
A Utah student was arrested for “potentially planning to carry out an attack” at Weber High School, according to district officials. Court documents first obtained and reported by Pat Reavy of KSL.com showed that the student was a 15-year-old girl who claimed to be conspiring to use a weapon of mass destruction. Weber County School District said the threat involved planning by a student but said there was never an imminent danger to the school or other students. KSL.com reported the student was planning a mass-casualty incident. The district said early intervention from law enforcement prevented any possible violence. The Weber County Attorney’s Office has filed criminal charges in Second District Juvenile Court in Weber County. The teen was charged Sept. 30 with use of a weapon of mass destruction, according to documents. The district said it couldn’t release specific details because of privacy issues. KSL reported the FBI learned of messages it said the girl sent that contained threats, including of planning mass shooting at the school, gathered from information obtained from affidavits. The messages included the threat to create an event ‘like Columbine,’ an infamous school shooting in Colorado where two students killed 13 people, injured 20 others and then turned their guns on themselves. Police responded to the girl’s home and said she admitted to sending the messages to people she met online. Her phone was seized for a search. She also reported creating napalm and said she was planning an April 2024 attack.
Compromising a business supply chain is a key goal for cyber attackers, because by gaining access to a company that provides software or services to many other companies, it's possible to find a potential way into thousands of targets at once. Several major incidents during the past 12 months have demonstrated the large-scale consequences supply chain attacks can have. In one of the biggest cybersecurity incidents in recent years, cyber attackers working for the Russian foreign intelligence service compromised updates from IT services provider SolarWinds that were downloaded by 18,000 customers, with the attackers then going on to target around 100 of those customers including several US government agencies. Other cyber criminals were able to carry out a supply chain attack using a vulnerability in software from Kaseya to launch a ransomware attack that affected thousands of its customers around the world. "The issue of the threat to IT service providers as part of a supply chain was clearly one of the features of the last year," said Simon Mehdian-Staffell, UK government affairs manager at Microsoft, speaking during a Chatham House Cyber 2021 Conference discussion on the rise of state-backed cyberattacks. Some of these attacks have been identified because they've been on such a large scale, like the ones above. But there are means of supply chain compromise that are far less likely to draw attention, but can be very effective. And a more tightly focused campaign might be harder to detect. "Clearly there's trade-offs to be made between where they cast their net and the potential increased likelihood of being detected, so operators are having to make those trade-offs," said Jamie Collier, cyber threat intelligence consultant at Mandiant, also speaking during the Chatham House panel. While big attacks get the attention, the past few years have seen "other vectors of supply chain compromise that are dominating the numbers that maybe don't get the attention they deserve", he added. These lower-scale, less obvious supply chain attacks can be just as effective for cyber attackers, providing discreet pathways into networks. In particular, developer or mobile environments can provide this gateway – and cyber attackers have noticed.
A federal jury today convicted a Chicago man of attempting to provide material support to the Islamic State of Iraq and al-Sham (ISIS). The jury convicted THOMAS OSADZINSKI, 22, after a two-week trial in U.S. District Court in Chicago. The charge of attempting to provide material support and resources to a foreign terrorist organization is punishable by up to 20 years in federal prison. U.S. District Judge Robert W. Gettleman did not immediately set a sentencing date.
Cybersecurity
Microsoft is updating Microsoft 365 to allow admins to better manage insider security threats in their environments with improvements to risky activity detection and visibility. Insider Risk Management enables Microsoft 365 cloud services platform customers to detect, investigate, and remediate insider security threats within their organizations across Office, Windows, Azure, and third-party apps like HR systems. It connects signals, including file activity and abnormal user behavior, to detect concealed patterns and risks that other, more traditional methods could miss. Insider risks can be either malicious and accidental. Still, both types can have a high impact on the affected organization, given the level of damages they can inflict if not detected in time.
- Brave Browser Replaces Google with Its Own Search Engine
Brave, the privacy-focused browser that blocks third-party ads and trackers by default, is switching to using its own search engine by default, the company has announced. The change will be applied for new users, and will affect which search engine is used via the browser’s address bar. Brave Search will replace Google in the United States, United Kingdom, and Canada, Qwant in France, and DuckDuckGo in Germany. More countries will be switched over in the coming months.
- Acer Hacked Twice in a Week by the Same Threat Actor
Acer has suffered a second cyberattack in just a week by the same hacking group that says other regions are vulnerable. Last week, threat actors known as 'Desorden' emailed journalists to say they hacked Acer India's servers and stole data, including customer information. Acer later confirmed the breach but stated it was an "isolated attack," affecting only their after-sales service systems in India. Less than a week later, Desorden emailed BleepingComputer to say they breached Acer Taiwan's servers on October 15th and stole employee and product information. They also shared images of an internal Acer Taiwan portal and CSV files containing login credentials for Acer employees. The threat actors told BleepingComputer that they performed the attack to prove that Acer is still vulnerable. "We did not asked for separate payment on the taiwan breach. it was meant to prove our point that Acer has neglected their cybersecurity." - Desorden. Acer Taiwan took down the vulnerable server soon after the threat actors reported the breach to the company. However, the hacking group states that other servers in Malaysia and Indonesia are still vulnerable. Yesterday, Acer confirmed the attack in a statement to BleepingComputer and said the Taiwan breach only involved employee data.
Energy
Oil futures rose on Tuesday and were near multi-year highs as an energy supply crunch continued across the globe, while falling temperatures in China revived concerns over whether the world's biggest energy consumer can meet domestic heating needs. The Brent crude benchmark rose 75 cents to settle at $85.08 a barrel. U.S. West Texas Intermediate (WTI) futures rose 52 cents to settle at $82.96 a barrel. Prices have been climbing the last two months. Since the start of September, Brent has risen by about 19%, while WTI has gained around 21%. "Supply-demand balances show that the market is experiencing a supply deficit, which is spurring deep inventory draws and driving prices upwards," said Louise Dickson, senior oil markets analyst at Rystad Energy. "This market tightness is expected to extend into most of 2022, and crude oil supply will only catch up with crude demand by the fourth quarter of next year." With temperatures falling as the Northern Hemisphere winter approaches and heating demand increasing, prices of oil, coal and natural gas are likely to remain elevated, traders and analysts said. Colder weather already has started to grip China, with close to freezing temperatures forecast for northern areas, according to AccuWeather.com. The rising coal and natural gas prices in Asia are expected to cause some end-users to switch to lower-cost oil as an alternative.
Related Links
Back to index