<a href="https://www.bleepingcomputer.com/news/security/cisa-warns-of-attacks-targeting-internet-connected-ups-devices/?utm_source=hs_email&amp;utm_medium=email&amp;_hsenc=p2ANqtz-8FsP10Tq5U2yQQoRlpojpIuE1bEehEXxJC7s3zApXPScGRCu817Rla8CCzO0VofbuFuIiC">BleepingComputer reports</a> that threat actors have launched ongoing attacks aimed at internet-connected uninterruptible power supply devices, which are being leveraged as emergency power backup solutions in data centers, server rooms, industrial facilities, and hospitals.

The <a href="https://www.scmagazine.com/analysis/application-security/senate-bill-would-team-up-cisa-and-hhs-to-improve-health-cybersecurity/">Cybersecurity and Infrastructure Security Agency</a> and the Department of Energy warned in a joint advisory that such attacks involve the exploitation of unchanged default credentials.

"Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet," the agencies said.

Organizations have been recommended to identify all UPSs used in their network and ensure that they are not connected to the internet but those who cannot avoid connecting the systems to the internet should leverage a virtual private network and leverage stronger passwords and multi-factor authentication.

The advisory also urged organizations to adopt login timeout/lockout policies to better defend UPSs and other systems from attacks.

<a href="https://www.bleepingcomputer.com/news/security/cisa-warns-of-attacks-targeting-internet-connected-ups-devices/?utm_source=hs_email&amp;utm_medium=email&amp;_hsenc=p2ANqtz-8FsP10Tq5U2yQQoRlpojpIuE1bEehEXxJC7s3zApXPScGRCu817Rla8CCzO0VofbuFuIiC">BleepingComputer reports</a> that threat actors have launched ongoing attacks aimed at internet-connected uninterruptible power supply devices, which are being leveraged as emergency power backup solutions in data centers, server rooms, industrial facilities, and hospitals.
The <a href="https://www.scmagazine.com/analysis/application-security/senate-bill-would-team-up-cisa-and-hhs-to-improve-health-cybersecurity/">Cybersecurity and Infrastructure Security Agency</a> and the Department of Energy warned in a joint advisory that such attacks involve the exploitation of unchanged default credentials.
&#8220;Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet,&#8221; the agencies said.
Organizations have been recommended to identify all UPSs used in their network and ensure that they are not connected to the internet but those who cannot avoid connecting the systems to the internet should leverage a virtual private network and leverage stronger passwords and multi-factor authentication.
The advisory also urged organizations to adopt login timeout/lockout policies to better defend UPSs and other systems from attacks.

SC Media

Device Security

Architecture

Feds: UPS devices targeted in ongoing attacks

Brief

Related Events

Earn up to 6.5 CPE credits by attending this virtual event.



Extended detection and response (XDR) is often touted as the next evolution in cybersecurity &#8212; enabling the seamless collection and correlation of data across multiple security layers. Its proponents assert that XDR, when coupled with automated analysis,&nbsp;will speed up investigations for security analysts&nbsp;and expedite attack remediation. This is potentially bad news for&nbsp;stealthy attackers who currently try to hide between security silos and disconnected solution alerts, while overwhelmed security analysts struggle to triage and investigate alerts.&nbsp;



Still,&nbsp;XDR&nbsp;may not be the answer for everyone. Some organizations may stick with classic endpoint detection and response (EDR) until the&nbsp;XDR&nbsp;market shakes out, while others may choose to contract with an external managed detection and response (MDR) provider.



Join SC Media on April 26-27 for this interactive learning program that will feature experts on XDR and will cover topics, including:



<ul><li>Fostering a healthy relationship with your MDR service provider</li><li>Selling XDR to the CEO and board: Is your pitch business-aligned?</li><li>XDR Market Analysis from a Venture Capital Perspective</li><li>Detection rejection: Malware techniques designed to bamboozle your detection &amp; response</li><li>Results from CyberRisk Alliance’s&nbsp;XDR&nbsp;Research Survey</li><li>XDR’s potential effect on the security workforce</li><li>Malware techniques designed to trick your detection &amp; response</li></ul>



<h2>Featured Speakers</h2>



<div style="height:35px" aria-hidden="true" class="wp-block-spacer"></div>



<figure class="wp-block-image size-full"><img width="650" height="550" src="https://files.scmagazine.com/wp-content/uploads/2022/04/ContentBlock2-01-2.png" alt="" class="wp-image-226306" srcset="https://files.scmagazine.com/wp-content/uploads/2022/04/ContentBlock2-01-2.png 650w, https://files.scmagazine.com/wp-content/uploads/2022/04/ContentBlock2-01-2-300x254.png 300w" sizes="(max-width: 650px) 100vw, 650px" /></figure>



