Cyber Risk Update 1 DEC 2023
This is a selection of this week's events. For more news and advisories, check out our discord server. CIKR Cyber Sentinels discord server. This server is focused on cybersecurity collaboration with critical infrastructure stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V
Incidents
The Municipal Water Authority of Aliquippa confirmed on Saturday that one of their booster stations had fallen victim to a cyber-attack orchestrated by an Iranian-backed cyber group. https://industrialcyber.co/industrial-cyber-attacks/iranian-hacker-group-cyberav3ngers-allegedly-breach-municipal-water-authority-of-aliquippa/
One of the cybercrime underground's more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned. https://krebsonsecurity.com/2023/11/id-theft-service-resold-access-to-usinfosearch-data/
CBS News: Cyberattack on Pittsburgh-area water authority sends alarms to Department of Homeland Security (11/27) https://www.cbsnews.com/pittsburgh/news/municipal-water-authority-of-aliquippa-cyberattack-u-s-department-of-homeland-security
When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. But today, Okta revised that impact statement, saying the attackers also stole the name and email address for nearly all of its customer support users. https://krebsonsecurity.com/2023/11/okta-breach-affected-all-customer-support-users/
Dollar Tree hit by third-party data breach impacting 2 million people https://www.bleepingcomputer.com/news/security/dollar-tree-hit-by-third-party-data-breach-impacting-2-million-people/
Becker's Hospital Review: CISA warned Ardent of cyber threat day before ransomware discovery (11/29) https://www.beckershospitalreview.com/cybersecurity/cisa-warned-ardent-of-cyber-threat-day-before-ransomware-discovery.html
Awareness
(JANUARY 21 - 27, 2024) The Data Privacy Week 2024 Champions Toolkit will be released in the coming weeks! Pre-register to receive your toolkit here. https://staysafeonline.org/programs/data-privacy-week/
Featured Articles
Things to Put into Your Risk Registry:
Part 1 - Building an Effective Risk Registry https://www.learnsecurity.org/single-post/part-1-building-an-effective-risk-registry
Part 2, Looking at Non-Traditional Cyber Risks https://www.learnsecurity.org/single-post/part-2-looking-at-non-traditional-cyber-risks
Cyber Insurance: Trends & Challenges https://www.learnsecurity.org/single-post/cyber-insurance-trends-challenges
AI
CISA and UK NCSC Unveil Joint Guidelines for Secure AI System Development https://www.cisa.gov/news-events/alerts/2023/11/26/cisa-and-uk-ncsc-unveil-joint-guidelines-secure-ai-system-development
Harnessing AIOps for IT Operations and Management https://www.govinfosecurity.com/harnessing-aiops-for-operations-management-a-23683
8 Tips on Leveraging AI Tools Without Compromising Security. AI tools can deliver quick and easy results and offer huge business benefits — but they also bring hidden risks. https://www.darkreading.com/vulnerabilities-threats/8-tips-on-leveraging-ai-tools-without-compromising-security
Why sensitive data shouldn't be used to train AI. One of the best ways to preserve the privacy of sensitive data is removing it from the dataset used to train AI, writes Jeff White of Gravy Analytics. That suggestion regarding data privacy and 19 others in this article were submitted by members of the Forbes Technology Council. https://www.forbes.com/sites/forbestechcouncil/2023/11/28/ensuring-data-privacy-20-best-practices-for-businesses-in-the-ai-age/
TTP and Malware
Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections https://thehackernews.com/2023/11/experts-uncover-passive-method-to.html
Atomic Stealer malware strikes macOS via fake browser updates https://www.bleepingcomputer.com/news/security/atomic-stealer-malware-strikes-macos-via-fake-browser-updates/
Security Boulevard: CISA: Threat Groups are Targeting Unitronics PLCs in Water Systems (11/30) https://securityboulevard.com/2023/11/cisa-threat-groups-are-targeting-unitroncis-plcs-in-water-systems
Attackers could abuse Google's SSO integration with Windows for lateral movement. Compromised Windows systems can enable attackers to gain access to Google Workspace and Google Cloud by stealing access tokens and plaintext passwords. https://www.csoonline.com/article/1249843/attackers-could-abuse-googles-sso-integration-with-windows-for-lateral-movement.html
North Korean hackers mix code from proven malware campaigns to avoid detection. Threat actors are combining RustBucket loader with KandyKorn payload to effect an evasive and persistent RAT attack. https://www.csoonline.com/article/1249379/north-korean-hackers-mix-code-from-proven-malware-campaigns-to-avoid-detection.html
Cyber Criminals
Black Basta ransomware made over $100 million from extortion https://www.bleepingcomputer.com/news/security/black-basta-ransomware-made-over-100-million-from-extortion/
Cyber Insurance
Federal Cyber Insurance Backstop Is Warranted With Focus on Catastrophic Risk https://www.insurancejournal.com/news/national/2023/11/28/749640.htm
