Cyber Risk Update 11 AUG 2023

This is a selection of this week's events. For more news and advisories, check out our discord server. Local Government Cyber Watch discord server. This server is focused on cybersecurity collaboration with local government stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V

Resources

Cybersecurity for K-12 Education https://www.cisa.gov/K12Cybersecurity
NIST Releases Draft Version of Cybersecurity Framework 2.0 for Public Comment https://www.hipaajournal.com/nist-draft-cybersecurity-framework-2-0/

Bonus Content!

Rocking the .gov Domain: Tips for a Smooth Transition https://www.learnsecurity.org/single-post/rocking-the-gov-domain-tips-for-a-smooth-transition

AI

The U.S. economy has absorbed the massive changes the pandemic brought to the labor market, with 8.6 million occupational shifts over the three years of COVID—50% more than in the previous three years. Now another disruption has arrived: generative artificial intelligence https://www.mckinsey.com/mgi/overview/in-the-news/will-generative-ai-be-good-for-us-workers
Talking computers into misbehaving: Using a technique called "prompt injection," hackers can guide AI systems such as ChatGPT to steal data from private email and do other bad things. One cyber researcher did just that, using a beta-test feature of ChatGPT that gave it access to apps such as Slack, Gmail and others. https://www.wsj.com/articles/with-ai-hackers-can-simply-talk-computers-into-misbehaving-ad488686
Observations from Black Hat 2023: It's all about training the data and getting it ready for AI https://www.scmagazine.com/perspective/observations-from-black-hat-2023-its-all-about-training-the-data-and-getting-it-ready-for-ai

Tactics, techniques and procedures (TTP) & Malware

Takeovers of MFA-protected accounts increase, as Microsoft 365 phishing campaign shows https://www.csoonline.com/article/649242/takeovers-of-mfa-protected-accounts-increase-as-microsoft-365-phishing-campaign-shows.html

Incidents

Connecticut city caught in business email compromise. New Haven Mayor Justin Elicker said Thursday that in May unauthorized parties accessed the email account of the chief operating officer of New Haven's public school district. The intruders, impersonating the COO and school suppliers on email, diverted six payments together worth $6 million to fraudulent bank accounts. The city has recovered $3.6 million with the help of the Federal Bureau of Investigation, Elicker said. https://www.nbcconnecticut.com/news/local/hackers-stole-more-than-6-million-from-city-of-new-haven-in-cyberattacks-mayor/3083733/
Police Service of Northern Ireland discloses second data breach in as many days https://www.csoonline.com/article/649200/police-service-of-northern-ireland-discloses-second-data-breach-in-as-many-days.html
Insurer for New Jersey's Montclair Township paid $450,000 to hackers to restore access to systems and data, said Joseph Hartnett, interim township manager. https://baristanet.com/2023/07/cyber-attack-on-montclair-township-led-to-450k-settlement/
The Economic Times: MOVEit hack spawned over 600 breaches but is not done yet: cyber analysts (08/09) https://economictimes.indiatimes.com/tech/technology/moveit-hack-spawned-over-600-breaches-but-is-not-done-yet-cyber-analysts/articleshow/102559714.cms

News

What's in New York's 'First Ever' Cyber Strategy? Governor Kathy Hochul has made cybersecurity a key priority, with New York's first chief cyber officer, Colin Ahern, leading the effort. https://www.darkreading.com/edge-articles/whats-in-new-york-first-ever-cyber-strategy

Nation-State

The Messenger: The US Wants Americans To Learn From Its Cyber Partnership With Ukraine (08/09) https://themessenger.com/tech/black-hat-cybersecurity-jen-easterly-ukraine-victor-zhora

Cyber Insurance

Cyber Insurance Experts Make a Case for Coverage, Protection. At Black Hat "mini summit," providers and customers get clearer about premium costs and coverage — and the risk of doing without. https://www.darkreading.com/black-hat/cyber-insurance-experts-make-a-case-for-coverage-protection
Cyber-Insurance Underwriting Is Still Stuck in the Dark Ages. Innovations in continuous controls monitoring may be the only way underwriters can offer cyber-insurance policies that make sense in the market. https://www.darkreading.com/risk/cyber-insurance-underwriting-is-still-stuck-in-the-dark-ages

Threat Intelligence

The Dark Web Is Expanding (As Is the Value of Monitoring It) Rising cybercrime threats heighten risks. Dark Web monitoring offers early alerts and helps lessen exposures. https://www.darkreading.com/threat-intelligence/the-dark-web-is-expanding-as-is-the-value-of-monitoring-it
U.S. spy agencies will share more intelligence with U.S. companies, nongovernmental organizations and academia under a new strategy that acknowledges concerns over new threats, such as another pandemic and increasing cyberattacks. “There’s so much that’s changed in the threat landscape, and in the world that we’re operating in today,” Director of National Intelligence Avril Haines said. https://www.wsj.com/articles/to-battle-new-threats-spy-agencies-to-share-more-intelligence-with-private-sector-db25e36

Vulnerabilities

A newly patched flaw in Windows Defender allows attackers to hijack the signature-update process to sneak in malware, delete benign files, and inflict mayhem on target systems. https://www.darkreading.com/attacks-breaches/-researchers-detail-vuln-that-allowed-for-windows-defender-update-process-hijack

Avoid or Ban

Chinese tech in smart devices under scrutiny. Reps. Mike Gallagher (R., Wisc.) and Raja Krishnamoorthi (D., Ill.) asked the Federal Communications Commission for information about the security of common components made in China that go into drones, cameras and other internet-of-things devices, with an eye toward a potential ban. https://www.nextgov.com/cybersecurity/2023/08/house-committee-asks-fcc-more-action-iot-device-security/389322/