SBN

A Toast to the Cybersecurity Incidents of 2021

Let’s take a Cyber Drink to 2021  

Cybersecurity professionals have been put in the spotlight this year. We applaud your hard work and service to protect society as the threats only get more sophisticated and the consequences become more frightening. Gone are the days when cybersecurity could operate in a silo. It’s now a business problem that requires collaboration between both public and private industry. It takes a village to improve security.  As we all embark on more conversations about cybersecurity improvement, we have compiled our first-ever annual cocktail book as we look back and reflect on the year and encourage collaboration for a safer 2022. We encourage everyone to get together (remotely or in-person) over a drink to reflect on the year and prepare for what’s ahead.  

Tropical Hurricane 

Event: SolarWinds

Event Description and Security Insights 

  • Existing vulnerabilities in the SolarWinds platform were used to install malware into a federal government and private user base. 

Recipe 

  • 1 oz Southern Comfort 
  • 1 oz Bacardi Rum 
  • 1 oz Myer’s Dark Rum 
  • 2 oz Orange Juice 
  • 2 oz Pineapple Juice  
  • Splash of Grenadine (optional) 
  • Pineapple wedge and/or cherry to garnish  
  • Combine the spirits and juices in an ice filled cocktail shaker. Cover, shake well, and strain into an ice filled Hurricane glass.  
  • *Non-alcoholic version, replace southern comfort and rum with 3 oz of sparkling water.  

Taste Notes 

  • An unpredictable explosion of tropical flavor that can lift even the most sedentary folks off their seats.  

Security Conversations 

  • Just like the path of a Hurricane is unpredictable, the supply chain implications and consequences of the SolarWinds attack created panic and uncertainty. Some ice breaker questions include: 
    • What is the impact of such an event?  
    • Will my insurance policies protect me?  
    • How can I protect against third party cyber risk?

The Re-hydrator  

Event: Oldsmar 

Event Description and Security Insights 

  • Remote access hijack attempted to change chemical concentration in water treatment facility.  

Recipe 

  • ¼ cup blue sanding sugar 
  • ¼ cup kosher salt 
  • (1) 20-ounce bottle Cool Blue Gatorade 
  • 1 cup thawed frozen limeade concentrate 
  • 1/3 cup blue curacao 
  • Fresh orange slices for serving  
  • Mix the sugar and the salt in a shallow dish. Wet the rims of 4-6 rocks glasses with water and then dip in the sugar-salt mixture to coat 
  • Combine the sports drink, limeade concentrate, tequila and blue curacao in a large pitcher and stir. Fill the rock glasses with ice, pour the margarita over and garnish each with an orange slice.  
  • *Non-alcoholic version:  replace curacao with Sprite or 7up 

Taste Notes 

  • Goes down smooth with a strong finishing kick. Gatorade was designed to balance the electrolyte balance in the human body and prevent dehydration.  

Security Conversation Commentary 

  • 2022 will be the year when water and wastewater infrastructure will be under more intense security. As you sip on your Re-hydrator, some  
    • How do we build a cybersecurity program that ensures the necessary visibility and monitoring to similar threats? 
    • How can we architect remote access to industrial facilities more safely? 
    • What other cyber risks scenarios in our water treatment facility should we prepare for? 

Sticky Sincerity   

Event: Microsoft Exchange Server  

Event Description and Security Insights 

  • Exploited flaws in software (unpatched) enabled hackers to access email of 30,000 organizations across the US 

Recipe 

  • 1 oz spiced rum 
  • ½ fl. Oz butterscotch liqueur  
  • ½ fl. Oz caramel toffee liqueur  
  • Champagne 
  • Add rum, butterscotch, and caramel toffee liqueur. Top up slowly with champagne. 

Taste Notes 

  • Thick and bubbly with a touch of familiarity.  

Security Conversation Commentary 

  • According to Volexity President Steven Adair said the company first saw Nation State attackers quietly exploiting the Exchange bugs on Jan. 6, 2021, a day when most of the world was glued to television coverage of the riot at the U.S. Capitol. On March 2, Microsoft released emergency security updates. The hackers aggressively increased their campaigns, and targeted unpatched systems.  
    • How can we patch better and reduce time to action? 
    • How can we better detect exploits related to these events? 

The Sting 

Event: DC Metro Police Data Breach  

Event Description and Security Insights 

  • The Babuck cybercrime syndicate hacked into the Washington DC Police Department, locked up files, and taunted to disclose confidential data such as the identity of paid informants, if ransomware payment was not met. To accelerate negotiations, the gang published profiles of five officers including health data.  

Recipe 

  • 7 Oranges 
  • 4 Carrots 
  • A generous pinch of black pepper 
  • A generous pinch of turmeric  
  • 2 inches of fresh ginger root 
  • 1 teaspoon of coconut oil  
  • Juice all ingredients. For an extra kick add a handful of muddled mint leaves and sir vigorously.

Taste Notes 

  • Take your tastebuds on a rollercoaster ride: an unexpected explosion of sweet, sour, and spicy. 

Security Conversation Commentary 

  • At what point is paying a ransom to cybercriminals undisputable? 
    • When confidential health records such as psychological assessments are at stake. 
    • When human lives will be put in danger if the information is disclosed.  

 

Please let us know how you like these drink recipes. We wish everyone a happy and health 2022. If you’d like to send in a drink recommendation, please e-mail them to: [email protected] 

*** This is a Security Bloggers Network syndicated blog from Axio authored by Axio. Read the original post at: https://axio.com/insights/a-toast-to-the-cybersecurity-incidents-of-2021/