Cyber Risk Update 21 JUL 2023

Local Government Resources

• CISA Executive Assistant Director for Cybersecurity Eric Goldstein provides intro to the Cybersecurity Performance Goals and how they are an easy first step for any organization to take looking to improve its cyber posture. Intro to CISA Cybersecurity Performance Goals (Video 2:15 min)

• How can local governments regulate generative AI—Just ask ChatGPT https://www.americancityandcounty.com/2023/07/19/how-can-local-governments-regulate-generative-ai-just-ask-chatgpt/

Fan Favorites

• Local Government Cyber Watch discord server. This server is focused on cybersecurity collaboration with local government stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V

Local Government Challenges

• How municipalities are dealing with being low-hanging targets for hackers. With lower budgets and staffing challenges, cities and municipalities must weather a host of difficulties not faced by their corporate brethren. But there are resources out there for local governments. https://www.csoonline.com/article/646482/how-municipalities-are-dealing-with-being-low-hanging-targets-for-hackers.html

Incidents

• The Hill: Sullivan: Hackers ‘did not get any classified federal information’ from agencies (07/16) https://thehill.com/policy/technology/4100297-sullivan-hackers-did-not-get-any-classified-federal-information-from-agencies/

• Governing: Solving Kansas City’s Overwhelmed 911 System Will Take Months (07/14) https://www.governing.com/infrastructure/solving-kansas-citys-overwhelmed-911-system-will-take-months

Knowledge Bytes

What is a false flag operation? The term "false flag" has its origins in naval warfare and dates back at least to the 16th century. The phrase comes from the practice of ships flying the flag of a different country or nation in order to deceive their enemies and gain an advantage in battle.

A false flag operation, in the context of a cyber incident, refers to a deceptive strategy in which a cyberattack is carried out by one entity but made to appear as if it was orchestrated by a different individual, organization, or nation-state. The primary goal of a false flag cyber operation is to mislead investigators and attribute blame to a scapegoat, diverting attention away from the true culprits. False flag cyber operations are highly sophisticated and require extensive planning and technical expertise. If successful, these operations can create confusion, diplomatic tensions, or even lead to retaliatory actions against innocent parties. Detecting and countering false flag cyber incidents demands thorough forensic analysis, international cooperation, and intelligence sharing among affected parties.

In Other News

• Possibly the world’s most famous hacker, Kevin Mitnick was a controversial figure who passed away July 16 after a 14-month battle with pancreatic cancer. He was 59. https://www.scmagazine.com/news/social-engineering/remembrances-pour-on-to-social-media-on-the-passing-of-famed-hacker-kevin-mitnick

• Microsoft 'Logging Tax' Hinders Incident Response, Experts Warn. A recent email compromise by Chinese APT group Storm-0558 highlights a lack of access to security logging by many Microsoft 365 license holders, prompting calls from researchers to abolish it. https://www.darkreading.com/remote-workforce/microsoft-logging-tax-hinders-incident-response

• Based on a collaborative partnership between the Cybersecurity and Infrastructure Security Agency (CISA) and Microsoft, many Microsoft customers will now have access to expanded cloud logging capabilities at no additional charge, which will enhance cyber defense and incident response. https://www.cisa.gov/news-events/news/when-tech-vendors-make-key-logging-info-available-free-everyone-wins

• The Best Leaders Are Also Technical Experts. Having a deep understanding your organization’s core business is part of leadership. https://hbr.org/podcast/2023/07/the-best-leaders-are-also-technical-experts

“After working collaboratively for over a year, I am extremely pleased with Microsoft’s decision to make necessary log types available to the broader cybersecurity community at no additional cost. While we recognize this will take time to implement, this is truly a step in the right direction toward the adoption of Secure by Design principles by more companies.” – Jen Easterly, Director of CISA

IoT

• White House unveils consumer labeling program to strengthen IoT security. The voluntary program is designed to protect millions of consumers and remote workers amid increased threat activity against smart home and IoT devices. https://www.cybersecuritydive.com/news/white-house-consumer-labeling-IoT/688256/

