Cyber Risk Update 10 MAR 2023
Cyber Risk Update for March 10, 2023.
Bonus
Managing Cyber Risks in Local Government: The Need for Comprehensive Risk Management Programs https://www.learnsecurity.org/single-post/managing-cyber-risks-in-local-government-the-need-for-comprehensive-risk-management-programs
The Psychology of Cybersecurity: How Our Minds Distort Our Perception of Cyber Risk https://www.learnsecurity.org/single-post/the-psychology-of-cybersecurity-how-our-minds-distort-our-perception-of-cyber-risk
Data Breaches
The Play ransomware group claimed responsibility for a ransomware attack on Oakland and wrote on its website that they stole confidential and private data including identity documents, passports and information that allegedly proves human rights violations. https://www.bleepingcomputer.com/news/security/play-ransomware-claims-disruptive-attack-on-city-of-oakland/
Managing a cyber risk event: ‘Be a student of a crisis’ https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/cybersecurity/managing-a-cyber-risk-event-be-a-student-of-a-crisis
Hit twice! Password management company LastPass was breached again by the same threat actor that attacked the company in August 2022. A keylogger was used to infect the home computer of a LastPass developer. https://www.csoonline.com/article/3688922/hacked-home-computer-of-engineer-led-to-second-lastpass-data-breach.html
Personal Data Exposed in Cyber Attack on Modesto, Calif., PD https://www.govtech.com/security/personal-data-exposed-in-cyber-attack-on-modesto-calif-pd
Local Governments Still a Target
Pierce Transit, a public transportation system in Washington State, confirmed that it was hit with a ransomware attack that began on February 14, 2023. The LockBit ransomware group took credit for the attack. https://therecord.media/pierce-transit-washington-ransomware-attack-lockbit/
Governments in the Asia-Pacific and North American regions were targeted by cybersecurity attacks using the PureCrypter downloader. Threats from these attacks include information stealers, remote access trojans, and others. https://www.securityweek.com/purecrypter-downloader-used-to-deliver-malware-to-governments/
Deep Fakes
The Cyber Risk of Deep Fakes https://thehackernews.com/2023/03/from-disinformation-to-deep-fakes-how.html
Nation States
Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government
NYT: The Daring Ruse That Exposed China’s Campaign to Steal American Secrets https://www.nytimes.com/2023/03/07/magazine/china-spying-intellectual-property.html
Municipal CISOs grapple with challenges as they become targets for nation-state threat actors, cope with regulations, and pursue funding from resource-constrained governments. https://www.csoonline.com/article/3688958/municipal-cisos-grapple-with-challenges-as-cyber-threats-soar.html
OT/IoT Risks
EV Charging Infrastructure Offers an Electric Cyberattack Opportunity https://www.darkreading.com/ics-ot/ev-charging-infrastructure-electric-cyberattack-opportunity
Led by growth in Russia, more than 40% of global ICS systems faced malicious activity in the second half of 2022. https://www.darkreading.com/application-security/40-global-ics-systems-attacked-malware-2022
More on TikTok
Czech cyber watchdog warns against using TikTok https://www.reuters.com/technology/czech-cyber-watchdog-warns-against-using-tiktok-2023-03-08/
Regulations
EPA Requires Cybersecurity Assessments at Water Facilities https://www.wsj.com/articles/public-drinking-water-systems-must-get-serious-about-cybersecurity-epa-says-e093e974
TSA issues emergency cybersecurity mandates for the aviation sector https://www.scmagazine.com/news/critical-infrastructure/tsa-emergency-cybersecurity-mandates-aviation
Department of Health and Human Services. HHS urged healthcare organizations to use the NIST cybersecurity framework for best practices in handling cyber risk. https://aspr.hhs.gov/cip/hph-cybersecurity-framework-implementation-guide/Pages/Introduction.aspx
Ethics and AI
Using ChatGPT Correctly on the Job https://www.shrm.org/resourcesandtools/hr-topics/technology/pages/using-chatgpt-correctly-on-the-job.aspx
Removing Demographic Data Can Make AI Discrimination Worse https://hbr.org/2023/03/removing-demographic-data-can-make-ai-discrimination-worse
Meet ChatGPT's alter ego, DAN. He doesn't care about ethics or rules https://www.abc.net.au/news/2023-03-07/chatgpt-alter-ego-dan-ignores-ethics-in-ai-program/102052338
Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears https://www.darkreading.com/risk/employees-feeding-sensitive-business-data-chatgpt-raising-security-fears
Good News for Cybersecurity
The ability to collaborate across Azure Commercial and Azure Government clouds and across Azure Commercial is now generally available. https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/collaborate-securely-across-organizational-boundaries-and/ba-p/3094109
Comments