International Fraud Awareness Week is observed globally and aims to raise awareness of fraud through fraud prevention campaigns and education.

Operational Technology (OT) has become a very common talking point around the Cyber Advisors office. For starters, let’s define OT.

OT is industrial level control systems that are typically outside of the IT realm. Some examples of OT are Energy Grids, video recording systems, security badges/fobs, elevators, fire sprinkler systems, and gas pipelines. Many of these systems are IoT based. Some are much more industrial based such as PLC controls for turning a switch on and off.

On Monday, September 13th Google released security updates for the Chrome web browser to address a total of 11 security issues, two of which are zero-days actively being exploited in the wild. Chrome users are advised to update to the latest version (93.0.4577.82 or later) for Windows, Mac, and Linux by heading to Settings > Help > 'About Google Chrome' to mitigate the risk associated with the flaws. 

The Department of Defense recently implemented the Cybersecurity Maturity Model Certification (CMMC) to regulate cybersecurity preparedness across the federal government’s defense industrial base (DIB). Cyber Advisors is an approved Registered Provider Organization (RPO) in the CMMC ecosystem and provides advice, consulting, and recommendations to clients to help you navigate the CMMC. Cyber Advisors helps prepare our customers for CMMC readiness but does not conduct Certified CMMC assessments ourselves. 

It's hard to believe that it has been almost one year since the Department of Defense implemented the Cybersecurity Maturity Model Certification (CMMC) to regulate cybersecurity preparedness across the federal government’s defense industrial base (DIB) and implemented it's interim rule to NIST SP 800-171. This is intended as a bridge to get federal contractors out of the inefficiencies of the past and into the new maturity model. The window of time to full compliance is closing fast - If your organization does DoD work for a government contractor, Cyber Advisors is here to help. 

Cyber Advisors is an approved Registered Provider Organization (RPO). The RPOs and RPs in the CMMC ecosystem provide advice, consulting, and recommendations to clients to help you navigate the CMMC. Cyber Advisors helps prepare our customers for CMMC readiness but does not conduct Certified CMMC assessments ourselves. 

The Department of Defense recently implemented the Cybersecurity Maturity Model Certification (CMMC) to regulate cybersecurity preparedness across the federal government’s defense industrial base (DIB). If your organization does DoD work for a government contractor and didn't know the rules changed in 2020, it is time to get to work.

Although the timeline for CMMC certification will depend on the size of your organization and the requirements listed in the contract with your DoD contractor, if you are dealing with a Prime contractor you may have to achieve CMMC level 3 or higher more quickly than you'd like.

Tune into our YouTube Channel for a special on CMMC with Paul Beasley and Joe Moline! The interview highlights what CMMC is, who needs it, how Cyber Advisors is positioned to help companies through the process of getting CMMC certified, and breaks down the CMMC framework and levels. https://www.youtube.com/watch?v=f_DtvKHCjNY 

Cyber Advisors is an approved Registered Provider Organization (RPO). The RPOs and RPs in the CMMC ecosystem provide advice, consulting, and recommendations to clients to help you navigate the CMMC. Cyber Advisors helps prepare our customers for CMMC readiness but does not conduct Certified CMMC assessments ourselves. Please find our profile below: https://cmmcab.org/marketplace/cyber-advisors-inc/

The country’s largest fuel pipeline was breached resulting in shutting down operations for multiple days. An estimated 100 gigabytes of data were stolen which was used for ransomware. The total effect has yet to be calculated but a surge in gasoline price was in effect in the eastern seaboard after operations were shut down. The FBI confirmed that a threat actor group in Russia identified as Darkside was behind the ransomware.

A new ransomware strain called "Qlocker" is targeting QNAP network-attached storage (NAS) devices as part of an ongoing campaign and encrypting files in password-protected 7zip archives. But it appears that “Qlocker” is not the only strain that's being used to encrypt NAS devices, what with threat actors deploying another ransomware named "eCh0raix" to lock sensitive data.

Check out more info on Qlocker Ransomware on our reference link, The Hacker News:

• https://thehackernews.com/2021/04/new-qnap-nas-flaws-exploited-in-recent.html

Verizon’s annual data breach investigation report (DBIR) released their report for 2021. A total of 29,207 quality incidents were reviewed, of which 5,258 were confirmed breaches.