Elections

• The Associated Press: Efforts to deceive are a top concern among state election officials heading into 2024 (07/15). Efforts to deceive the public about voting and elections remain a top concern for state election officials as they dig into preparations for the 2024 election. Misinformation and the emergence of generative artificial intelligence tools to create false and misleading content were cited in interviews with several secretaries of state gathered recently for their national conference. Other top concerns were staffing and the loss of experienced leaders overseeing elections at the local level. The officials were gathered in Washington for the annual summer conference of the National Association of Secretaries of State. https://apnews.com/article/election-2024-voting-misinformation-ai-c21c051a667cc93df75b08501870e90c

• Fagen Wasanni: Generative AI Poses Major Threat to U.S. Presidential Election, Says Biden’s Pick for NSA and Cyber Command (07/20) https://fagenwasanni.com/news/generative-ai-poses-major-threat-to-u-s-presidential-election-says-bidens-pick-for-nsa-and-cyber-command/66068/

TTX

• Security Magazine: CISA conducts joint exercise to keep fans and athletes safe (07/14) https://www.securitymagazine.com/articles/99644-cisa-conducts-joint-exercise-to-keep-fans-and-athletes-safe

• Demystifying Cyber Tabletop Exercises https://www.learnsecurity.org/single-post/demystifying-cyber-tabletop-exercises

• Choosing the Right Participants: A Guide to Inviting Stakeholders for Your Cyber Tabletop Exercise https://www.learnsecurity.org/single-post/choosing-the-right-participants-a-guide-to-inviting-stakeholders-for-your-cyber-tabletop-exercise

• Building Resilience: Exploring the Benefits of Cyber Tabletop Exercises https://www.learnsecurity.org/single-post/building-resilience-exploring-the-benefits-of-cyber-tabletop-exercises

Awareness

• Watch out for this new malicious ransomware disguised as Windows updates (07/16) https://www.foxnews.com/tech/watch-out-new-malicious-ransomware-disguised-windows-updates

• Unmasking Empty Threats Scams: How to Spot and Defend Against These Scams https://www.learnsecurity.org/single-post/unmasking-empty-threats-scams-how-to-spot-and-defend-against-these-scams

Critical Infrastructure

• Electrical Grid Stability Relies on Balancing Digital Substation Security. Because digital substations are critical elements of electrical systems, they are a prime target for sophisticated cyberattacks. https://www.darkreading.com/attacks-breaches/electrical-grid-stability-relies-on-balancing-digital-substation-security

• EV Charging Networks Prepare for Cyberattacks. Mandates for electric-vehicle sales have raised concerns over poorly defended charging stations—and the possibility for spillover hacks of wider power grids. https://www.wsj.com/articles/ev-charging-networks-prepare-for-cyberattacks-7bf488d7

• Dark Reading: Linux Ransomware Poses Significant Threat to Critical Infrastructure (07/18) https://www.darkreading.com/vulnerabilities-threats/linux-ransomware-poses-significant-threat-to-critical-infrastructure

Nation State

• Benzinga: Aggressive China Hackers Could Threaten Critical US Infrastructure (07/18) https://www.benzinga.com/content/33266786/aggressive-china-hackers-could-threaten-critical-us-infrastructure

• Utility Experts Highlight Chinese Threat to US Electric Grid https://www.govinfosecurity.com/utility-experts-highlight-chinese-threat-to-us-electric-grid-a-22578

• Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware https://thehackernews.com/2023/07/chinese-apt41-hackers-target-mobile.html

Malware TTP

• Bleeping Computer: Cybersecurity firm Sophos impersonated by new SophosEncrypt ransomware (07/18) https://www.bleepingcomputer.com/news/security/cybersecurity-firm-sophos-impersonated-by-new-sophosencrypt-ransomware/

Privacy

• Only half of organizations “very prepared” to meet global data privacy laws. Cybersecurity is the number one data privacy concern for global businesses as AI and biometrics increasingly play into the data privacy law equation. Read more https://www.csoonline.com/article/646475/only-half-of-organizations-very-prepared-to-meet-global-data-privacy-laws.html

Recovery

• Disaster Recovery as a Service Is Vital to State and Local Government’s Defense (07/19) https://statetechmagazine.com/article/2023/07/what-is-draas-defend-against-ransomware-perfcon