US Defense Industry Targeted with New USB-Based Ransomware Attacks

/0 Comments/in , /by

The FBI recently released a notice about cybercriminal group FIN7, according to a Bleeping Computer article, warning defense contractors to be wary of USB drives being sent through the mail. According to the notice, FIN7 is impersonating Amazon and the Department of Health & Human Services (depending on the target victim) in an effort to get them to plug in the USB drive.

The USB drives are “Bauds” or “Bad Beetle USB” devices with the Lily GO logo, and are commonly available for sale on the Internet. The drives register with the victim computer as a keyboard and include a wealth of hacker tools, including Metasploit, Cobalt Strike, Carbamic malware, the Griffon backdoor, and PowerShell scripts.

The goal of these drives is to infect networks with either BlackMatter or REvil ransomware.

This is a real-world form of targeted attack that uses the same social engineering we commonly see in phishing attacks. Users that undergo continual security awareness training are already aware they should not be plugging in unknown USB drives – especially those sent unsolicited.

These attacks could just as easily be turned into an access for sale attack, given the amount of control hackers have over the compromised endpoint. Be on guard.

Published by: KnowB4 CyberHeist News, 1/25/22

Download Data Breach Report from ITRC

/0 Comments/in , /by

Since 2005, the Identity Theft Resource Center (ITRC) has tracked publicly reported data breaches in the United States. What began as a collection of basic information has grown into a database of more than 13,900 data compromises that include up to 90 data points per event.

Now in its 16th year, the ITRC’s Data Breach Report for 2021 looks at the number of data compromises, the types of data compromised, the root causes of data compromises, and much more. The 2021 Data Breach Report also previews a new free service for consumers that alerts them in the event companies they select issue a data breach notice. Please visit https://notified.idtheftcenter.org/s/resource#annualReportSection to download a copy of the report PDF. For questions about the report, contact notifiedbyitrc@idtheftcenter.org.

The ITRC uses information voluntarily collected from you to communicate effectively and efficiently with you and to provide best-in-class services. The ITRC does not sell or share any information about individual users. For more details, read our privacy policy.

National Capital Region Security Forum Becomes Part of SIA

/0 Comments/in /by

The Security Industry Association (SIA) and the National Capital Region Security Forum (NCRSF) have announced that NCRSF will become part of SIA in 2022. SIA is the leading trade association for global security solution providers, with over 1,100 innovative member companies representing thousands of security leaders and experts who shape the future of the security industry. NCRSF (formerly the Northern Virginia Security Forum) is a community of security professionals and those associated with the industry who connect monthly to network and share leads and ideas.

NCRSF’s mission is to address issues facing the security industry in the federal market space. Founded in 2007 to bring together people in federal government and the D.C. security community, the organization serves a diverse set of companies, from Fortune 100 firms to many small and medium-sized businesses, and more than 1,000 security and government professionals throughout the United States. NCRSF works to foster a more robust discussion between the security needs of the federal government and the industry solutions available to them. The group has been led by Dan Connole, founder and president; Wayne Esser, vice president; and Dhira Bluestone, director of marketing and communications.

“Since its inception, the NCRSF has been relied upon by hundreds of industry professionals as a unique platform for networking within the federal market and as a reliable source of information about government procurement opportunities,” said SIA CEO Don Erickson. “SIA is honored to assume management of the NCRSF with the same unwavering level of commitment to our industry that has been demonstrated by Dan, Wayne and Dhira while also increasing the value of the Forum in the years ahead through expanded programs.”

“SIA and NCRSF have a cooperative alliance to promote the security industry and work together to make the world safer. The organizations have partnered to co-host networking events in the Washington, D.C., area and held events for security industry and government professionals in conjunction with SIA GovSummit, the nation’s premier conference connecting government, security and technology. It is an obvious next step to merge the NCRSF into SIA where the organization can evolve to the next level,” said NCRSF President Dan Connole.

NCRSF serves as an advocacy group for the security industry in the D.C. area within the federal marketplace, promotes proactive communication between the security industry and the federal end user community, provides a forum for the industry to collaborate and more effectively execute business opportunities and works closely with SIA to support its initiatives in and around the federal marketplace.

NCRSF’s key programs include:

  • Monthly evening networking events for security industry professionals held in the D.C., Maryland and Virginia area on the third Thursday of every month. These events are free to attend thanks to the support of industry sponsors.
  • A quarterly breakfast series in which NCRSF members and public-sector end users can discuss security needs and challenges.
  • An annual charity golf outing benefiting the Kennedy Krieger Institute Rehabilitation Center for Traumatic Brain Injuries.

