Cyber Risk Update 1 SEP 2023

AI

• How your company might be using AI and not know it. If your enterprise is "thinking about" using generative AI, consider this from Forrester's principal analyst, Jeff Pollard: AI might have invaded tools already in use. In this video, Pollard says AI tools have been discreetly integrated into products already in use -- often without notifications or amendments to contracts. https://www.bankinfosecurity.com/thinking-deploying-generative-ai-you-may-already-have-a-22913

• Vendors Training AI With Customer Data is an Enterprise Risk. While Zoom has scrapped plans to harvest customer content for use in its AI and ML models, the incident should raise concerns for enterprises and consumers a like. https://www.darkreading.com/edge/vendors-training-ai-customer-data-enterprise-risk

• Walla Walla High School in Washington state integrates AI chatbots like ChatGPT into its curriculum, aiming to equip students for the digital age while navigating challenges of misinformation and privacy. Educators say they recognize the potential benefits of using chatbots for lesson planning and student learning, emphasizing the need for responsible usage and critical thinking. https://www.nytimes.com/2023/08/24/business/schools-chatgpt-chatbot-bans.html

Nation States

• North Korea’s Lazarus Group hits organizations with two new RATs. The internet backbone structure was among the targets of the campaign enabled by the new remote access trojans. https://www.csoonline.com/article/650413/north-koreas-lazarus-group-hits-organizations-with-two-new-rats.html

• China Unleashes Flax Typhoon APT to Live Off the Land, Microsoft Warns. The cyber-espionage group has created a stealthy, hard-to-mitigate network of persistent access across a range of organizations, but the endgame is unclear. https://www.darkreading.com/threat-intelligence/china-unleashes-flax-typhoon-apt-live-off-land-microsoft-warns

• A Chinese-linked hacking group that security researchers say disproportionately targeted government organizations in a recent global cyberattack deployed persistent methods to circumvent recovery efforts, according to a report released Tuesday. The cybersecurity firm Mandiant reported that the eight-month global espionage campaign was believed to have been carried out by UNC4841, a cybercriminal organization working in support of the Chinese government. https://www.nextgov.com/cybersecurity/2023/08/chinese-hackers-targeted-government-entities-and-thwarted-recovery-efforts-report-says/389842/

Incidents

• Met Police Officers at Risk After Serious Data Breach. Scotland Yard Probes Impact of Suspected Hack Attack Against Service Provider https://www.databreachtoday.com/met-police-officers-at-risk-after-serious-data-breach-a-22947

• "Operation Duck Hunt" is not likely to eliminate the initial access botnet forever, but the proactive removal of the malware from victim machines by law enforcement is one of the largest and most significant efforts of its kind. https://www.darkreading.com/threat-intelligence/sprawling-qakbot-malware-takedown-spans-700-000-infected-machines

• Meta Cripples China's Signature 'Spamouflage' Influence Op. The social media giant is taking on Dragonbridge, the "largest known cross-platform covert influence operation in the world." https://www.darkreading.com/application-security/meta-vs-china-social-giant-cripples-chinese-disinformation-apt

• CNN: University of Michigan shuts down school’s internet connections following ‘significant’ cybersecurity incident (08/29) https://www.cnn.com/2023/08/29/politics/university-of-michigan-cyber-incident-offline/index.html

• Powerful telescopes offline a month after cyberattack. The National Science Foundation, which detected suspicious behavior on its network Aug. 1, shut down the infrared Gemini North telescopes in Hawaii out of caution. The site remains down, as do Gemini South telescopes in Chile, which were undergoing maintenance. https://www.sciencealert.com/two-of-the-worlds-most-advanced-telescopes-remain-closed-following-cyberattack

Financial Impact

• Eight months after the cyberattack, the cloud hosting services company's remediation costs top $10 million as it tries to repair the damage caused by the Play ransomware gang. https://www.darkreading.com/remote-workforce/rackspace-massive-cleanup-costs-ransomware-attack

Reports (Trends)

• 2022 Unit 42 Incident Response Report https://www.databreachtoday.com/whitepapers/2022-unit-42-incident-response-report-w-11063

GRC Enterprise Risk Management

• WSJ (8-28-23): "Bonuses canceled: The board of directors of Australian health insurer Medibank Private canceled short-term bonuses for top executives after a major cyberattack. Chief Executive David Koczkar, Chief Financial Officer Mark Rogers and two other senior leaders must forgo a combined $3.6 million for fiscal 2023."

