Cyber Risk Update 17 NOV 2023
This is a selection of this week's events. For more news and advisories, check out our discord server. CIKR Cyber Sentinels discord server. This server is focused on cybersecurity collaboration with critical infrastructure stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V
Featured Articles
Part 1 - Building an Effective Risk Registry https://www.learnsecurity.org/single-post/part-1-building-an-effective-risk-registry
Cyber Insurance: Trends & Challenges https://www.learnsecurity.org/single-post/cyber-insurance-trends-challenges
Nation States
Iranian APT group launches destructive attacks against Israeli organizations. The Agonizing Serpens group seeks to steal sensitive information and then wipe systems. https://www.csoonline.com/article/1246104/iranian-apt-group-launches-destructive-attacks-against-israeli-organizations.html
Russia-Linked Hackers Claim Credit for OpenAI Outage https://www.insurancejournal.com/news/national/2023/11/13/747823.htm
The Defense Post: US, South Korea to Enhance Joint Cyber Operability (11/10) https://www.thedefensepost.com/2023/11/10/us-korea-enhance-cyber-operability
Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice. While China is already among the world's most formidable threat actors, a focus on exploiting public-facing appliances makes its state-sponsored APTs more dangerous than ever. https://www.darkreading.com/vulnerabilities-threats/zero-days-in-edge-devices-china-cyber-warfare-tactic
Cyber Criminals
Ransomware Gang Lockbit Posts What It Says Is Boeing Data on Site https://www.insurancejournal.com/news/national/2023/11/13/747824.htm
Prosecutors in Finland this week commenced their criminal trial against Julius Kivimäki, a 26-year-old Finnish man charged with extorting a once popular and now-bankrupt online psychotherapy practice and thousands of its patients. In a 2,200-page report, Finnish authorities laid out how they connected the extortion spree to Kivimäki, a notorious hacker who was convicted in 2015 of perpetrating tens of thousands of cybercrimes, including data breaches, payment fraud, operating a botnet and calling in bomb threats. https://krebsonsecurity.com/2023/11/alleged-extortioner-of-psychotherapy-patients-faces-trial/
Cyber Incidents
Business Today: World's largest bank, ICBC, faces cybersecurity breach: Know all about LockBit 3.0 ransomware (11/11) https://www.businesstoday.in/technology/news/story/worlds-largest-bank-icbc-faces-cybersecurity-breach-know-all-about-lockbit-30-ransomware-405468-2023-11-11
Dark Reading: 'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (11/10) https://www.darkreading.com/vulnerabilities-threats/ransomware-hit-china-owned-bank-citrixbleed-flaw
State of Maine Becomes Latest MOVEit Victim to Surface. The state said 1.3 million individuals have been affected by this breach, which includes Social Security numbers and taxpayer information. https://www.darkreading.com/attacks-breaches/state-maine-latest-moveit-victim
FBI Warns on Scattered Spider Hackers, Urges Victims to Come Forward. The FBI warned organizations to guard against the Scattered Spider hacking group, which has breached dozens of American organizations... https://www.insurancejournal.com/news/national/2023/11/17/748739.htm
Official City of Long Beach Statement Regarding a Network Security Incident Targeting City Systems https://www.longbeach.gov/latest-news/official-city-of-long-beach-statement
Samsung says hackers accessed customer data during year-long breach https://thehackernews.com/2023/11/russian-hackers-launch-largest-ever.html
Vulnerabilities
Google: Hackers exploited Zimbra zero-day in attacks on govt orgs https://www.bleepingcomputer.com/news/security/google-hackers-exploited-zimbra-zero-day-in-attacks-on-govt-orgs/
Guidance
Document Management Systems. Keep it secret, keep it safe: the essential role of cybersecurity in document management. Untold quantities of sensitive data reside in the huge variety of documents that accumulate over the lifetime of an organization. Keeping them safe no matter where they’re stored should be a top priority. https://www.csoonline.com/article/1100998/keep-it-secret-keep-it-safe-the-essential-role-of-cybersecurity-in-document-management.html
The Digital Hacker: Strengthen Your Defense with a Robust Cybersecurity Checklist for the Shields Ready Campaign in 2023 (11/10) https://thedigitalhacker.com/cybersecurity-shields-ready-campaign
The Cybersecurity and Infrastructure Security Agency (CISA) released its Roadmap for Artificial Intelligence (AI) this week, adding to the significant whole-of-government effort to ensure the secure development and implementation of Artificial Intelligence capabilities, and operationalizing its responsibilities as provided in Executive Order (EO) 14110, “Safe, Secure, And Trustworthy Development and Use of Artificial Intelligence (AI),” CISA invites stakeholders, partners, and the public to explore the Roadmap for Artificial Intelligence and learn more about our strategic vision for AI technology and cybersecurity. To access the full Roadmap, visit www.cisa.gov/AI
Trends
Generative AI to fuel stronger phishing campaigns, information operations at scale in 2024. Google Cloud forecasts continued use of gen AI to create smarter campaigns while cybersecurity pros will use the same tools to defend and close the skills gap. https://www.csoonline.com/article/1239274/generative-ai-to-fuel-stronger-phishing-campaigns-information-operations-at-scale-in-2024.html