U.S. officials and insurers plan to meet in April to discuss how a federal cyber insurance backstop could work. https://www.wsj.com/articles/cyber-insurers-warn-catastrophic-hacks-will-require-government-help-645a2b41
Vulnerabilities
Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access https://thehackernews.com/2023/11/design-flaw-in-google-workspace-could.html
ICS/OT Congressmen Ask DOJ to Investigate Water Utility Hack, Warning It Could Happen Anywhere https://www.securityweek.com/congressmen-ask-doj-to-investigate-water-utility-hack-warning-it-could-happen-anywhere/
Zyxel warns of multiple critical vulnerabilities in NAS devices https://www.bleepingcomputer.com/news/security/zyxel-warns-of-multiple-critical-vulnerabilities-in-nas-devices/
Google cloud environment flaw lets attackers access critical data, systems https://www.scmagazine.com/news/google-cloud-environment-flaw-lets-attackers-access-critical-data-systems
On the Bright Side
Ransomware Affiliate Group Dismantled in International Law Enforcement Operation https://www.hipaajournal.com/ransomware-affiliate-group-dismantled-ukraine/
Nation States
Hamas-Linked APT Wields New SysJoker Backdoor Against Israel. Gaza Cybergang is using a version of the malware rewritten in the Rust programming language. https://www.darkreading.com/cyberattacks-data-breaches/hamas-linked-apt-wields-new-sysjoker-backdoor-against-israel
A hacker group linked to Iran that has been attempting to disrupt and intimidate Israeli companies and government offices said it would pause during the temporary stop in fighting between Israel and Hamas. https://www.wsj.com/articles/hackers-targeting-israeli-businesses-say-they-will-pause-as-fighting-stops-8d3e6935
Phone service to Israeli police, fire departments and other essential services were down as of Tuesday morning, local time, due to a suspected cyberattack. https://www.jpost.com/breaking-news/article-775438
North Korean hackers are targeting software and technology supply chains through unpatched vulnerabilities, U.K. and South Korea cybersecurity officials warned Monday. https://www.securityweek.com/uk-korea-warn-of-dprk-supply-chain-attacks-involving-zero-day-flaws/
AI Helps Uncover Russian State-Sponsored Disinformation in Hungary. Researchers used machine learning to analyze Hungarian media reports and found Russian narratives soured the nation's perspective on EU sanctions and arms deliveries months before the Ukraine invasion. https://www.darkreading.com/cybersecurity-analytics/ai-helps-uncover-russian-state-sponsored-disinformation-in-hungary
Is China waging a cyber war with Taiwan? Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports. https://www.csoonline.com/article/1250513/is-china-waging-a-cyber-war-with-taiwan.html
Cyber News: Pennsylvania water facility hit by Iranian hackers (11/29) https://cybernews.com/security/pennsylvania-water-facilities-hit-by-iranian-hacker
Awareness
Security Boulevard: Holiday Season Cyberattacks: What to Watch Out For (11/30) https://securityboulevard.com/2023/11/holiday-season-cyberattacks-what-to-watch-out-for
Guidance
Batten down the hatches: it’s time to harden every facet of your Windows network. Gone are the days when a protected OS kept the bad guys out. Hardening authentication, the help desk, and log files in place is now needed to beat the bad guys. https://www.csoonline.com/article/1248963/batten-down-the-hatches-its-time-to-harden-every-facet-of-your-windows-network.html
When does it make sense to pay the ransom? https://www.scmagazine.com/perspective/when-does-it-make-sense-to-pay-the-ransom
The Register: Locking down Industrial Control Systems (11/30 https://www.theregister.com/2023/11/30/locking_down_industrial_control_systems
How to maintain a solid cybersecurity posture during a natural disaster. Fire, flood, eathquake, hurricane, tornado: natural disasters are becoming more prevalent and they’re a threat to cybersecurity that isn’t always on a company’s radar. Here are some ways to prepare for the worst. https://www.csoonline.com/article/1249508/how-to-maintain-a-solid-cybersecurity-posture-during-a-natural-disaster.html
Inside Cybersecurity: CISA previews launch of tool to help organizations implement cyber performance goals guidance (Paywall) (11/29) https://insidecybersecurity.com/daily-news/cisa-previews-launch-tool-help-organizations-implement-cyber-performance-goals-guidance
Odds and Ends
10 Holiday Gifts For Stressed-Out Security Pros. These office giving-friendly fidgets, stress balls, brain teasers, and more are perfect to calm the most harried cybersecurity professionals. https://www.darkreading.com/endpoint-security/10-holiday-gifts-for-stressed-out-security-pros
NATO members test cyber defenses as wartime hacking threats rise. The exercises simulate cyberattacks on operational technology in the energy grid and water facilities. https://www.wsj.com/articles/nato-holds-cyber-defense-exercise-as-wartime-hacking-threats-rise-aef08a27
Comments