Cyber Risk Update 16 JUN 23

Local Government Cyber Watch discord server. This server is focused on cybersecurity collaboration with local government stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V

Career

• Cybersecurity Burnout: Stress Management Strategies for Cyber Pros https://www.learnsecurity.org/single-post/cybersecurity-burnout-stress-management-strategies-for-cyber-pros

• Security culture improving in businesses despite factors holding teams back. https://www.csoonline.com/article/3699119/security-culture-improving-in-businesses-despite-factors-holding-teams-back.html

• Chief information security officers generally work to cultivate the security of their organization’s computers, website, and applications, working alongside cybersecurity and IT team members. https://www.scmagazine.com/analysis/compliance/how-cisos-and-cybersecurity-execs-can-get-board-ready

• Employee departures can prompt high performers to exit https://www.wsj.com/articles/employees-layoffs-leaving-company-dc7e30f4

Incidents

• Energy Department among ‘several’ federal agencies hit by MOVEit breach https://federalnewsnetwork.com/cybersecurity/2023/06/energy-department-among-several-federal-agencies-hit-by-moveit-breach/

• Missouri Affected By MoveIt Cyberattack https://oa.mo.gov/commissioners-office/news/state-missouri-issues-statement-recent-global-cyberattack

• Many municipal services in Fayetteville, Ark., are still offline following a cyber incident last week, but officials said telephones had been restored to City Hall, district courts, development services and the city prosecutor. https://www.nwaonline.com/news/2023/jun/13/phones-restored-other-city-services-still-offline/

• Illinois hospital to close, cites cyberattack. St. Margaret’s Health in Spring Valley, Ill., will close permanently on Friday in part because of a cyberattack. https://www.nbcnews.com/tech/security/illinois-hospital-links-closure-ransomware-attack-rcna85983

• Minnesota Department of Education Hit By MoveIt Hack https://www.cbsnews.com/minnesota/news/minnesota-department-of-education-hit-by-cybersecurity-attack-95000-students-data-breached/

• The state government of Iowa reported to federal regulators a third major health data breach since. https://www.healthcareinfosecurity.com/iowa-reports-third-big-vendor-breach-this-year-a-22236

Malware, tactics, techniques, and procedures (TTP)

• Massive phishing campaign uses 6,000 sites to impersonate 100 brands https://www.bleepingcomputer.com/news/security/massive-phishing-campaign-uses-6-000-sites-to-impersonate-100-brands/

• Someone is posing as a fake security company to create malicious GitHub repositories https://www.scmagazine.com/news/devops/someone-is-posing-as-a-fake-security-company-to-create-malicious-github-repositories

• Cybercriminals target C-suite, family members with sophisticated attacks. https://www.cybersecuritydive.com/news/cybercriminals-target-c-suite/652052/

• Deepfakes of victims used in sextortion attacks spike, FBI warns. https://www.scmagazine.com/news/cybercrime/deepfakes-sextortion-spike-fbi

• Shadow IT is increasing and so are the associated security risks. https://www.csoonline.com/article/3698277/shadow-it-is-increasing-and-so-are-the-associated-security-risks.html

• Cl0P Gang Sat on Exploit for MOVEit Flaw for Nearly 2 Years. https://www.darkreading.com/vulnerabilities-threats/brand-new-security-bugs-affect-all-moveit-transfer-versions

• Android Malware Impersonates ChatGPT-Themed Applications https://unit42.paloaltonetworks.com/android-malware-poses-as-chatgpt/

Hacktivists

• Microsoft review of Azure outage shows spike in HTTP requests as researchers blame DDoS. https://www.cybersecuritydive.com/news/microsoft-azure-outages-spike-DDoS/652959/

AI

• Lawyers blame ChatGPT for tricking them into citing bogus past cases in court. https://www.latimes.com/world-nation/story/2023-06-09/chatgpt-lawyers-cite-bogus-case-law

• ChatGPT creates mutating malware that evades detection by EDR. https://www.csoonline.com/article/3698516/chatgpt-creates-mutating-malware-that-evades-detection-by-edr.html

• As AI spreads across the marketing landscape, data’s role will be key to success or danger https://digiday.com/media/as-ai-spreads-across-the-marketing-landscape-datas-role-will-be-key-to-success-or-danger/

Nation States

• Moody’s cites credit risk from state-backed cyber intrusions into US critical infrastructure https://www.cybersecuritydive.com/news/moodys-credit-risk-cyber-critical-infrastructure/651656/

• Russian APT 'Cadet Blizzard' Behind Ukraine Wiper Attacks https://www.darkreading.com/threat-intelligence/russian-apt-cadet-blizzard-ukraine-wiper-attacks

• Microsoft identifies, names new Russian-sponsored threat group https://www.scmagazine.com/news/threat-intelligence/microsoft-identifies-names-new-russian-sponsored-threat-group

• Top cyber official warns Chinese hackers could target infrastructure. https://thehill.com/policy/cybersecurity/4047488-top-cybersecurity-official-warn-of-sabotage-from-chinese-hackers/

• Mandiant more confident Chinese hackers were behind VMWare hypervisor malware campaign https://www.scmagazine.com/news/vulnerability-management/mandiant-more-confident-chinese-hackers-were-behind-vmware-hypervisor-malware-campaign

• North Korea has stolen about $3 billion in five years of hacks, and around 50% of that money is being used to fund the country’s ballistic missile program. https://www.wsj.com/articles/how-north-koreas-hacker-army-stole-3-billion-in-crypto-funding-nuclear-program-d6fe8782

• Cuba to host a secret Chinese spy base focusing on the U.S. China and Cuba have reached a secret agreement for China to establish an electronic eavesdropping facility on the island, in a brash new geopolitical challenge by Beijing to the U.S., according to U.S. officials familiar with highly classified intelligence. (WSJ) https://www.wsj.com/articles/cuba-to-host-secret-chinese-spy-base-focusing-on-u-s-b2fed0e0

OT / IOT

• Attacks against Internet of Things devices are growing at a slightly faster clip year-to-year when compared to mainstream breaches in the second half of 2022, according to reports from Kaspersky ICS CERT and SonicWall Capture Labs. Forrester Research identified four reasons why hackers are targeting IoT devices. https://venturebeat.com/security/why-attackers-love-to-target-iot-devices/

Avoid or Banned List

• China: TikTok: ByteDance Accused of Helping China Spy on Hong Kong Activists https://www.bbc.com/news/business-65817608

Guidance

• Interagency Connections: Strengthening Cybersecurity in an Interconnected World https://www.learnsecurity.org/single-post/interagency-connections-strengthening-cybersecurity-in-an-interconnected-world

• The U.S. government agency in charge of improving the nation's cybersecurity posture is ordering all federal civilian agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances. https://krebsonsecurity.com/2023/06/cisa-order-highlights-persistent-risk-at-network-edge/

Governance, Risk, and Compliance

• IT audits can help assure boards of effective cybersecurity

• https://www.isaca.org/resources/news-and-trends/industry-news/2023/the-increasing-importance-of-it-audits-to-the-bod

• Cyber Insurance Premiums Surge by 50% as Ransomware Attacks Increase https://www.insurancejournal.com/news/national/2023/06/14/725215.htm

• What business owners should know about data privacy https://www.forbes.com/sites/forbesbusinesscouncil/2023/06/13/15-things-every-small-business-leader-should-know-about-data-privacy-regulations/

• Psychiatry Practice Fined for Posting PHI Online

• https://www.healthcareinfosecurity.com/psychiatry-practice-fined-for-posting-phi-online-a-22239