<div style="height:38px" aria-hidden="true" class="wp-block-spacer"></div>



DAY 1 | April 26&nbsp;



10:45 AM ET&nbsp; Program Opens&nbsp;



&nbsp; 11:00 AM ET&nbsp; KEYNOTE | The XDR learning curve: How technology impacts your security workforce, Jon France, CISO with (ISC)2



As more businesses jump on the XDR solution bandwagon, the day-to-day workflow that SOC analysts and other security staffers experience may change in ways both subtle and blatant. This workforce-centric session will examine which special skills XDR will emphasize or deemphasize, and how more automation and integration across platforms will change security professionals’ user experience and responsibilities.&nbsp;



11:30 AM ET&nbsp; Demystifying XDR, Sam Adams VP Detection &amp; Response, Rapid7&nbsp;Allie Mellen, SecOps Analyst with Forrester&nbsp;



The changing nature of threats, combined with staffing shortages, is causing increased disorder in the security world. The good news? Extended Detection and Response (XDR) has the potential to address these industry-wide issues and help teams unlock more efficiency in the SOC. Recently, Rapid7’s VP of Detection and Response Sam Adams joined Forrester SecOps Analyst Allie Mellen to ‘demystify’ XDR.&nbsp;



&nbsp; 12:00 PM ET&nbsp;



Secure Access Best Practices to Minimize Risk of a Breach, Ganesh Umapathy, Product Marketing Manager with Cisco Duo



Stolen credentials and unpatched software are common attack vectors used by cybercriminals in many types of attacks including ransomware. Organizations have invested in security tools such as MFA, EDRs, MDMs, VPNs and more to mitigate these attacks. But security tools need to be supported with simple processes and great usability for maximum security efficacy. In this session, Duo Security Product Marketing Manager Ganesh Umapathy will share the best practices implemented by Cisco to enable secure endpoint access for a global remote workforce, providing the best experience for productivity without compromising on security.



&nbsp; 12:30 PM ET&nbsp; Detection and Response with Google Chronicle, and launch of Threat Perception, Chris Martin, Senior Security Specialist with Chronicle&nbsp;



Learn how Google Chronicle enables customers to accelerate their threat detection, investigation and response program, and drive towards achieving critical security outcomes. Dive into how our customers are using Threat Perception, our latest capability, to enhance their security posture and act on prioritization of alerts with risk scoring&nbsp;



&nbsp; 1:00 PM ET &nbsp; BREAK | Visit Solutions Center&nbsp;



&nbsp; 1:15 PM ET&nbsp;



Research Session



2:00 PM ET&nbsp; &nbsp; Beat the Clock: How to Accelerate Threat Hunting With XDR, Andrew Mundell, Enterprise Security Engineer with Sophos&nbsp;



To carry out the most efficient threat hunts, defenders need multiple sources of telemetry and a simple way of acquiring and analyzing data from all of them. Join this session to hear the differences between XDR and SIEM-based threat hunts and learn how XDR can reduce the amount of time to detect and respond to potential threats. We’ll cover best practices and cautions from real-world experiences, as well as preventative measures and investigations that you can start today.&nbsp;



2:30 PM ET&nbsp;



Powerful Outcomes: Why XDR Matters in 2022, Mark MacDonald, Senior Manager, Product Marketing with eSentire&nbsp;



XDR promises powerful outcomes. It can normalize and correlate data across your entire attack surface, enabling highly effective threat detection and investigation. XDR also works to block high fidelity threats, automating the threat detection and remediation process.&nbsp;



&nbsp; 3:00 PM ET&nbsp; KEYNOTE | Fostering a healthy relationship with your MDR service provider&nbsp; Curt Aubley, Cyber and Strategic Risk Groups Managing Director with Deloitte&nbsp;



Organizations that delegate something as critical as detection and response to an external service provider may worry that they are giving up too much control when it comes to their network security. And yet due to budgetary or talent shortfalls, they may have little choice. That’s why it’s so important to properly communicate expectations and priorities with your managed detection and response (MDR) provider. This eSummit session will look at how to get the most out of your MDR partnership throughout the duration of the provider-client relationship.&nbsp;



<div style="height:37px" aria-hidden="true" class="wp-block-spacer"></div>



DAY 2 | April 27&nbsp; &nbsp; 10:45 AM ET&nbsp; Program Opens&nbsp;



&nbsp; 11:00 AM ET&nbsp; KEYNOTE | Selling XDR to the CEO and board: Is your pitch business-aligned? Candy Alexander, CISO with ISSA&nbsp;



