Cyber Risk Update 14 JUL 2023

More Good Stuff

• Local Government Cyber Watch discord server. This server is focused on cybersecurity collaboration with local government stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V

• From Ancient Texts to Cybersecurity: The Influence of Individualism and Collectivism https://www.learnsecurity.org/single-post/from-ancient-texts-to-cybersecurity-the-influence-of-individualism-and-collectivism

• Embrace Tenacity: Leave Stubbornness Behind for Success https://www.learnsecurity.org/single-post/embrace-tenacity-leave-stubbornness-behind-for-success

• Resource For Schools https://www.schoolsafety.gov/

Incidents

• Hayward hacked: City suffers cyberattack, turns off website https://www.ktvu.com/news/hayward-hacked-city-suffers-cyberattack-turns-off-website

• Queen City News: Town of Cornelius works to restore systems after cyber threat (07/12) https://www.qcnews.com/news/u-s/north-carolina/mecklenburg-county/town-of-cornelius-works-to-restore-systems-after-cyber-threat/

• Out of Crisis, Opportunity: LAUSD's Fight Back From the Ransomware Brink. What could have been a digital quagmire for California’s largest school district served as a chance to hone cyber response and gird its more than 250 applications used by some 1.6 million users. https://www.govtech.com/security/out-of-crisis-opportunity-lausds-fight-back-from-the-ransomware-brink

• The Wall Street Journal: China Hacking Was Undetectable for Some Who Had Less Expensive Microsoft Services (07/13) Companies detect and investigate attacks by using logging software that keeps records of activity on their servers. But in this latest Chinese espionage campaign, critical logging information required to detect the attack was only available to purchasers of Microsoft’s top-tier cloud service, said officials at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. https://www.wsj.com/articles/china-hacking-was-undetectable-for-some-who-had-less-expensive-microsoft-services-58730629

Cyber Crime

• Interpol arrests suspected senior member of hacker group OPERA1ER. The group is believed to have stolen an estimated $11 million — potentially as much as $30 million — in more than 30 attacks across 15 countries in Africa, Asia, and Latin America. https://www.csoonline.com/article/644925/interpol-arrests-suspected-senior-member-of-hacker-group-opera1er.html

• MOVEit Transfer Faces Another Critical Data-Theft Bug. Users need to patch the latest SQL injection vulnerability as soon as possible. Meanwhile, Cl0p's data extortion rampage gallops on. https://www.darkreading.com/endpoint/moveit-transfer-another-critical-data-theft-bug

• FBI obtained detailed database exposing 60,000 users of the cybercrime bazaar Genesis Market. The seizure comes along with the arrest of nearly 120 people around the world, including Americans, officials said. https://cyberscoop.com/genesis-market-fbi-users-identified-arrests/

• Bank Info Security: Ransomware Crypto Payments Poised to Set New Record in 2023 (07/12) https://www.bankinfosecurity.com/ransomware-crypto-payments-poised-to-set-new-record-in-2023-a-22529

• Ransomware Extortion Skyrockets in 2023, Reaching $449.1 Million and Counting https://thehackernews.com/2023/07/ransomware-extortion-skyrockets-in-2023.html

TTP & Malware

• The Record: Three new MOVEit bugs spur CISA warning as more victims report breaches (07/07) https://therecord.media/three-new-moveit-bugs-spur-cisa-warning

• 'Big Head' malware threat looms, warn researchers. Researchers say the multifaceted ransomware strain is still evolving and presents "significant harm" once it becomes fully operational. https://www.scmagazine.com/news/ransomware/big-head-malware-threat-looms

• New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries https://thehackernews.com/2023/07/new-soho-router-botnet-avrecon-spreads.html

Incident Response

• 7-hour recovery: How an American business beat ransomware. A family-owned Ohio business was hit by ransomware during a holiday weekend and was able to get back up and running within a few hours. Here's how they did it. "We have nothing on-premise," Balzer says. "Because we're 100% in the cloud, and because we utilize Microsoft Azure Cloud environment, we were able to prevent them from moving laterally across the platforms in our systems." https://www.scmagazine.com/resource/leadership/24-hour-recovery-how-an-american-business-beat-ransomware

• How lawyers thinking like lawyers causes IT problems. Mixing lawyers and responses to cyberincidents can lead to unappealing results, argues columnist Evan Schuman, citing a study from major universities in the US and Europe. "If we get around to asking the bigger questions, then yes, protecting a company's data, systems, and other assets does outweigh the concerns from any single lawsuit," Schuman writes. https://www.computerworld.com/article/3701892/lawyers-and-incident-response-can-be-a-dangerous-combo.html

