25/01/22

Critical Infrastructure Daily Brief

Critical Infrastructure Daily Brief

**UNCLASSIFIED **

(U) STIC is providing this information to our partner agencies for situational awareness. This document contains information obtained from open source information. While STIC has gone to great lengths to verify the information found in open source documents on the internet, this information may not be accurate.

 

Situational Awareness

Authorities said at least one person is dead and another is in critical condition following an explosion at a factory on Friday in the Village of Hampshire, located in Kane County. It happened on the 300 block of Industrial Drive at W.R. Meadows, a factory that manufactures asphalt and concrete products. The two workers were cleaning the top of a tank with items used to make products when the explosion occurred. CBS 2’s Sabrina Franza reported two employees were cleaning a tank that holds an unknown chemical.

 

A Cook County judge set bail at $850,000 Sunday for a south suburban Ford Heights woman charged in connection with a fire earlier this month at Walmart in Lansing. Heather Weedon has been charged with felony arson and misdemeanor retail theft, according to a spokeswoman for the Cook County State's Attorney's Office. Additional information about her arrest wasn't immediately available. According to Lansing authorities, on Jan. 7, firefighters responded to the Walmart along Torrence Avenue and discovered "two separate fire areas" within the building. Through an investigation, police and fire authorities determined the fires were intentionally set and began searching for those responsible. A similar incident was reported three days later when multiple fires occurred at the Meijer in Highland, Indiana. According to police, the fires were likely set as a distraction by shoplifters. Following the incident, authorities released surveillance photos of two potential suspects and announced a reward in hope of finding those responsible. While Weedon has been charged in connection with the Walmart fire, it's unclear if anyone has been arrested for the fire at the Meijer store in Highland.

 

Intel has selected a 1,000-acre site in New Albany, Ohio, to be its third major US chipmaking location, with construction beginning this year and operations starting in 2025. Intel has committed to spend $20 billion on two chip fabrication facilities, or fabs, but ultimately expects a total of eight fabs in a plan that could reach $100 billion.

 

A lone gunman wounded several people at a lecture theater in the southwestern German city of Heidelberg on Monday, police said. Police said in a brief statement that the perpetrator was dead, but didn’t give details of how that happened. They had earlier asked people on Twitter to avoid the Neuenheimer Feld area of Heidelberg, where the city’s university campus is located. Police didn’t specify how many people were wounded, or how seriously, and there was no information on their identities or that of the suspected shooter. The university’s press office declined to give any details on the shooting and referred all inquiries to police. Police said the weapon used in the shooting was a long-barreled firearm. Heidelberg is located south of Frankfurt and has about 160,000 inhabitants. Its university is one of Germany’s best-known.

 

The United States is discussing the deployment of American military forces to Eastern Europe with its NATO allies, a senior administration official said Monday, as President Joe Biden weighs options for responding to Russian threats against Ukraine. With Moscow massing more than 100,000 troops at its neighbor's border and no diplomatic breakthrough in sight, the West is stepping up its response amid mounting fears an invasion could be imminent. Conversations are underway with NATO countries that could receive U.S. military forces as part of a plan to deter Russian President Vladimir Putin’s aggression, the official said. NATO said Monday that it was sending ships and fighter jets to Eastern Europe and that Washington “has also made clear that it is considering increasing its military presence in the eastern part of the Alliance.” Biden was briefed by Defense Secretary Lloyd Austin on Saturday about U.S. options for responding if Russia invades Ukraine, as well as options for U.S. military movements in advance of an invasion, according to a defense official and a senior administration official. Among the options presented for the U.S. military in advance of an invasion were bomber flights over the region, ship visits into the Black Sea and the moving of troops and some equipment from other parts of Europe into Poland, Romania and other countries neighboring Ukraine. Austin presented options to reassure NATO allies and reinforce their defenses, specifically the defenses of those countries bordering Ukraine, the officials said. The goal is to show unity and strength within NATO and deter Russian aggression against allies in the region, the officials said.

