Cyber Risk Update 19 APR 2024

This is a selection of this week's events.  For more news and advisories, check out our discord server.  CIKR Cyber Sentinels discord server. This server is focused on cybersecurity collaboration with critical infrastructure stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V  

Join (ISC)2 East Bay Chapter, membership is free! https://isc2-eastbay-chapter.org/membership/

Upcoming Events

• RSA Public Sector Day, May 6 11am-3pm, Hilton 333 O’Farrell St. San Francisco, CA 94102 https://carahevents.carahsoft.com/Event/Details/445617-web

• Cyber Entity Notification Awareness Webinar Series https://www.cisa.gov/resources-tools/resources/cyber-entity-notification-awareness-webinar-series

April 19th is the 29th anniversary of the Oklahoma City bombing.

April 22nd is the 54th Earth Day!

Emergency Communications Month

This April, as we celebrate Emergency Communications Month, we are prioritizing the people who support the systems on which we rely and highlighting the role of emergency communications as a vital function. This year’s theme, Resilient Together, highlights both the importance of emergency communications in building resilient critical infrastructure and the need to work together. CISA is also encouraging all emergency communications partners to enroll in the agency’s free priority telecommunications services.  https://www.cisa.gov/emergency-communications-month

Incidents

• Major 911 outages in 4 states leave millions without an easy way to contact authorities https://www.nbcnews.com/news/us-news/major-911-outages-4-states-leave-millions-way-contact-local-authoritie-rcna148345

• Rural Texas towns report cyberattacks that caused one water system to overflow (04/18) https://www.foxnews.com/us/rural-texas-towns-report-cyberattacks-caused-one-water-system-overflow

• Frontier Communications shuts down systems after cyberattack (04/18) https://www.bleepingcomputer.com/news/security/frontier-communications-shuts-down-systems-after-cyberattack

• Global law enforcement takes down phishing platform https://www.theregister.com/2024/04/18/police_lab_host/

• Hackers stole data from UN Development Program https://www.securityweek.com/united-nations-agency-investigating-ransomware-attack-involving-data-theft/

• Sensitive US government data exposed after Space-Eyes data breach https://www.csoonline.com/article/2091966/sensitive-us-government-data-exposed-after-space-eyes-data-breach.html

• Omni Hotels has confirmed that cybercriminals stole customers' personal information, including names, email addresses, postal addresses, and guest loyalty program data. The ransomware gang Daixin claimed responsibility and threatened to leak customer records dating back to 2017 on its dark website, a common extortion tactic. https://techcrunch.com/2024/04/16/omni-hotels-customer-data-stolen-ransomware/

• Arby’s franchisor DRM, which runs 121 restaurants in the Midwest, said personal employee data was compromised in a cyberattack detected March 12. https://www.iowaattorneygeneral.gov/media/cms/4172024_DRM_Inc_Arbys_1BD876DF661BF.pdf

Resources, Tools, and Guidance

• NIST Cybersecurity Farmwork 2.0 https://www.nist.gov/cyberframework

• This DHS launched Know2Protect, an education and awareness campaign in our fight against online child sexual exploitation and abuse. https://www.dhs.gov/know2protect

• The National Institute of Standards and Technology (NIST) released for public comment (open until May 20), NIST SP 880-61r3 ipd, Incident Response Recommendations and Considerations for Cybersecurity Risk Management A CSF 2.0 Community Profile https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r3.ipd.pdf

• NIST has released three new (free) online introductory courses on SP 800-53, SP 800-53A and SP 800-53B. These are on-demand and self-paced courses, and no registration is necessary. https://csrc.nist.gov/News/2024/online-intro-courses-for-nist-sp-800-53

• National Security Agency | Cybersecurity Information Sheet, Account for Complexities Introduced by Hybrid Cloud and Multi-Cloud Environments https://media.defense.gov/2024/Mar/07/2003407865/-1/-1/0/CSI-CloudTop10-Hybrid-Multi-Cloud.PDF

• A Resource Guide for Developing a Resilient Supply Chain Risk Management Plan https://www.cisa.gov/resources-tools/resources/empowering-small-and-medium-sized-businesses

• CISA, intelligence agencies release guidance on foreign influence operation tactics impacting elections (04/18) https://insidecybersecurity.com/daily-news/cisa-intelligence-agencies-release-guidance-foreign-influence-operation-tactics-impacting

Governance, Risk, and Compliance

• You can now provide comments on our Notice of Proposed Rulemaking for #CIRCIA here: https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-for-critical-infrastructure-act-circia-reporting-requirements

Advisories

• #StopRansomware: Akira Ransomware https://www.ic3.gov/Media/News/2024/240418.pdf

Nation States

• Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities https://www.wired.com/story/cyber-army-of-russia-reborn-sandworm-us-cyberattacks/

• FBI says Chinese hackers preparing to attack US infrastructure https://www.reuters.com/technology/cybersecurity/fbi-says-chinese-hackers-preparing-attack-us-infrastructure-2024-04-18/

• Risks are higher than ever for US- China cyber war (04/18) https://responsiblestatecraft.org/us-china-cyberwar

• Russian APT Group Thwarted in Attack on US Automotive Manufacturer (04/18) https://www.darkreading.com/cyberattacks-data-breaches/russian-apt-group-thwarted-in-attack-on-us-automotive-manufacturer

TTP & Malware

• Cybercriminals pose as LastPass staff to hack password vaults (04/18) https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-lastpass-staff-to-hack-password-vaults

• GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories https://www.darkreading.com/threat-intelligence/gpt-4-can-exploit-most-vulns-just-by-reading-threat-advisories

• 'MadMxShell' leverages Google Ads to deploy malware via Windows backdoor https://www.scmagazine.com/news/madmxshell-leverages-google-ads-to-deploy-malware-via-windows-backdoor

Education Opportunities

• Federal Cyber Defense Skilling Academy – Cyber Defense Incident Responder (CDIR) Pathway (Fed Employees) https://www.cisa.gov/resources-tools/programs/federal-cyber-defense-skilling-academy-cyber-defense-incident-responder-cdir-pathway

Legislative Watch

• Congress Urged to Enforce Minimum Healthcare Cyber Standards (04/18) https://www.meritalk.com/articles/congress-urged-to-enforce-minimum-healthcare-cyber-standards

• House panel hears warnings around AI and ransomware https://thehill.com/homenews/house/4599587-ai-ransomware-easier-committee/

• The White House has asked states to submit plans by June 28 on preventing hacks on water systems and a Congressional bill proposes new cyber rules for the sector. https://www.wsj.com/articles/water-facilities-warned-to-improve-cybersecurity-as-nation-state-hackers-pounce-69ca8818

• House committee hears testimony on 2 privacy bills https://thehill.com/policy/technology/4597926-house-panel-to-debate-privacy-kids-safety-bills/

Trends

• Akira ransomware gang made $42 million from 250 attacks since March 2023: FBI (04/18) https://therecord.media/akira-ransomware-attacked-hundreds-millions

• Bots dominate internet activity, account for nearly half of all traffic https://www.helpnetsecurity.com/2024/04/18/automated-bots-internet-traffic/

Career

• 5 Strategies for Improving Mental Health at Work https://hbr.org/2024/04/5-strategies-for-improving-mental-health-at-work

• Are you a toxic cybersecurity boss? How to be a better CISO https://www.csoonline.com/article/2092097/are-you-a-toxic-cybersecurity-boss-how-not-to-be-a-badly-behaved-ciso.html

• How to Start a Career in Cybersecurity https://www.careersinfosecurity.com/blogs/how-to-start-career-in-cybersecurity-p-3613