08/12/21
Critical Infrastructure Daily Brief
Statewide Terrorism & Intelligence Center
Critical Infrastructure Daily Brief
**UNCLASSIFIED **
(U) STIC is providing this information to our partner agencies for situational awareness. This document contains information obtained from open source information. While STIC has gone to great lengths to verify the information found in open source documents on the internet, this information may not be accurate.
Situational Awareness
Surveillance video shows a person using a sledgehammer to destroy a gaming machine at an Illinois bar. Joe Rakers, the owner of Lenjo’s Bar in Pocahontas, believes the person was looking for money. Rakers said the bar was a mess when he visited the establishment on Monday. “He’s a grinch,” Rakers said of the suspect. “Hopefully we’ll find them.” Rakers shared the surveillance images on the bar’s Facebook page. His business was not the only one targeted in recent weeks. Frank’s Corner Kitchen in Beckemeyer recently shared a video from a similar crime on Oct. 30. Authorities say another business in Fayette County was also targeted. Rakers believes sharing the surveillance video will lead to an arrest. He said, “You’re going to get caught sooner or later.”
A major outage in Amazon's cloud computing network Tuesday severely disrupted services at a wide range of U.S. companies for more than five hours, the latest sign of just how concentrated the business of keeping the internet running has become. The incident at Amazon Web Services mostly affected the eastern U.S., but still impacted everything from airline reservations and auto dealerships to payment apps and video streaming services to Amazon's own massive e-commerce operation. That included The Associated Press, whose publishing system was inoperable for much of the day, greatly limiting its ability to publish its news report. Amazon has still said nothing about what, exactly, went wrong. In fact, the company limited its communications Tuesday to terse technical explanations on an AWS dashboard and a brief statement delivered via spokesperson Richard Rocha that acknowledged the outage had affected Amazon's own warehouse and delivery operation but said the company was “working to resolve the issue as quickly as possible.” Roughly five hours after numerous companies and other organizations began reporting issues, the company said in a post on the AWS status page that it had “mitigated” the underlying problem responsible for the outage, which it did not describe. It took some affected companies hours more to thoroughly check their systems and restart their own services.
The recently signed federal Infrastructure Investment and Jobs Act includes about $3 billion for dam safety, modernization and removal, as well as for hydropower projects. While that sum is not enough to cover all needed repairs and upgrades for the nation's aging dams, it does mark a significant uptick in funding, according to experts. The act addresses problematic dams in three ways: rehabilitating them for safety and efficiency, retrofitting them to enhance electricity production and protect marine wildlife, and removing the ones that no longer provide much benefit and harm the environment. There are over 91,000 dams in the U.S., and they are used for flood protection, hydropower, water supply, irrigation, mining and recreation. As of 2019, about 15,600 of them are classified as high-hazard-potential structures — meaning their failure would likely result in a loss of human life and property damage, according to the American Society of Civil Engineers (ASCE). About 2,300 have been labeled "deficient" and in urgent need of repairs. Rehabilitating all of the nation’s high-hazard dams could cost over $20 billion, according to an Association of State Dam Safety Officials report. As for removing dams, the cost is unique to the project and can vary widely, so it's difficult to predict exactly how far the money will go. Nonetheless, it is clear that the act provides for a massive and much-needed increase in funds.
Cybersecurity
US universities are being targeted in multiple phishing attacks designed to impersonate college login portals to steal valuable Office 365 credentials. The lures used in the latest campaigns include COVID-19 Delta and Omicron variants and various themes on how these allegedly impact the educational programs. These campaigns are believed to be conducted by multiple threat actors starting in October 2021, with Proofpoint sharing details on the tactics, techniques, and procedures (TTPs) used in the phishing attacks.
The rapid spread of Emotet via TrickBot and its behavior since the malware resurfaced last month could signal that a spate of ransomware attacks are on the way, spurring researchers to warn organizations to buckle up and get ready. In mid-November, a team of researchers from Cryptolaemus, G DATA and AdvIntel revealed that they had observed the TrickBot trojan launching what appears to be a new loader for the notorious Emotet, which has been called “the world’s most dangerous malware.” Now Emotet has been observed directly installing Cobalt Strike beacons on infected devices, warned Cryptolaemus, a global group of security experts, on Twitter. This behavior can give threat actors direct access to install ransomware on target systems, researchers said.
SonicWall 'strongly urges' organizations using SMA 100 series appliances to immediately patch them against multiple security flaws rated with CVSS scores ranging from medium to critical. The bugs (reported by Rapid7's Jake Baines and NCC Group's Richard Warren) impact SMA 200, 210, 400, 410, and 500v appliances even when the web application firewall (WAF) is enabled. The highest severity flaws patched by SonicWall this week are CVE-2021-20038 and CVE-2021-20045, two critical Stack-based buffer overflow vulnerabilities that can let remote unauthenticated attackers execute as the 'nobody' user in compromised appliances. Other bugs patched by the company on Tuesday enable authenticated threat actors to gain remote code execution, inject arbitrary commands, or upload crafted web pages and files to any directory in the appliance following successful exploitation. However, the most dangerous one if left unpatched is CVE-2021-20039. This high severity security issue can let authenticated attackers inject arbitrary commands as the root user leading to a remote takeover of unpatched devices. Luckily, SonicWall says that it hasn't yet found any evidence of any of these security vulnerabilities being exploited in the wild.
Energy
In her first Illinois swing as a member of President Joe Biden’s Cabinet, Energy Secretary Jennifer Granholm will visit, among other places, the Braidwood Nuclear power plant and Fermilab on Thursday and Friday. Her stops, which will also include an event with Gov. J.B. Pritzker, are part of the Biden administration’s push to send Cabinet members on the road to highlight local benefits of the new Infrastructure law and to bolster support for the pending Build Back Better measure, with massive provisions for social and climate change programs. On Thursday, Granholm, a former Michigan governor, will tour the Gar Creek solar project in Kankakee and meet with local union workers and local residents in Kankakee County and visit the Braidwood plant, 20 miles southwest of Joliet. On Friday, she hits Fermilab in Batavia, the national particle physics and accelerator laboratory. Pritzker and Democratic House members from Illinois, Rep. Lauren Underwood, Rep. Bill Foster and Rep. Bobby Rush, the chair of the Energy and Commerce Committee’s Energy subcommittee, will join her.
Related Links
Back to index