Cybersecurity Snapshot: LockBit Gang Gets Knocked Down, as CISA Stresses Security of Water Plants

Check out how cyber agencies from multiple countries hit the LockBit ransomware group. Meanwhile, CISA wants water treatment plants to button up their cyber defenses. Plus, there’s a new generative AI governance checklist for tech and business leaders. And the White House seeks to boost ports' cybersecurity. And much more!

Dive into six things that are top of mind for the week ending February 23.

1 - LockBit ransomware gang disrupted in multinational cyber operation

LockBit, one of the world’s most destructive ransomware groups, just got dealt a powerful blow. And if you’re one of LockBit’s victims, help is on the way.

This week, cybersecurity agencies from multiple countries, led by the Cyber Division of the U.K.’s National Crime Agency (NCA), announced the seizure of LockBit’s infrastructure and the disruption of its operations.

The law enforcement agencies involved in this effort, dubbed Operation Cronos, obtained more than 1,000 decryption keys and will assist LockBit victims in their respective countries. In addition, LockBit decryption tools have been added to the “No More Ransom” website.

“As of today, LockBit are locked out. We have damaged the capability and most notably, the credibility of a group that depended on secrecy and anonymity,” NCA Director General Graeme Biggar said in the statement “International investigation disrupts the world’s most harmful cyber crime group.”

Over the past four years, thousands of victims have been hit by hackers affiliated with LockBit’s ransomware-as-a-service operation, resulting in billions of dollars, pounds and euros in ransom payments and recovery costs, the NCA said.

Specifically, the NCA seized control of:

• LockBit’s primary administration environment, where affiliates would craft and launch attacks
• The group’s public-facing “leak site” on the dark web, which LockBit used to threaten to publish victims’ data 

• The LockBit platform’s source code, along with a treasure trove of internal information about the group’s systems, activities and affiliates 

   

In collaboration with Europol and U.S. law enforcement agencies, several people have been either charged or arrested in the U.S. and Europe, and more than 200 cryptocurrency accounts frozen.

An interesting finding: LockBit’s systems still had data from victims who paid a ransom, proving that coughing up the money that ransomware gangs demand doesn’t guarantee they’ll delete it.

To get more details, check out:

• The NCA announcement “International investigation disrupts the world’s most harmful cyber crime group”
• Europol’s announcement “Law enforcement disrupt world’s biggest ransomware operation”
• The U.S. Justice Department’s announcement “U.S. and U.K. Disrupt LockBit Ransomware Variant”

For more information about ransomware prevention, trends and best practices, check out these Tenable resources:

• “CVE-2023-20269: Zero-Day Vulnerability in Cisco Adaptive Security Appliance and Firepower Threat Defense Reportedly Exploited by Ransomware Groups” (blog)
• “FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang” (blog)
• “CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Vulnerability” (blog)
• “The Ransomware Ecosystem” (report)
• “Tenable’s Ransomware Ecosystem Report” (on-demand webinar)

2 - CISA, EPA and FBI urge water plants to bolster cybersecurity

With cyberthreats to water treatment plants in the spotlight, the U.S. government has released a fact sheet with security measures these facilities should take as soon as possible.

The guide “Top Cyber Actions for Securing Water Systems” outlines these eight steps that organizations in the water and wastewater systems (WWS) sector can take to reduce cyber risk and increase cyber resilience:

• Lower the exposure to the public internet of critical operational technology (OT) and IT assets, such as OT controllers
• Regularly assess the cybersecurity posture of OT and IT assets, and prioritize remediation 
• Change default passwords immediately and replace them with unique, complex ones
• Create an inventory of OT and IT assets
• Make and test incident response and recovery plans
• Back up IT and OT systems
• Reduce your exposure to vulnerabilities via regular software updates, patching and mitigation
• Provide cybersecurity awareness training to the staff at least once a year

The two-page guide, jointly issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Environmental Protection Agency (EPA), also points readers to freely available resources.

For more information about protecting water and wastewater systems from cyberattacks:

• “Keep the Water Flowing for the DoD: Securing Operational Technology from Cyberattacks” (Tenable)
• “Water system attacks spark calls for cybersecurity regulation” (CSO)
• “Water utility cyberattacks underscore ongoing threat to OT” (Cybersecurity Dive)
• “Protecting Public Water Systems from Cyberattacks” (Tenable)
• “Engineering Cybersecurity into U.S. Critical Infrastructure” (Harvard Business Review)

3 - OWASP publishes GenAI governance guide for org leaders

Here’s a guide that might interest business and tech chiefs eager to ensure their organizations develop and deploy generative AI securely and responsibly.

The “LLM AI Cybersecurity & Governance Checklist,” which OWASP published this week, is aimed at business, privacy, compliance, legal and cybersecurity leaders, among others, tasked with setting guardrails for their organization’s generative AI use.

The goal: Help them stay abreast of AI developments so that their organizations will reap business success from their generative AI use while avoiding legal, security and regulatory pitfalls.

