Cyber Risk Update 12 APR 2024
This is a selection of this week's events. For more news and advisories, check out our discord server. CIKR Cyber Sentinels discord server. This server is focused on cybersecurity collaboration with critical infrastructure stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V
Join (ISC)2 East Bay Chapter; membership is free! https://isc2-eastbay-chapter.org/membership/
Events
20 APR 2024, 9 am to noon, Applying Key Governance, Risk Management and Compliance (GRC) Flow of Work Principles Workshop https://womenscyberjutsu.org/events/EventDetails.aspx?id=1836869&group=
Resources
The Secure Cloud Business Applications (SCuBA) project provides guidance and capabilities to secure agencies’ cloud business application environments and protect federal information that is created, accessed, shared and stored in those environments. (SLTT & CIKR partners can use this tool as well.) Microsoft 365 & Google Workspace Secure Configuration Baselines are included with the tool. These security configuration baselines for Microsoft 365 (M365) and Google Workspace (GWS) provide easily adoptable recommendations that complement each agency’s unique requirements and risk tolerance levels as well as include automation features to assist federal agencies in rapidly assessing their M365 and GWS services. https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project
CISA launches malware analysis tool to help gather intelligence for network defenders (04/11) https://insidecybersecurity.com/daily-news/cisa-launches-malware-analysis-tool-help-gather-intelligence-network-defenders
NSA Updates Zero-Trust Advice to Reduce Attack Surfaces https://www.darkreading.com/cybersecurity-operations/nsa-updates-zero-trust-advice-to-reduce-attack-surfaces
Chinese Communist Party
China tests US voter fault lines and ramps AI content to boost its geopolitical interests https://blogs.microsoft.com/on-the-issues/2024/04/04/china-ai-influence-elections-mtac-cybersecurity/
People's Republic of China Cyber Threat https://www.cisa.gov/topics/cyber-threats-and-advisories/nation-state-cyber-actors/china
People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a
PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a
Identifying and Mitigating Living Off the Land Techniques https://www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques
MAR-10448362-1.v1 Volt Typhoon https://www.cisa.gov/news-events/analysis-reports/ar24-038a
PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders https://www.cisa.gov/resources-tools/resources/prc-state-sponsored-cyber-activity-actions-critical-infrastructure-leaders
Some Volt Typhoon victims ‘won’t know they’re impacted,’ Mandiant CEO says https://www.nextgov.com/cybersecurity/2024/04/some-volt-typhoon-victims-wont-know-theyre-impacted-mandiant-ceo-says/395659/
CIRCIA
In March 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Enactment of CIRCIA marked an important milestone in improving America’s cybersecurity by, among other things, requiring the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments to CISA. These reports will allow CISA to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and quickly share that information with network defenders to warn other potential victims. https://www.cisa.gov/topics/cyber-threats-and-advisories/information-sharing/cyber-incident-reporting-critical-infrastructure-act-2022-circia
Vulnerabilities
Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack https://thehackernews.com/2024/04/zero-day-alert-critical-palo-alto.html
Cyber Incidents
U.S. Federal Agencies Ordered to Hunt for Signs of Microsoft Breach and Mitigate Risks (You Should Too) https://thehackernews.com/2024/04/us-federal-agencies-ordered-to-hunt-for.html
ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System https://www.cisa.gov/news-events/directives/ed-24-02-mitigating-significant-risk-nation-state-compromise-microsoft-corporate-email-system
Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/
Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/
Roku warns 576,000 accounts hacked in new credential stuffing attacks https://www.bleepingcomputer.com/news/security/roku-warns-576-000-accounts-hacked-in-new-credential-stuffing-attacks/
CISA issues warning over 'Midnight Blizzard' Microsoft attack (04/12) https://www.thestack.technology/cisa-issues-warning-over-midnight-blizzard-microsoft-attack
The Hill: CISA confirms Russia-linked hackers tapped into correspondence between federal agencies, Microsoft (04/11) https://thehill.com/policy/technology/4589382-cisa-confirms-russian-linked-hacker-correspondence-between-federal-agencies-microsoft
Massive Sign1 Campaign Infects 39,000+ WordPress Sites with Scam Redirects https://thehackernews.com/2024/03/massive-sign1-campaign-infects-39000.html
US Offers $10M Bounty for Information on ‘Blackcat’ Hackers Who Hit UnitedHealth https://www.insurancejournal.com/news/national/2024/03/28/766990.htm
Change Healthcare Attack 'Devastating' to Doc Practices https://www.healthcareinfosecurity.com/change-healthcare-attack-devastating-to-doc-practices-a-24842
Apple Warns Users in 150 Countries of Mercenary Spyware Attacks https://www.darkreading.com/vulnerabilities-threats/apple-warns-users-targeted-by-mercenary-spyware
Sisense customers told to reset credentials amid supply chain attack fears https://www.scmagazine.com/news/sisense-customers-told-to-reset-credentials-amid-supply-chain-attack-fears
Third-Party Risk
Krebs on Security: Why CISA is Warning CISOs About a Breach at Sisense (04/11) https://krebsonsecurity.com/2024/04/why-cisa-is-warning-cisos-about-a-breach-at-sisense
TTP & Malware
LastPass: Hackers targeted employee in failed deepfake CEO call https://www.bleepingcomputer.com/news/security/lastpass-hackers-targeted-employee-in-failed-deepfake-ceo-call/
Governance Risk and Compliance
IMF evaluates financial sector cyberrisk for first time https://www.wsj.com/articles/imf-warns-of-cyber-risks-to-financial-sector-a37296c3
Privacy
The federal HR agency finalized a rule Friday that would help prevent potential identity theft by restricting the inclusion of Social Security numbers in mailed documents and establishing criteria for protecting the information. https://www.govexec.com/management/2024/04/opm-rule-removes-social-security-numbers-mailed-documents/395700/
World Affairs
U.S. Moves Warships to Defend Israel in Case of Iranian Attack https://www.wsj.com/world/middle-east/iranian-attack-expected-on-israel-in-next-two-days-42b0537c
Legislation and Funding
Mayorkas pushes for full funding to implement upcoming CISA mandatory incident reporting structure effectively (04/11) https://insidecybersecurity.com/daily-news/mayorkas-pushes-full-funding-implement-upcoming-cisa-mandatory-incident-reporting
Gov Info Security: FBI Calls for Increased Funding to Counter Cyber Threats (04/11) https://www.govinfosecurity.com/fbi-calls-for-increased-funding-to-counter-cyber-threats-a-24845