Fortune 500 Vulnerabilities to Third-Party Cloud Risk Could Result in $20B Loss. New research indicates members of the Fortune 500 could suffer direct financial losses in excess of $20 billion due to a partial outage https://www.insurancejournal.com/news/national/2023/11/17/748593.htm
Despite Hype, the Password-Free Workplace Is Still a Long Way Off. More than half of organizations are nowhere near ditching passwords, even as cyberattackers continue to have a field day with workers' poor credential choices. https://www.darkreading.com/endpoint/password-free-workplace-long-way-off
State Tech Magazine: Tackling Alert Fatigue: How Local Agencies Can Defend Against Cyberthreats (11/15) https://statetechmagazine.com/article/2023/11/alert-fatigue-perfcon
Enhanced interagency and public-private sector partnerships have allowed the U.S. federal government to better prevent and respond to the recent surge in ransomware attacks, top FBI officials said Wednesday. Coordination between the FBI and agencies including the Cybersecurity and Infrastructure Security Agency and institutions in the healthcare and financial sectors "is at an all-time high," said Bryan Vorndran, assistant director of the FBI's cyber division. Adversaries have developed "significant changes in tactics" over the last two years, Vorndran said while speaking at the Aspen Cyber Summit in New York City. The FBI has increasingly observed cybercriminals deploying techniques such as double extortion and dual payloads. https://www.bankinfosecurity.com/fbi-says-enhanced-partnerships-help-combat-ransomware-surge-a-23598
AI
Want to learn more about AI but don't know where to start? Check out these free AI training courses from AWS. There's something here for everyone, from beginners to more advanced, and it won't cost you anything (but time). https://www.zdnet.com/article/unlock-ai-secrets-transform-your-skills-with-amazons-free-ai-learning/
California cities ditching online comments due to racist, antisemitic ‘Zoom bombing’ https://ktla.com/news/local-news/california-cities-ditching-online-comments-due-to-surging-hate-speech/
How antisemitic hate groups are using artificial intelligence in the wake of Hamas attacks https://ktvz.com/news/national-world/cnn-national/2023/11/14/how-antisemitic-hate-groups-are-using-artificial-intelligence-in-the-wake-of-hamas-attacks/
YouTube establishes new AI rules, protections. AI-altered and AI-generated content, including voice, on YouTube will require labeling within the description panel or in the video player depending on the topic within the next few months, and violators will be subject to content removal or suspension. YouTube also will give users the ability to request removal of AI-generated or synthetic content that resembles identifiable faces or voices through its privacy request process. https://variety.com/2023/digital/news/youtube-ai-generated-content-labels-requirement-deepfake-removal-1235790227/
Awareness
NPR: A government agency wants you to make cybersecurity a part of your routine (11/10) https://www.npr.org/2023/11/10/1212068839/a-government-agency-wants-you-to-make-cybersecurity-a-part-of-your-routine
Threat Intelligence, TTP & Malware
This CSA is being re-released to add new TTPs, IOCs, and information related to Royal Ransomware activity. https://www.ic3.gov/Media/News/2023/231113.pdf
CISA warns of actively exploited Windows, Sophos, and Oracle bugs https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-windows-sophos-and-oracle-bugs/
3 Ways Behavioral Economics Obstructs Cybersecurity. People are not robots; their decisions are based on emotion as much as data. Often, this can lead them to make mistakes with serious security implications for the business. https://www.darkreading.com/vulnerabilities-threats/3-ways-behavioral-economics-obstructs-cybersecurity
Palestine-aligned cyberespionage actor shifts infection chain tactics. The highly targeted spear-phishing campaign uses Microsoft PowerPoint add-in and XLL, RAR attachments to deliver malware. https://www.csoonline.com/article/1247798/palestine-aligned-cyberespionage-actor-shifts-infection-chain-tactics.html
New form of extortion? Hacker group files SEC complaint against its own victim https://www.scmagazine.com/news/hacker-group-files-sec-complaint-against-its-own-victim
Liability
Tech Spot: EFF urges FTC to sanction Amazon for selling malware-loaded Android TV boxes (11/15) https://www.techspot.com/news/100848-eff-urges-ftc-sanction-amazon-selling-malware-loaded.html
Privacy
Check how any new device gathers data, UK agency warns https://www.infosecurity-magazine.com/news/regulator-black-friday-smart/
Workplace Safety
Learn how to prevent and mitigate workplace violence by cultivating a culture of awareness and support. The Preventing Workplace Violence: Security Awareness Considerations Infographic provides tips and recommendations to stay safe https://www.cisa.gov/sites/default/files/2023-11/Preventing%20Workplace%20Violence%20Security%20Awareness%20Considerations%20Infographic_508.pdf
Record Requests and Security-related information.
State Statutes Protecting the Confidentiality of Cybersecurity Information. All 50 states have public records laws that provide the public with access to government records. Most of these laws begin with a presumption of openness—that is, records are considered open unless a specific exemption has been outlined in state law. (The Guide can be found under the #legislation-watch channel in CIKR Cyber Sentinels discord server)
댓글