Cyber Risk Update 10 NOV 2023

Happy Birthday, United States Marine Corps! Long live the Corps! And on this Veterans Day, we extend our heartfelt gratitude to all our veterans for their dedicated service. Let's take a moment to honor and appreciate the sacrifices made by our veterans.

This is a selection of this week's events. For more news and advisories, check out our discord server. CIKR Cyber Sentinels discord server. This server is focused on cybersecurity collaboration with critical infrastructure stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V

Featured Blog

November: Resolving to Build a Stronger and Resilient Future for Critical Infrastructure https://www.learnsecurity.org/single-post/november-resolving-to-build-a-stronger-and-resilient-future-for-critical-infrastructure

TTP and Malware

Somebody Just Killed the Mozi Botnet. The once great botnet was nearly entirely eliminated in August. Why, who did it, and what comes next remain unclear. https://www.darkreading.com/ics-ot/somebody-just-killed-mozi-botnet
Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. In today's Part II, we'll examine clues about the real-life identity left behind by "Fearless," the nickname chosen by the proprietor of the SWAT USA Drops service. https://krebsonsecurity.com/2023/11/whos-behind-the-swat-usa-reshipping-service/
An advanced strain of malware masquerading as a cryptocurrency miner has managed to fly the radar for over five years, infecting no less than one million devices around the world in the process. That's according to findings from Kaspersky, which has codenamed the threat StripedFly, describing it as an "intricate modular framework that supports both Linux and Windows." https://thehackernews.com/2023/11/stripedfly-malware-operated-unnoticed.html
SecuriDropper: New Android Dropper-as-a-Service Bypasses Google's Defenses https://thehackernews.com/2023/11/securidropper-new-android-dropper-as.html
Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel https://thehackernews.com/2023/11/google-warns-of-hackers-absing-calendar.html
Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams. With AI and publicly available data, cybercriminals have the resources they need to fake a real-life kidnapping and make you believe it. https://www.darkreading.com/black-hat/virtual-kidnapping-ai-tools-enabling-irl-extortion-scams

Cyber Criminals

Silent Ransom Group ramps up callback phishing attacks, FBI warns https://www.scmagazine.com/news/silent-ransom-group-ramps-up-callback-phishing-attacks
North Korea's BlueNoroff APT Debuts 'Dumbed Down' macOS Malware https://www.darkreading.com/threat-intelligence/north-korea-bluenoroff-apt-dumbed-down-macos-malware
Russian-speaking threat actor "farnetwork" linked to 5 ransomware gangs https://www.bleepingcomputer.com/news/security/russian-speaking-threat-actor-farnetwork-linked-to-5-ransomware-gangs/
Ransomware Mastermind Uncovered After Oversharing on Dark Web. Meet "farnetwork," one of the most prolific RaaS operators around, who spilled too many details during an affiliate "job interview." https://www.darkreading.com/threat-intelligence/ransomware-mastermind-uncovered-oversharing-dark-web

Tools and Resources

New CVSS 4.0 vulnerability severity rating standard released https://www.first.org/cvss/v4-0/index.html
ATT&CK v14 has been released. We hope everyone will enjoy our latest treats! https://attack.mitre.org/
Dragos Community Defense Program. Free access to Dragos OT cybersecurity technology for qualifying utility providers to better protect their communities from potentially destructive cyber-attacks. "We realize that small utilities and cooperatives don’t have the resources for OT cybersecurity – but it’s really important. That’s why we built the Community Defense Program (CDP)." The CDP provides US-based water, electric, and natural gas providers with less than $100M in annual revenue free access to Dragos Platform software. These tools can help improve their security postures and reduce OT risk. More info: CDPinfo@dragos.com https://www.dragos.com/community-defense-program/
To Improve Cyber Defenses, Practice for Disaster https://www.darkreading.com/edge/to-improve-cyber-defenses-practice-for-disaster
US launches “Shields Ready” campaign to secure critical infrastructure. Shields Ready initiative outlines strategies for preparing critical infrastructure organizations for potential disruption and building more resilience into systems, facilities, and processes. https://www.csoonline.com/article/1229409/us-launches-shields-ready-campaign-to-secure-critical-infrastructure.html
C4ISRNet: Zero hour for Zero Trust: How data tagging can speed implementation (11/07) https://www.c4isrnet.com/opinion/2023/11/07/zero-hour-for-zero-trust-how-data-tagging-can-speed-implementation/

