CISA and NSA Publish BMC Hardening Guidelines

The US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released joint guidance on hardening Baseboard Management Controllers (BMCs).

Published on Wednesday, the document aims to address the overlooked vulnerabilities in BMCs, which can serve as potential entry points for malicious actors seeking to compromise critical infrastructure systems.

Read more on similar attacks: NCSC Warns of Destructive Russian Attacks on Critical Infrastructure

For context, BMCs are essential components embedded in computer hardware that facilitate remote management and control. They operate independently of the operating system and firmware, ensuring seamless control even when the system is powered down. 

However, because of their high privilege level and network accessibility, these devices make them attractive targets for malicious actors.

The joint guidance emphasizes the importance of taking proactive measures to secure and maintain BMCs effectively, adding that many organizations fail to implement even minimum security practices.

These shortcomings could result in BMCs being used by threat actors as entry points for various cyber-attacks, such as turning off security solutions, manipulating data or propagating malicious instructions across the network infrastructure.

To address these concerns, CISA and NSA recommend several key actions. These include protecting BMC credentials, enforcing VLAN separation, hardening configurations and performing routine BMC update checks.

Further, the agencies said organizations should also monitor BMC integrity, move sensitive workloads to hardened devices, use firmware scanning tools periodically and treat unused BMCs as potential security risks.

Read the full story here.

Sussex PCC denies CCTV could be switched off

The Sussex Police & Crime Commissioner has denied the county’s CCTV could be switched off from April.

Katy Bourne was questioned during a meeting of the Police & Crime Panel about problems with the renewal of a contract with service provider BT.

According to a police spokesman, BT has only offered a one-year fixed price contract rather than the three-year contract which had been expected.

Ms Bourne said an inspector was working on the issue full-time and that “nobody’s going to get switched off”.

The meeting also heard a “significant price increase” was forecast on the £250,000 per year already being paid, due to upgrades being made to the circuit technology.

Ms Bourne said: “The contract is BT’s. If they decide they don’t want to renew, they don’t have to renew – we can’t force them.

“They’ve agreed a price. It’s their price and we can’t afford it, effectively.

“My understanding, having spoken with the team in Sussex Police, is that nobody’s going to get switched off, so let’s just allay that concern.”

Read the full story here.

Ransomware Attacks Are on the Rise, Again

Ransomware attacks tumbled in 2022, offering hope that the tide was turning against the criminal gangs behind them. Then things got a whole lot worse.

Amid a concerted effort by global law enforcement to crack down on ransomware attacks, payments to hackers and even the volume of attacks fell in 2022. But the trend doesn’t seem to be holding for 2023, and attacks have shot up again.

Data from cryptocurrency tracing firm Chainalysis indicates that victims have paid ransomware groups $449.1 million in the first six months of this year. For all of 2022, that number didn’t even reach $500 million. If this year’s pace of payments continues, according to the company’s data, the total figure for 2023 could hit $898.6 million. This would make 2023 the second biggest year for ransomware revenue after 2021, in which Chainalysis calculates that attackers extorted $939.9 million from victims.

The findings track with general observations from other researchers that the volume of attacks has spiked this year. And they come as ransomware groups have become more aggressive and reckless about publishing sensitive and potentially damaging stolen information. In a recent attack against the University of Manchester, hackers directly emailed the UK university’s students telling them that seven terabytes of data had been stolen and threatening to publish “personal information and research” if the university didn’t pay up.

“We think as a result of their budgetary shortfalls in 2022 we’ve seen these more extreme extortion techniques, ways to kind of twist the knife,” says Jackie Burns Koven, head of cyber threat intelligence at Chainalysis. “In 2022 we were very surprised to find that decline. Then we talked to external partners—incident response firms, insurance companies—and they all said, yeah, we’re paying less, and we’re also seeing fewer attacks.”

Read the full story here.

EchoPoint distributed acoustic sensors introduced for intrusion detection

FIBER SENSYS, itself part of the OPTEX Group, has launched EchoPoint distributed acoustic sensors for advanced intrusion detection across even the highest-level security sites.

Dubbed the latest evolution in fiber optic sensing technology, the new EchoPoint sensors make use of intelligent detection algorithms to provide point detection of +/- 6 metres in a range of up to 100 km. This highly accurate and reliable detection renders the sensors ideal for larger perimeters and high security sites, such as airports, logistics centres, railway networks and critical infrastructure, and to protect data conduits and pipelines, where being able to locate and identify the precise point of intrusion is critical.

Thanks to their highly advanced pattern-recognition classification algorithm, the sensors are able to distinguish between common causes of false and nuisance alarms, such as wildlife and environmental conditions, and genuine intrusion attempts. The system is also immune to electromagnetic interference, radio frequency interference and lightning.

The flexibility and versatility of the EchoPoint sensors is such that they can be operated across multiple applications and installed on fences, buried or commissioned in a hybrid layout. When mounted on a fence, the sensors can identify someone cutting the fence or attempting to climb it. When buried, the system can differentiate between footsteps, manual and machine digging and vehicle movements.

To meet the individual needs of every site, the EchoPoint sensors features intelligent software zoning. This means different detection zones can be configured. End users have the ability to independently adjust the sensitivity and output within each zone, thereby helping to provide maximum capture rates and minimise nuisance alarms.

Read the full story here.