Trends

• The Times of India: Most Common Cyber Security Threats In 2023 (07/08) http://timesofindia.indiatimes.com/articleshow/101578195.cms

• Why CISOs need enhanced legal protections in the age of breach lawsuits. CISOs need the same type of legal protections afforded top C-suite officials. https://www.scmagazine.com/perspective/compliance/why-cisos-need-enhanced-legal-protections-in-the-age-of-breach-lawsuits

• Zero Trust Keeps Digital Attacks From Entering the Real World. Amid IT/OT convergence, organizations must adopt an "assume breach" mindset to stop bad actors and limit their impact. https://www.darkreading.com/ics-ot/zero-trust-keeps-digital-attacks-from-entering-the-real-world

• Police are requesting footage from autonomous vehicles in Waymo and Cruise fleets as evidence in investigations, though the practice is raising concern among privacy advocates. "With the lack of consumer privacy protections that we have in the US right now, companies are able to collect as much information as humanly possible," says Matthew Guariglia of the Electronic Frontier Foundation. https://www.bloomberg.com/news/articles/2023-06-29/self-driving-car-video-from-waymo-cruise-give-police-crime-evidence#xj4y7vzkg

• Cryptocurrency crime is down in 2023, but ransomware is up. Chainalysis said revenues tied to cryptocurrency-based crimes are down and ransomware revenues are up in 2023, so far. https://www.scmagazine.com/news/ransomware/cryptocurrency-crime-down-2023-except-ransomware

• Number of email-based phishing attacks surges 464% https://www.helpnetsecurity.com/2023/07/10/evolving-cyberattack-landscape/

Nation States

• The New York Times: Chinese Hackers Breached Government Email Accounts, Microsoft Says (07/11) https://www.nytimes.com/2023/07/11/us/politics/china-hack-us-government-microsoft.html

• Chinese Hackers Breached Email of Commerce Secretary Gina Raimondo and State Department Officials. Hackers didn’t appear to gain access to national security information. https://www.wsj.com/articles/chinese-hackers-spied-on-state-department-13a09f03

Vulnerability

• Rockwell Automation issues fixes for vulnerability uncovered in 26 products. The bug could let hackers change, stop or steal data traveling to or from Rockwell's 1756 EN2 and 1756 EN3 communications controllers used in industrial systems, said the Cybersecurity and Infrastructure Security Agency. CISA urged users to update the firmware of these systems. https://www.cisa.gov/news-events/ics-advisories/icsa-23-193-01

• Rockwell Automation exploit spurs fears of critical infrastructure security. Unnamed APT actors are said to be responsible for developing the exploit for vulnerabilities in a common range of industrial communication modules. https://www.scmagazine.com/news/critical-infrastructure/rockwell-automation-exploit-critical-infrastructure

Governance

• Governments, regulators adjust to hazardous cybersecurity landscape https://www.bondbuyer.com/news/governments-sec-adjust-to-hazardous-cyber-landscape

• We asked CEOs about cybersecurity and resilience: Here's what Information Security Officers must know https://www.weforum.org/agenda/2023/07/3-things-cisos-need-to-know-about-their-ceo-before-the-next-cyberattack-strikes/

• The Ethics of Managing People’s Data https://hbr.org/2023/07/the-ethics-of-managing-peoples-data

Third Party, Supply Chain

• Security Week: MOVEit: Testing the Limits of Supply Chain Security (07/12) https://www.securityweek.com/moveit-testing-the-limits-of-supply-chain-security/

Legislation Watch

• GovCon Wire: GovCon Expert Chuck Brooks on the Cybersecurity Awareness Act: ‘A Big Step in the Right Direction’ (Part One) (07/12) https://www.govconwire.com/2023/07/the-cybersecurity-awareness-act-a-big-step-in-the-right-direction-part-one/

AI

• The Wall Street Journal: ChatGPT Comes Under Investigation by Federal Trade Commission (07/13) https://www.wsj.com/articles/chatgpt-under-investigation-by-ftc-21e4b3ef

• WormGPT Cybercrime Tool Heralds an Era of AI Malware vs. AI Defenses. A black-hat alternative to GPT models specifically designed for malicious activities like BEC, malware, and phishing attacks is here, and will push organizations to level up with generative AI themselves. https://www.darkreading.com/attacks-breaches/wormgpt-heralds-an-era-of-using-ai-defenses-to-battle-ai-malware

Advisory

• Executive Gov: CISA & FBI Release Advisory on Enhancing Microsoft Exchange Online Monitoring (07/13) https://executivegov.com/2023/07/cisa-fbi-release-advisory-on-enhancing-microsoft-exchange-online-monitoring/