New technology concepts can be a hard sell. Corporate executives who control your company’s budget may not fully understand the concept behind a nascent cyber solution or be convinced of the return on investment. For instance, certain nuances of XDR technology may not be easy to explain – including how it differentiates itself from the traditional EDR solution you perhaps currently employ. So how does one win buy-in from non-tech-savvy C-level executives and the board of directors? By demonstrating how the technology aligns with business objectives. This session will look at how to simplify and define XDR for upper executives, how to convey its strategic benefits, and how to measure and report your solution&#8217;s impact after implementation.&nbsp;



11:30 AM ET&nbsp; Implementing XDR to Detect Threats and Stop Attackers, Mark Alba, Chief Product Officer with Anomali&nbsp;



The “cat-and-mouse” game between Attackers and Defenders is as old as the LoveLetter virus. While script-kiddies have matured to become cybercriminals, hacktivists, and state-sponsored adversaries, sometimes it feels like the Defenders are stuck in 1999. We deploy anti-virus solutions, monitor the perimeter, and wait and see. Yes, today’s security technology is “NextGen,” “2.0,” and “Meta,” but the concept is the same. Set the trap and wait to be attacked.&nbsp;



&nbsp; 12:00 PM ET&nbsp; Solving for X with XDR: Widening the Aperture for Better Rapid Detection, Investigation and Response, Ken Westin, Director, Security Strategy with Cybereason



There has been a lot of buzz around Extended Detection and Response (XDR) as an evolution of Endpoint Detection and Response (EDR), however definitions of what comprises an effective XDR solution vary depending on who you ask. The dramatic changes to IT infrastructure as organizations accelerate their migration to the Cloud while still relying on traditional on-premises security architecture has increased telemetry volumes and the complexity of correlating threat intelligence across disparate environments to make accurate detections early in the attack sequence. In this session we will discuss the evolution of security from the endpoint to across the entire IT ecosystem, from legacy antivirus to EDR, and now from EDR to XDR. We will show how detection use cases and workflows that previously required complex syntax queries and manually configured SIEM and SOAR solutions can be automated and streamlined with XDR for rapid detection, investigation and predictive response actions that move intervention further to the left in the attack sequence.



&nbsp; 12:30 PM ET&nbsp;



When XDR and Zero Trust Meet Forensics, Justin Tolman, Forensic Subject Matter Expert with Exterro&nbsp;



As the threat landscape and cyber skills gap expand, cybersecurity teams need to rely on software solutions that scale and evolve just as quickly. XDR has done just that and also nicely aligns with the recent government mandate requiring federal agencies and corporations that do business with federal agencies to adopt a Zero Trust security approach by 2024. DFIR capabilities can help to close the loop. Not only can DFIR do a deep dive and help prevent future threats by identifying missed IOCs and other vulnerable data, but it can also provide automation to already stretched teams, detect and mitigate insider threats and collect evidence properly.&nbsp;



1:00 PM ET&nbsp;



Break&nbsp;



&nbsp; 1:15 PM ET &nbsp;



 XDR Market Analysis from a Venture Capital Perspective, Bob Ackerman, Founder &amp; Managing Director with Allegis Cyber Capital, Dave DeWalt; Founder &amp; Managing Director with Night Dragon, Hank Thomas;&nbsp;CEO &amp; Founder with Strategic Cyber Ventures and Co-Founder, CTO &amp; Board of Directors Member with SCVX&nbsp;



Buzz and chatter around extended detection and response technology has increased rapidly since the term XDR was coined back in 2018. In just the last year, vendors have created two industry alliances designed to further develop the technology while creating shared frameworks, architectures and data exchange schemas. So how exactly is the XDR market shaking out? Where are we seeing progress and where is more effort needed? In this panel session, thought leaders in the cyber and venture capital space will address which XDR capabilities are for real, what are just buzzwords, and what the challenges are to XDR becoming a mature offering.&nbsp;



2:00 PM ET&nbsp;



Not Just for Large Enterprises: How XDR Can Benefit Lean Security Teams, George Tubin, Director Product Marketing with Cynet&nbsp;



Most large enterprise security teams are looking at XDR to integrate and coordinate multiple security technologies to improve staff efficiency and security outcomes. Can XDR also benefit companies with lean security teams that don’t have same breadth of security technologies in place as large enterprises?&nbsp;



&nbsp; 2:30 PM ET&nbsp; &nbsp;



Watch Your Blind Spots: How Mobile EDR is a Critical Component of XDR, Alex Gladd, Principal Product Manager, EDR/XDR with Lookout&nbsp;



While many organizations have comprehensive telemetry monitoring for servers, desktops, and laptops, they lack the same visibility for iOS, Android, and Chrome OS endpoints. As employees increase their use of mobile devices for work, attacks on these devices become more attractive. Indeed, we observed a sharp 37% increase in the rate of enterprise mobile phishing encounters that coincided with the start of the COVID-19 pandemic. To be effective at stopping data breaches, security teams need the same comprehensive monitoring for mobile endpoints that they have for traditional endpoints. This becomes even more important when implementing a comprehensive XDR solution, where a lack of mobile EDR signals leaves organizations with exploitable blind spots.



