Cyber Risk Update 16 FEB 2024

This is a selection of this week's events.  For more news and advisories, check out our discord server.  CIKR Cyber Sentinels discord server. This server is focused on cybersecurity collaboration with critical infrastructure stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V  

Threat Intelligence

Identifying and Mitigating Living Off the Land Techniques https://www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques

Education Resources

SchoolSafety.gov and its associated communications continued to highlight relevant and timely school safety-related resources, guidance, and funding opportunities for the K-12 school community, Some of the recently published and/or promoted resources and grants include:

• Blue Campaign Resources (DHS)

• Bomb Threat Resources (CISA)

• Combating Human Trafficking in America's Schools (ED)

• Coordinated Tribal Assistance Solicitation (DOJ)

• Family and Caregiver Access to Resources on Anxiety and Depression in Children and Youth (HHS)

• Grant Funding to Address Indoor Air Pollution at Schools (EPA)

• Human Trafficking in America's Schools (ED)

• Integrating K-12 Students With Disabilities Into School Emergency Management Planning (ED)

• Social Media and Youth Mental Health: The U.S. Surgeon General's Advisory (HHS)

Elections Security

CISA proudly announced the launch of the #Protect2024 website. As part of the #Protect2024 initiative, CISA developed a webpage to serve as a central point for consolidated critical resources, training lists and security service offerings to support the over 8,000 election jurisdictions for the 2024 election cycle. These efforts build upon prior years of working with elections officials to mitigate the cyber, physical, and operational risks to election infrastructure. https://www.cisa.gov/topics/election-security/protect2024

Incidents

• “Mother of All Breaches” (MOAB)

  • A monster “combo file” that would pull together searchable information from all prior data leaks

  • 26 billion records

  • 1.2 terabytes

  • 3800 data breaches

  • Stories

    • 26 billion private records leaked in ‘mother of all breaches’ https://bgr.com/tech/26-billion-private-records-leaked-in-mother-of-all-breaches/

    • 26 billion records have been leaked in 'Mother of all Breaches,' but don't freak out https://www.msn.com/en-us/news/technology/26-billion-records-have-been-leaked-in-mother-of-all-breaches-but-dont-freak-out/ar-BB1h6WSl

    • “Mother of All Breaches” Data Leak Pulls Together 26 Billion Records From Thousands of Prior Breaches https://www.cpomagazine.com/cyber-security/mother-of-all-breaches-data-leak-pulls-together-26-billion-records-from-thousands-of-prior-breaches/

• Kansas State, Clackamas Community College respond to cyberattacks https://therecord.media/kansas-state-university-ccc-oregon-cyberattacks

• Data theft plaguing K-12 schools after holiday season attacks https://therecord.media/data-theft-plaguing-schools-after-attacks

• Ivanti Connect Secure zero-day patches delayed https://www.cybersecuritydive.com/news/ivanti--zero-day-patches-delayed/705866/

• Kansas Unveils Cyber Program to Safeguard Water Systems https://www.govtech.com/security/kansas-unveils-cyber-program-to-safeguard-water-systems

• Apparent Pig-Butchering Crypto Scam Took Down a US Bank. Kansas Bank Forced to Close After CEO Allegedly Embezzled Nearly $50 Million. https://www.bankinfosecurity.com/apparent-pig-butchering-crypto-scam-took-down-us-bank-a-24351

• Microsoft Azure customers hit by phishing, account takeover attacks. More than 200 organizations have been targeted via employee compromise, Proofpoint said. https://www.cybersecuritydive.com/news/microsoft-azure-account-takeover-attacks/707392/

• US and Allies Kick Russian Hackers Off Home Routers, FBI Says https://www.insurancejournal.com/news/national/2024/02/16/760996.htm

Privacy

A draft international cybercrime treaty set to enter a final round of negotiations at the United Nations Monday drew condemnation from civil society groups that said it will criminalize security research and promote indiscriminate police surveillance. https://www.govinfosecurity.com/civil-society-sounds-alarms-on-un-cybercrime-treaty-a-24201

Nation States

• Microsoft, OpenAI reveal ChatGPT use by state-sponsored hackers https://www.scmagazine.com/news/microsoft-openai-reveal-chatgpt-use-by-state-sponsored-hackers

• Ukraine’s security service detains member of Russian ‘Cyber Army’ https://therecord.media/ukraine-detains-member-of-russia-cyber-army

• NPR: Iran launches three satellites into space as tensions rise (01/28) https://www.npr.org/2024/01/28/1227439493/iran-launches-three-satellites-into-space-as-tensions-rise

• Hearing Notice: The CCP Cyber Threat to the American Homeland and National Security https://selectcommitteeontheccp.house.gov/committee-activity/hearings/hearing-notice-ccp-cyber-threat-american-homeland-and-national-security

  • General Paul Nakasone, Commander, United States Cyber Command

  • Ms. Jen Easterly, Director, Cybersecurity and Infrastructure Security Agency

  • Mr. Christopher Wray, Director, Federal Bureau of Investigation

  • Mr. Harry Coker, Jr., Director, Office of the National Cyber Director

  • Before the House Select Committee on Strategic Competition Between the United States and the Chinese Communist Party https://www.cisa.gov/news-events/news/opening-statement-cisa-director-jen-easterly

CISA Pre-Ransomware Notifications

• Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organizations Stop Attacks Before Damage Occurs https://www.cisa.gov/news-events/news/getting-ahead-ransomware-epidemic-cisas-pre-ransomware-notifications-help-organizations-stop-attacks

• Ransomware Vulnerability Warning Pilot (RVWP) https://www.cisa.gov/stopransomware/Ransomware-Vulnerability-Warning-Pilot

Career

• The Register: Wait, security courses aren't a requirement to graduate with a computer science degree? (01/26) https://www.theregister.com/2024/01/26/security_courses_requirements

Advisory

• Agencies: Chinese drones may pose security risks. DJI, the biggest manufacturer of drones, issued a rebuttal to guidance from the Cybersecurity and Infrastructure Security Agency and FBI on drones from China that had expressed concerns about national security and infrastructure. DJI pointed to security protections and third-party audits that prioritize security and data privacy. https://dronelife.com/2024/01/25/djis-thorough-rebuttal-safeguarding-data-privacy-and-cybersecurity-amid-national-security-concerns-over-chinese-drones/

Governance, Risk, and Compliance

• 10 Security Metrics Categories CISOs Should Present to the Board.  Boards of directors don't care about a security program's minute technical details. They want to see how key performance indicators are tracked and used. https://www.darkreading.com/cybersecurity-analytics/10-security-metrics-categories-cisos-should-present-to-the-board

Artificial Intelligence

• Google launches a slew of AI initiatives to enhance cybersecurity. https://www.csoonline.com/article/1308071/google-launches-a-slew-of-ai-initiatives-to-enhance-cybersecurity.html