Cyber Risk Update 16 DEC 2022

Data Breaches

• The County of Tehama, California, says personal information was compromised in a data breach. https://www.securityweek.com/california-county-says-personal-information-compromised-data-breach

• A regional transit district had a cybersecurity incident last month.

• A notorious and prolific ransomware operation claimed on Monday to have stolen 76 gigabytes of data from the California Department of Finance. https://www.cyberscoop.com/lockbit-ransomware-california-department-of-finance/

• InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber/physical threat info-sharing partnerships w/ the private sector, this week saw its database of contact information on more than 80,000 members go up for sale. https://krebsonsecurity.com/2022/12/fbis-vetted-info-sharing-network-infragard-hacked/

Cyber risk

• BYOD and Phishing Attacks: Top Threats Facing US Government Organizations | Lookout - Security Boulevard https://securityboulevard.com/2022/11/byod-and-phishing-attacks-top-threats-facing-us-government-organizations-lookout/

• Most of the 10 largest healthcare data breaches in 2022 are tied to vendors https://www.scmagazine.com/editorial/feature/breach/most-of-the-10-largest-healthcare-data-breaches-in-2022-are-tied-to-vendors

• Executives are 4x more likely to be victims of phishing that staff https://www.scmagazine.com/news/identity-and-access/executives-are-four-times-more-likely-to-be-victims-of-phishing-than-workers

Threat Actors

• Attackers Use DNS Tunneling as Command-and-Control Channel as a Conduit Into Air-Gapped Networks https://www.inforisktoday.com/dns-conduit-into-air-gapped-networks-say-researchers-a-20703

• Threat Actors now using AI to write malware. https://www.govinfosecurity.com/new-ai-bot-could-take-phishing-malware-to-whole-new-level-a-20709

Outlook

• The National Association of State Chief Information Officers (NASCIO) today released the State CIO Top Ten Policy and Technology Priorities for 2023, and unsurprisingly, cybersecurity remains a central focus. For the 10th consecutive year, cybersecurity and risk management are top of mind for state CIOs, according to NASCIO's annual list of the top 10 government tech priorities https://www.govtech.com/computing/nascio-releases-top-state-cio-priorities-for-2023

• IT leaders still struggle to hold elected officials' attention on cyber https://statescoop.com/local-tech-leaders-survey-comptia-cybersecurity/

• Senate passes TikTok ban bill. The Senate passed a bill that would ban federal employees from downloading or using the social media app TikTok on government devices, in response to national security concerns. https://www.wsj.com/articles/senate-passes-bill-banning-tiktok-from-government-devices-11671066166

• Digital Cities 2022: Facts and Figures, Cybersecurity Top Priority https://www.govtech.com/biz/data/digital-cities-2022-facts-and-figures-infographic