SAFECOM Cybersecurity Advisory – BlackMatter Ransomware, GPS Bug, and VPN Solutions
October 27, 2021
We would like to bring attention to the following alerts and notifications that may require action by your organization:
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) released a joint Cybersecurity Advisory (CSA) on BlackMatter Ransomware. Since July 2021, malicious cyber actors have used BlackMatter ransomware to target multiple U.S. critical infrastructure entities. To reduce the risk of BlackMatter ransomware, CISA, FBI, and NSA encourage organizations to implement the recommended mitigations in the joint CSA and visit StopRansomware.gov for more information on protecting against and responding to ransomware attacks.
Critical Infrastructure owners and operators who obtain Coordinated Universal Time (UTC) from Global Positioning System (GPS) devices, should be aware of a GPS Daemon (GPSD) bug in GPSD versions 3.20 (released December 31, 2019) through 3.22 (released January 8, 2021). On October 24, 2021, Network Time Protocol (NTP) servers using bugged GPSD versions 3.20–3.22 may roll back the date 1,024 weeks – to March 2002 – which may cause systems and services to become unavailable or unresponsive. CISA urges affected critical infrastructure owners and operators to ensure systems that use GPSD to obtain timing information from GPS devices are using GPSD version 3.23 (released August 8, 2021) or newer editions to ensure operational continuity.
NSA and CISA have released the cybersecurity information sheet Selecting and Hardening Standards-based Remote Access VPN Solutions to address the potential security risks associated with using Virtual Private Networks (VPNs). Remote-access VPN servers allow off-site users to tunnel into protected networks, making these entry points vulnerable to exploitation by malicious cyber actors. The information sheet helps organizations select standards-based (rather than proprietary) VPN solutions and provides hardening guidance to prevent compromise and respond to attacks. Organizations are encouraged to review and adopt recommendations in the information sheet to reduce risk.
Cybersecurity and Infrastructure Security Agency
Defend Today Secure Tomorrow