“These leaders and teams must create tactics to grab opportunities, combat challenges, and mitigate risks,” reads the document, which was created by the same OWASP team in charge of the group’s “OWASP Top 10 for LLM Applications” list.

Areas covered by the checklist include:

• Adversarial risk
• Threat modeling
• Asset inventorying
• Security and privacy training
• Legal and regulatory considerations

For more information about using generative AI responsibly and securely:

• “Considerations for Implementing a Generative Artificial Intelligence Policy” (ISACA)
• “What every CEO should know about generative AI” (McKinsey & Co.)
• “A CISOs Guide: Generative AI and ChatGPT Enterprise Risks” (Team8)
• “Guidelines for secure AI system development” (U.S. and U.K. governments)
• “Security Implications of ChatGPT” (Cloud Security Alliance)

VIDEO

Gen AI: New Age of Governance (World Economic Forum)

4 - White House seeks to strengthen ports’ cybersecurity

The Biden administration this week issued an executive order and outlined steps intended to boost the cyber defenses of U.S. ports and other components of the country’s Marine Transportation System (MTS), whose operations heavily rely on digital systems.

It’s critical to protect the MTS from cyberattacks, as it supports $5.4 trillion of economic activity annually, contributes to the employment of 31 million Americans and supports almost 95% of cargo entering the U.S., the White House said in the fact sheet titled “Biden-⁠Harris Administration Announces Initiative to Bolster Cybersecurity of U.S. Ports.”

“America’s prosperity is directly linked to maritime trade and the integrated network of ports, terminals, vessels, waterways, and land-side connections,” reads the fact sheet.

Specifically, the “Executive Order on Amending Regulations Relating to the Safeguarding of Vessels, Harbors, Ports, and Waterfront Facilities of the United States” bolsters the Department of Homeland Security’s authority to address MTS cyberthreats.

For example, the U.S. Coast Guard will have the authority to require that vessels and waterfront facilities fix dangerous cyber conditions; and to inspect vessels and facilities suspected of posing a cyberthreat. The Coast Guard will also propose new regulations to better protect the MTS from cyberattacks.

While in all likelihood the Coast Guard has had the authority to step in and address cyber risks posed by vessels, the executive order makes this plainly clear, as Marty Edwards, Tenable's Deputy CTO of OT and IoT, told CSO Online.

“I think there’s some clarification here to make sure that the word cybersecurity is explicitly called out,” Edwards said. “Because too many times we’ve seen where organizations will say, oh, well, it doesn’t say cyber, so that means I don’t have to do it for cyber.”

 To get more details, check out:

• The “Executive Order on Amending Regulations Relating to the Safeguarding of Vessels, Harbors, Ports, and Waterfront Facilities of the United States”
• The “Biden-⁠Harris Administration Announces Initiative to Bolster Cybersecurity of U.S. Ports” fact sheet
• The Coast Guard statement “Executive Order Expands Coast Guard Authorities to Address Maritime Cyber Threats”
• The transcript of the press conference announcing the executive order

5 - IBM: Hackers dial up attacks against identities

You could call it an identity crisis.

Successful cyberattacks carried out using a compromised identity rose sharply in 2023, according to IBM’s “2024 X-Force Threat Intelligence Index” report, released this week. Specifically, there was a 71% increase in the use of stolen credentials to gain initial access to valid enterprise accounts. 

It’s the first time in the report’s history that this attack vector ranks first as cybercriminals’ preferred initial access method – tied with phishing. Each method accounted for 30% of all incidents to which the IBM X-Force unit responded last year.

Why the rise in use of stolen credentials? With so many available on the dark web, it’s a low-hanging fruit that allows attackers to log into valid accounts, instead of having to hack their way in, according to the report.

“Yet this ‘easy entry’ for attackers is hard to detect, requiring a complex response from organizations to distinguish between legitimate and malicious user activity on the network,” reads a blog about the report.

The “X-Force Threat Intelligence Index” report is primarily based on IBM’s monitoring of 150 billion security events per day in 130-plus countries.

6 - U.S. House forms AI task force, plans report

And there’s yet another report on the proper and secure use of AI on the way, this time from a newly formed U.S. House of Representatives task force.

The “Task Force on Artificial Intelligence,” which was announced this week, has 24 members – 12 from each party. It has been tasked with producing a report that offers principles, recommendations and policies for AI usage.

It’s the latest move by the U.S. government to find ways to make sure that AI is used securely and responsibly, as the technology’s adoption surges among individuals and businesses.

To get more details, read the AI task force’s announcement.

For more information about AI regulation:

• “AI regulation remains unclear one year after ChatGPT launch” (Yahoo Finance)
• “EU lawmakers pass landmark artificial intelligence regulation” (CNBC)
• “AI Regulation is Coming: What is the Likely Outcome?” (Center for Strategic & International Studies)
• “The three challenges of AI regulation” (The Brookings Institution)
• “Artificial Intelligence 2023 Legislation” (National Conference of State Legislatures)