Trends

• Top 5 most abused brands by hackers. Unsurprisingly, Microsoft is the most commonly spoofed brand stopped by email security firm Abnormal Security so far this year. https://www.scmagazine.com/news/microsoft-most-impersonated-brand-in-phishing-attacks-again

• Security Magazine: Key takeaways from Black Hat 2023 (08/28) https://www.securitymagazine.com/articles/99828-key-takeaways-from-blackhat-2023

Hardware

• Dark Reading: Motherboard Mishaps Undermine Trust, Security (08/28) https://www.darkreading.com/vulnerabilities-threats/motherboard-mishaps-undermine-trust-security

Cyber Criminals

• 'Cuba' Ransomware Group Uses Every Trick in the Book. How a Russian cybercrime group using Cuban Revolution references and iconography has emerged as one of the most profitable ransomware operations https://www.darkreading.com/edge/cuba-ransomware-group-uses-every-trick-in-the-book

• Ransomware groups, like legitimate businesses, must adapt and change as they grow, in response to external pressures and trends. To survive, many large ransomware groups have adopted decentralized structures, said Yelisey Bohuslavskiy, chief research officer and partner with Red Sense. https://www.databreachtoday.com/how-ransomware-groups-respond-to-external-pressure-a-22931

• Enterprising, or simply lazy, cybercriminals are using Lockbit v3 to cut corners on ransomware. https://www.darkreading.com/remote-workforce/cybercriminals-harness-leaked-lockbit-builder-new-attacks

Water Waste Water

• The U.S. needs a water department, federal risk advisers say. The National Infrastructure Advisory Council, a public- and private-sector group that advises the Biden administration, recommended forming a cabinet-level water department to oversee cybersecurity, contamination and other risks to the sector under a national water strategy. At least 10 federal bodies and dozens of state and local authorities oversee the more than 150,000 facilities in the U.S. “This fragmentation of responsibility at the federal level makes it difficult to ascertain the country’s water needs and strategically prepare the nation for a water-secure future,” the council said. https://cyberscoop.com/niac-department-water-cybersecurity/

Malware & TTP

• WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams https://thehackernews.com/2023/08/wooflocker-toolkit-hides-malicious.html

• Hurricane scams blow in. Beware online scams using Hurricane Idalia as a lure, the Cybersecurity and Infrastructure Security Agency warned Thursday. Common schemes include hackers posing as relief organizations to gain financial information from donors and people seeking aid. More tips here from CISA. https://www.cisa.gov/news-events/alerts/2023/08/31/cisa-warns-hurricane-related-scams

Cyber Insurance

• Time and effort to obtain cyber insurance increasing for US businesses Organizations continue to invest in cybersecurity solutions to meet requirements for cyber insurance policies. https://www.csoonline.com/article/650609/time-and-effort-to-obtain-cyber-insurance-increasing-for-us-businesses.html

Career

• These 5 behaviors differentiate the top-performing CISOs, according to Gartner. More than two-thirds of top-performing chief information security officers (CISOs) dedicate recurring time for professional development, according to a new survey by Gartner. https://www.scmagazine.com/news/these-5-behaviors-differentiate-top-performing-cisos-according-to-gartner

Legal

• Calif. seems set to enforce Consumer Privacy Act. After delays and grace periods, officials in California want to make an impact with the state's new Consumer Privacy Act, writes Luke Sosnicki of the Thomson Coburn law firm. The online portal for consumer complaints is already in operation, state officials say. https://news.bloomberglaw.com/us-law-week/new-california-agency-sets-enforcement-priorities-for-privacy

Privacy

• New York police plan to monitor Labor Day parties with drones. The New York Police Department this weekend plans to respond to some noise complaints about neighborhood celebrations by flying drones over the area in question to evaluate goings-on. The tactic violates a city law saying the police must reveal surveillance methods, the New York Civil Liberties Union said. https://apnews.com/article/drones-labor-day-eric-adams-nypd-jouvert-c2787e87bcad8fa87aa8d34b454ee6cf