The first NCRSF networking event of 2022 will be held on Thursday, Jan. 20, in northern Virginia. The 2022 charity golf outing is tentatively scheduled for Monday, Oct. 3. All security professionals in industry and government are invited to attend these events, which will follow NCRSF health and safety guidelines.

Cybersecurity Risk Management – Topic of NIST Virtual Series

/0 Comments/in , /by

NIST and the Center for Cybersecurity Policy and Law are pleased to invite you to the final event in a virtual series that will focus on the latest approaches to cybersecurity risk management. Over the last three virtual events, we have discussed international cybersecurity risk management standards and practices, supply chain risk management, and non-profit cybersecurity risk management. All these best practices come down to an ability to quantify the risks facing an organization and effectively and efficiently allocating resources to mitigate those cybersecurity risks. This session will bring together leaders from government and industry to discuss these important topics. It will feature speakers from NIST, CISA, and cybersecurity leaders from financial and healthcare sector. We hope you can join us for our final event in this series!

This virtual event will take place on January 27 from 11:30am-1:30pm EST.

Register here: https://www.eventbrite.com/e/cybersecurity-risk-management-virtual-event-series-part-4-tickets-242989878267

CIBC Shares Bitcoin Blog and Investment News

/0 Comments/in , /by

CIBC’s Private Wealth Chief Investment Officer, Dave Donabedian published a multi-part series that focuses on cryptocurrency developments.

Read part 1: The Buzz about Bitcoin, news about cryptocurrency is everywhere, as are stories of fortunes being made.  Bitcoin appeared seemingly out of nowhere, 11 years ago, and has since become the fastest-growing, best-performing asset/currency in the world.

Let’s pull back the curtain and learn more about this phenomenon.

Read part 2: Bitcoin is a phenomenon: But is it a good investment?   Here, we tackle the question of Bitcoin’s investment merits. We will get into the core investment questions around Bitcoin, but first it’s important for an investor to understand the type of investment something like Bitcoin represents in a portfolio.

 

Also, CIBC Private Wealth posts a 1-page monthly investment bulletin that highlights the key drivers impacting the financial markets in prior month (November) and the items to watch in next month (December).  CIBCs Investment Bulletin December 2021

Electronic Security Systems Market – Forecasts from 2021 to 2026 Released

/0 Comments/in /by

The following are topline results from Research and Markets latest security industry report:

– The electronic system security market was valued at US$46.167 billion in 2019 and is expected to grow at a CAGR of 11.28% over the forecast period to reach a total market size of US$95.442 billion in 2026

– One of the biggest markets in the technology segment is the surveillance market and it has tremendous growth prospects globally as well as in India

– Investments and new technology in electronic security are driving the market. In India, this sector has attracted strong investment in the form of FDI inflows. Companies in India are planning to invest in production, distribution, and R&D in the upcoming years

– The increase in terror activities globally has raised alarms for increasing the security services. For example, if we talk about terrorism, India ranks sixth out of 162 countries in terms of terrorism. The number of incidents of killing were 476 in 2018. 2019 recorded 1,787 terrorism-linked incidents

– Companies mentioned in this report include; FrontPoint Security Solutions, ADT LLC, Link Interactive, Vivint Inc., Zicom Electronic Security Systems Limited, Bosch Sicherheitssysteme GmbH, Protect America Inc., Axis Communications AB, Honeywell Security and A2 Systems LLC

Find out more:
Electronic Security Systems Market – Forecasts from 2021 to 2026

Virginia 757/948 Area Code Overlay Relief Implementation Committee Announcement

/0 Comments/in , , /by

Please see the attached information about the Virginia 757/948 area code overlay as it relates to actions that may need to be taken by providers of Alarm, Security, and Elevator equipment.

It is imperative that alarm, security, and elevator alarm companies reprogram alarm panels in their customers’ premises if they currently are programmed to dial out seven digits to reach the alarm monitoring bureau.  If they are dialing out seven digits now, they must be reprogrammed to dial out a ten-digit number which includes the 757 area code plus telephone number.

As co-chairs of the Industry’s Virginia 757/948 Area Code Overlay Relief Implementation Committee, we are pleased to share the attached information to advise your company of the start of mandatory 10-digit dialing on 4/9/2022.

This reminder notice is similar to the letters that were sent to you on May 15, 2021 and September 3, 2021.

If you have any questions, please contact us.