Cyber Incidents and Data Breaches

Okta hit by another breach, this one stealing employee data from 3rd-party vendor https://therecord.media/okta-employees-impacted-by-third-party-breach
Anonymous Sudan targeting US media outlets https://techmonitor.ai/technology/cybersecurity/ap-cyberattack-associated-press-anonymous-sudan-ddos
Fox News: Facebook accounts hit with malicious ad attack with dangerous malware (11/04) https://www.foxnews.com/tech/facebook-accounts-hit-malicious-ad-attack-dangerous-malware
Kansas’ Electronic Court System Still Down Weeks After Hack. Kansas courts have been operating entirely on paper since online court systems went down after a cyberattack more than three weeks ago, State Scoop reports. The attack has slowed down civil and criminal court cases and limited parents’ ability to access child support payments. The state hasn’t disclosed what caused the incident and when systems will be back online. https://statescoop.com/kansas-electronic-courts-system-still-down-weeks-after-cyber-incident/
ChatGPT down after major outage impacting OpenAI systems https://www.bleepingcomputer.com/news/technology/chatgpt-down-after-major-outage-impacting-openai-systems/
Details about military members are exposed through data brokers such as Acxiom and Equifax, researchers at Duke University say. Some companies overtly market such data, said the researchers, who reported they bought information about service members and veterans for as little as 12 cents per record. https://www.securityweek.com/data-brokers-expose-sensitive-us-military-member-info-to-foreign-threat-actors-study/

Awareness

FBI-Chicago Warns of Charity Fraud During Israel-Hamas Conflict https://www.fbi.gov/contact-us/field-offices/chicago/news/fbi-chicago-warns-of-charity-fraud-during-israel-hamas-conflict
Government Technology: Iowa Cyber Hub Program Works to Reach the Community (11/08) https://www.govtech.com/security/iowa-cyber-hub-program-works-to-reach-the-community

Career

Visa launches cybersecurity training program. The card giant rolled out a cybersecurity apprenticeship program last year amid a talent deficit highlighted by the Biden administration. https://www.cybersecuritydive.com/news/visa-cybersecurity-training/698901/

Vulnerabilities

New Microsoft Exchange zero-days allow RCE, data theft attacks https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/
Microsoft is overhauling its software security after major Azure cloud attacks by China https://blogs.microsoft.com/on-the-issues/2023/11/02/secure-future-initiative-sfi-cybersecurity-cyberattacks/
'KandyKorn' macOS Malware Lures Crypto Engineers. Posing as fellow engineers, the North Korean state-sponsored cybercrime group Lazarus tricked crypto-exchange developers into downloading the hard-to-detect malware. https://www.darkreading.com/endpoint/kandykorn-macos-malware-lures-crypto-engineers

AI

The Guardian: Elon Musk unveils Grok, an AI chatbot with a ‘rebellious streak’ (11/04) https://www.theguardian.com/technology/2023/nov/05/elon-musk-unveils-grok-an-ai-chatbot-with-a-rebellious-streak
Why your board must be your AI-conversant. It's up to corporate directors to "challenge management with core questions about the strategic direction of the company in an AI-driven world," write academics David Edelman and Vivek Sharma. In this article they lay out our five principles, starting with recognizing data as a business asset and owning AI strategy at the board level. https://hbr.org/2023/11/its-time-for-boards-to-take-ai-seriously

Legal

SolarWinds Denies SEC Charges Over Cyber Disclosures. Software company accuses agency of false claims about its cybersecurity program. https://www.wsj.com/articles/solarwinds-denies-sec-charges-over-cyber-disclosures-31dcad0c

Other News

23andMe data theft prompts DNA testing companies to switch on 2FA by default. https://techcrunch.com/2023/11/07/23andme-ancestry-myheritage-two-factor-by-default/
Long Beach Post: Federal officials warn of danger from cyberattacks at Port of Long Beach, other vital infrastructure (11/07) https://lbpost.com/news/federal-officials-warn-of-danger-from-cyberattacks-at-port-of-long-beach-other-vital-infrastructure/
Meri Talk: CISA Sees Smooth Election Day Operations, No 'Credible' Threats (11/07) https://www.meritalk.com/articles/cisa-sees-smooth-election-day-operations-no-credible-threats
The Defense Post: CISA Seeks Next-Gen Cybersecurity Experts From Underserved Communities (11/07) https://www.thedefensepost.com/2023/11/07/us-cybersecurity-experts-underserved-communities

GRC

Meet Your New Cybersecurity Auditor: Your Insurer. As cyber insurance gets more expensive and competitive, security decision-makers have actionable opportunities to strengthen their cyber defenses. https://www.darkreading.com/risk/meet-your-new-cybersecurity-auditor-your-insurer