 

Cybersecurity

This week, the Cybersecurity and Infrastructure Security Agency (CISA) added seventeen actively exploited vulnerabilities to the 'Known Exploited Vulnerabilities Catalog. The 'Known Exploited Vulnerabilities Catalog' is a list of vulnerabilities that have been seen abused by threat actors in attacks and that are required to be patched by Federal Civilian Executive Branch (FCEB) agencies. "Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise," explains CISA. "BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information." The vulnerabilities listed in the catalog allow threat actors to perform a variety of attacks, including stealing credentials, gaining access to networks, remotely executing commands, downloading and executing malware, or stealing information from devices. With the addition of these 17 vulnerabilities, the catalog now contains a total of 341 vulnerabilities and includes the date by which agencies must apply security updates to resolve the bug.

 

Since December 2021, a growing trend in phishing campaigns has emerged that uses malicious PowerPoint documents to distribute various types of malware, including remote access and information-stealing trojans. According to a report by Netskope’s Threat Labs shared with Bleeping Computer before publication, the actors are using PowerPoint files combined with legitimate cloud services that host the malware payloads. The families deployed in the tracked campaign are Warzone (aka AveMaria) and AgentTesla, two powerful RATs and info-stealers that target many applications, while the researchers also noticed the dropping of cryptocurrency stealers.

 

The malware that wiped dozens of government computer systems in Ukraine starting on Jan. 13 shares some strategic similarities to to the NotPetya wiper that was used to attack Ukraine in 2017 and ended up causing nearly $10 billion in damages worldwide, researchers said Friday. The analysis, from Cisco’s Talos threat intelligence division, says that the NotPetya episode should serve as warning that any organization with connections to Ukraine should “carefully consider how to isolate and monitor those connections to protect themselves from potential collateral damage.” The warning comes as the military buildup along the Ukraine border with Russia continues and worries that Russia is planning to invade its neighbor, a claim the Russian government denies. On Jan. 14 roughly 80 Ukrainian government agencies’ websites were defaced, garnering headlines around the world. Although that attack was relatively simple and the sites were restored in short order, malware known as WhisperGate wiped seven workstations at one computer agency and a combination of workstations and servers at a second agency, a Ukrainian government official told cybersecurity journalist Kim Zetter.

 

Energy

Colonial Pipeline Co. sent a wave of panic from Texas to New Jersey last spring when company executives decided how they would respond to hackers: They shut down the pipeline, cutting off the flow of gasoline and other fuels to the East Coast. Colonial CEO Joseph Blount testified before Congress that the decision had to be made. Had the insidious form of malware traveled from Colonial’s business computers to the pipeline’s control technology, Blount said, all bets were off. Gas shortages that lasted a week could have stretched for months. The decision in May to close a major fuel spigot set off alarm bells across the energy sector. The hack affecting Colonial’s 5,500-mile pipeline system provided a stark reminder of how easily a group of online criminals, looking to make an easy buck, could undermine the U.S. energy system. Colonial — 2021’s most striking example of America’s vulnerability in the digital age — set the stage for a 2022 that could bring significant changes to government oversight and industry self-policing. For years, energy companies of all stripes have resisted government cybersecurity mandates. That is beginning to change in the post-Colonial era. The Biden administration launched several initiatives aimed at beefing up the capacity of federal agencies to manage the threat against critical infrastructure. Biden appointed Chris Inglis as the national cyber director, tasked with coordinating U.S. cybersecurity strategy. And the White House issued an executive order revamping federal digital defense. Here are four cybersecurity trends to keep an eye on in 2022:

 

Healthcare

Covid cases are rising rapidly among US nursing home residents and staff, causing shortages in admissions, exacerbating bed shortages at hospitals in turn, and in some cases requiring the national guard to be called in. The Omicron wave has sent many staff home sick at care facilities and rehabilitation centers that offer round-the-clock medical care. As a result, hospitals that would normally release patients into such stepped-down care are now holding off, creating a backlog of patients stuck in hospital.

 

Brian James Kunsman of Philadelphia was indicted for allegedly bringing a pipe bomb inside the emergency room at St. Luke’s University Hospital in the Fountain Hill section of the City of Bethlehem. According to United States Attorney Jennifer Arbittier Williams, Kunsman was charged by Indictment with one count of possession of an unregistered destructive device and one count of being a felon in possession of an explosive. The Indictment alleges that in October 2021, an attending nurse discovered that Kunsman had brought the homemade destructive device in his backpack while he was a patient at the emergency room. Following the discovery, the emergency department of the hospital was evacuated for a two-hour period and all incoming trauma patients had to be diverted to other local hospitals.

Related Links


Back to index