Laura Dalton and Nicole Febles

Co-Chairs for the VA 757/948 Area Code Overlay Industry Committee

Laura Dalton, Verizon                        Nicole Febles, T-Mobile
914-821-9686                                    973-960-0913

Laura.r.Dalton@verizon.com            nicole.febles@t-mobile.com

 

IACP Endorse Model Alarm Ordinance

/0 Comments/in , , /by

The International Association of Chiefs of Police (IACP) recently passed a resolution that endorses the Model Alarm Ordinance as a tool for promoting “bests practices” to achieve a reduction in alarm dispatches and recommends the ordinance to its 31,000 members in 165 countries.

The ordinance, already in use in approximately 1,000 jurisdictions, was developed and tested in a cooperative effort between the Security Industry Alarm Coalition (SIAC), the IACP, and the National Sheriffs’ Association.

The IACP resolution notes that the organization “recognizes the need for and value of enforcement tools and alarm management processes recommended in this Model Ordinance to achieve the desired reduction in alarm dispatches experienced by police agencies.”

“When fully implemented and enforced, the Model Ordinance results in an approximate 60% reduction or more in alarm dispatches,” said Stan Martin, SIAC Executive Director. “The ordinance focuses on the very small percentage of systems that cause problems for law enforcement and takes into account that 85% of alarm systems generate no dispatches in any given year.”

The Model Ordinance incorporates best practices that have proven to reduce calls for services, including:

  • ECC – Enhanced Call Confirmation (previously called Enhanced Call Verification or ECV) – Two calls to different numbers to determine the cause of the alarm and whether a dispatch is required. Video, audio, and other means of confirmation are also included in the referenced ANSI CS-V01 standard in the Model Ordinance.
  • Requiring Alarm Permits w/fees – Registration for security systems is critical for the effective management of alarm programs.
  • Limiting Free Responses/fines – Setting reasonable fines for alarm dispatches can be a significant deterrent to the occasional offender. Allowing a maximum of two free responses before incurring fines is advisable. Utilizing one free response will yield even higher dispatch reductions.
  • Ceasing Response to Chronic Abusers – The industry supports stopping response to the chronic abusers while including a reasonable appeal and restoration process.
  • Accepting Cancellations – Allowing calls to be canceled if originating party verifies response is not needed.

“SIAC recognizes and supports the importance of a strong relationship between law enforcement and the private sector,” said Martin. “As the industry’s voice on electronic security issues, SIAC is committed to continuing its decades-long collaboration with leading law enforcement organizations such as the IACP to support our shared mission to protect lives and property.”

Attend UL’s Building Innovation Summit, Aug. 31-Sept. 2

/0 Comments/in , , /by

UL will host UL’s Building Innovation Summit 2021 on Aug. 31 – Sept. 2, 2021. This virtual event is for the building material and construction industry covering various topics of interest for architects and consultants,  building owners, manufacturers, fire safety professionals, and associations.

The built environment industry is transforming faster in recent times, as the COVID-19 pandemic changed how the construction industry does business. New technologies and practices, stricter safety and security regulations will continue to bring challenges to industry professionals. Construction Industry trends will bring rapid changes in global markets.

This three-day virtual event will feature informative sessions given by UL safety experts on a range of topics impacting the built environment, safety, and security. Hear what industry experts have to say about:

  • Enhancing safety and security in uncertain times
  • Innovations for a brighter tomorrow
  • Building strong foundations for a safer future

TMA members are invited to join us for this three-day summit and register to book seats in advance via the link below.

REGISTER NOW: https://www.ul.com/events/building-innovation-summit-2021

Preview the program schedule for each day.

Important info – Companies Operating in 540 Area Code

/0 Comments/in , , /by

To: Security & Alarm Companies doing business in the State of Virginia 540 Area Code

View information for the Virginia 540/826 Area Code Overlay as it related to providers in the 540 Area Code.

The 540 and 826 area codes cover the northwestern and southwestern portions of Virginia. Some of the larger cities include Blacksburg, Christiansburg, Culpeper, Fredericksburg, Front Royal, Harrisonburg, Radford, Roanoke, Salem, Staunton, Waynesboro and Winchester.

As co-chairs of the Industry’s Virginia 540/826 Area Code Overlay Relief Implementation Committee, we ask that you read the attached information and distribute as needed within your organization.  We want to ensure all Alarm Companies and Security Providers have the information attached and are prepared with the dialing changes required.

If there are questions, you should reach out to your local service provider for more detailed information.

Co-Chairs for the VA 540/826 Area Code Industry Team:

Rita Schmitz, rita.schmitz@lumen.com

Chanda Brown, chanda.brown@verizon.com