Archive for July 25, 2022

TSA Releases Revised Cybersecurity Requirements For Oil And Gas Pipelines

Posted in Commentary with tags on July 25, 2022 by itnerd

The Transportation Security Administration on Thursday issued revised cybersecurity directives for oil and gas providers more focused on performance-based measures. This following extensive input from federal regulators and private industry stakeholders in the wake of the May 2021 ransomware attack on Colonial Pipeline.

Chris Clymer, Director & CISO, Inversion6 had this comment:

When a cyberattack took the Colonial Pipeline offline and caused gas shortages all up and down the east coast of the US, an inevitable question was “How can this happen?”  Even more perplexing for cybersecurity professionals was learning that rather than following under the well-established NERC-CIP security framework which covers most of the energy sector, the pipelines had actually been related to the authority of the TSA.  This is far from TSA’s area of expertise, but to their credit they had put some guidelines out before the incident…unfortunately, these were simply guidelines, not required.

It is extremely welcome news to see that the US’s most competent cybersecurity agency, CISA, has dove into the fray and helped TSA to establish new requirements…and that they have been made just that:  requirements.  As we’ve seen over and over unfortunately, cybersecurity investments are neglected in virtually every vertical without outside pressure.  Pipelines should be in better shape because of this attack.  The question now:  what other important infrastructure is sitting out there, falling into the political cracks and being neglected as a result?

Companies beyond the oil and gas sector should look at this guidance as it will provide a roadmap as to how they can protect themselves from attacks of all sorts. Because everyone these days is a target of cybercrime and cyberattacks.

Leave a comment »

Town Of St. Mary’s Ontario Pwned By LockBit Ransomware Group

Posted in Commentary with tags on July 25, 2022 by itnerd

The Verge is reporting that the Town of St. Mary’s Ontario has apparently become the latest victim of the LockBit ransomware group:

In a phone call, St. Marys Mayor Al Strathdee told The Verge that the town was responding to the attack with the help of a team of experts.

“To be honest, we’re in somewhat of a state of shock,” Strathdee said. “It’s not a good feeling to be targeted, but the experts we’ve hired have identified what the threat is and are walking us through how to respond. Police are interested and have dedicated resources to the case … there are people here working on it 24/7.”

Strathdee said that after systems were locked, the town had received a ransom demand from the LockBit ransomware gang but had not paid anything to date. In general, the Canadian government’s cybersecurity guidance discouraged the paying of ransoms, Strathdee said, but the town would follow the incident team’s advice on how to engage further.

Screenshots shared on the LockBit site show the file structure of a Windows operating system, containing directories corresponding to municipal operations like finance, health and safety, sewage treatment, property files, and public works. Per LockBit’s standard operating methods, the town was given a deadline by which to pay to have their systems unlocked or else see the data published online.

Small towns are now the target of groups like LockBit as it’s thought that they can’t defend themselves as well as big cities. Eddy Bobritsky, CEO, Minerva Labs had this comment:

Without the proper security software it can be very difficult to recover from a ransomware attack without paying the ransom. Ransomware attacks often lie in the network for months before activating, which means that if you’re relying on backups to recover, chances are you’ve also backed up the ransomware itself. So as soon as you restore the backup, you’ll just get reencypted straight away. Without proactive ransomware prevention software, this process becomes very tedious and ineffective.

The more positive news is that essential municipal services like transit and water systems are still up and running, and the town is attempting to unlock their systems and restore backup data. So there may be a way out for them. But this incident illustrates that everyone needs to be on guard so that they don’t get pwned.

1 Comment »

Review: Creative Live! Mic M3 Microphone

Posted in Products with tags on July 25, 2022 by itnerd

Creative has launched a microphone that’s aimed those who want to up their Zoom or Teams game and those who want to up their podcasting or live-streaming game. The microphone in question is the Creative Live! Mic M3 and it’s priced at an incredibly low $69.99 USD. But don’t let the price fool you. As I am about to explain, this is a very good microphone. Let’s have a look at it:

From a looks perspective, it looks like a typical studio microphone. What comes in the box is as follows:

  • A sturdy table stand that has a bit of weight to it
  • Mic mount
  • Magnetic pop filter
  • USB-A to Micro USB (which in the age of USB-C is a bit of a fail)
  • The screw mount supports 1/4-inch and 5/8-inch sizes which allows for a variety of mounting options

On the bottom is a headphone jack which is where I plugged in a pair of Creative Aurvana Trio LS in ear headphones that I will be posting a review on tomorrow. On the front you can see a blue light which indicates that the microphone is live. If that light is red, it means you’re muted. On the front you have a volume control knob, and a mute switch. On the back there is polar switch knob which allows you to switch between the two polar patterns on offer – cardioid (for single person recordings) and omni (for multiple person recordings). I’m going to stop here to point out why this feature matters. This option is seldom found in anything other than premium microphones because it requires additional microphone pickups to be built into the microphone. That suggests to me that Creative found a way to do this without increasing the price so that consumers have options as to how they can use the mic. Well played Creative.

Now all of that is good, but what you care about is how this microphone sounds. With that in mind, I did a test recording so that you can be a judge of what it sounds like:

This is very good sound quality. There’s no distortion, and it doesn’t alter my voice. In a quiet environment, I would have no problem recommending this microphone to record a podcast or for use with Zoom or Teams. Which is how I used it in the two weeks that I tested this microphone as according to those who were part of Zoom or Teams meetings, the audio quality was impressively good. The only things that I will point out is that first, it will pick up pretty much every noise in your environment. For example, it picked up my wife typing on her keyboard 3 feet behind me. The second is that if you accidentally bump your desk while using this microphone, it will pick it up. If you’re mindful of both of those things, this microphone is a total win. And at the price point that microphone is being offered at, I have no problem recommending this microphone to anyone who wants to start a podcast, do some live-streaming or up their Zoom or Teams game.

Leave a comment »