3:00 PM ET&nbsp;



Keynote| Detection rejection: Malware techniques designed to bamboozle your detection &amp; response. John Hubbard, Senior Instructor, Course Author &amp; Cyber Defense Curriculum Lead with SANS Institute.&nbsp;



Fileless malware. Obfuscation. Steganography. These are just a few of the methods used today by cybercriminals to hide their malicious code from detection and response solutions. This technical session will look at some of the most common evasion and anti-detection tricks used by cybercriminals today, and how organizations can effectively counter these tactics so that they are still able to spot and respond to the threat.&nbsp;

Threat intelligence

Incident response

Network security

Managed security

eSummit

XDR to the Rescue? How to improve detection and response

eSummit_ZeroTrust_448x275-02

Zero trust

Strategy

Application security

Identity and access

Risk management

Data security

Implementing a Zero Trust Architecture

Unmanaged endpoints like IoT devices represent a significant and growing risk surface. Network Detection and Response (NDR) solutions monitor network traffic to generate rich security evidence that enables asset inventory, vulnerability assessment and threat monitoring. In this presentation, experts from Corelight and Microsoft will walk you through how it works and how it can improve your security posture. 



Speakers:



<div class="wp-block-cra-webcast-speaker"><div class="speaker-wrap overflow -grid"><figure class="speaker-image"><img src="https://files.scmagazine.com/wp-content/uploads/2021/10/Ed-Smith.jpg" alt="Speaker"/></figure><div class="speaker-info"><div class="speaker-about">Ed SmithSenior Product Marketing ManagerCorelight</div><div class="speaker-description">Ed Smith is Senior Product Marketing Manager at Corelight and has eight years experience working in the cyber security industry representing IaaS, DevOps, and vulnerability management solutions, including his most recent roles as Director of Marketing at CloudPassage and Senior Product Marketing Manager at Tripwire.</div></div></div></div>



<div class="wp-block-cra-webcast-speaker"><div class="speaker-wrap overflow -grid"><figure class="speaker-image"><img src="https://files.scmagazine.com/wp-content/uploads/2021/10/Chris-Hallum.jpg" alt="Speaker"/></figure><div class="speaker-info"><div class="speaker-about">Chris HallumSenior Product ManagerMicrosoft</div><div class="speaker-description">Chris Hallum is a Senior Product Marketing Manager focusing on defining the roadmap for security and risk management technologies for commercial customers. Previously working on endpoint related prevention technologies and security posture management Chris has recently moved to work on Azure Defender for IoT. Chris has been at Microsoft for over 20 years and has worked in a number of product management and engineering roles within Windows and Azure.</div></div></div></div>



<div class="wp-block-cra-webcast-speaker"><div class="speaker-wrap overflow -grid"><figure class="speaker-image"><img src="https://files.scmagazine.com/wp-content/uploads/2021/08/Deb.jpeg" alt="Speaker"/></figure><div class="speaker-info"><div class="speaker-about">Deb RadcliffStrategic AnalystCyberRisk Alliance</div><div class="speaker-description">Deb Radcliff, strategic analyst with the CRA’s custom research program, is the first investigative journalist to make cybercrime a beat. In 2005, she stood up an analyst program for the SANS Institute, which she directed for fifteen years. Radcliff has won two Neal Awards for investigative reporting, and feels one of her crowning career moments was speaking at West Point Military Academy.</div></div></div></div>



Sponsored by:



<figure class="wp-block-image size-full"><img width="400" height="100" src="https://files.scmagazine.com/wp-content/uploads/2021/10/corelight-logo-1.jpg" alt="" class="wp-image-201407" srcset="https://files.scmagazine.com/wp-content/uploads/2021/10/corelight-logo-1.jpg 400w, https://files.scmagazine.com/wp-content/uploads/2021/10/corelight-logo-1-300x75.jpg 300w" sizes="(max-width: 400px) 100vw, 400px" /></figure>

Feds: UPS devices targeted in ongoing attacks

Related

New malware executes in powered-off iPhones

Novel Bluetooth LE relay attack detailed

Disruptions likely from Siemens building automation controller flaw abuse

Related Events

XDR to the Rescue? How to improve detection and response

Implementing a Zero Trust Architecture

Stopping IoT attacks using NDR