Cyber Risk Update 22 DEC 2023

This is a selection of this week's events. For more news and advisories, check out our discord server. CIKR Cyber Sentinels discord server. This server is focused on cybersecurity collaboration with critical infrastructure stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V

CISA: Holiday Online Safety Tips (The bad guys don't take the holidays off.)

Some AI-generated art for you!

Governance, Risk, and Compliance

FBI Guidance to Victims of Cyber Incidents on SEC Reporting Requirements: FBI Policy Notice Summary https://www.fbi.gov/investigate/cyber/fbi-guidance-to-victims-of-cyber-incidents-on-sec-reporting-requirements-fbi-policy-notice-summary
FBI Guidance to Victims of Cyber Incidents on SEC Reporting Requirements: Request a Delay https://www.fbi.gov/investigate/cyber/fbi-guidance-to-victims-of-cyber-incidents-on-sec-reporting-requirements-request-a-delay
Cybersecurity Dive: Cyber risk strategies in hot seat as SEC rules go live (12/20 https://www.cybersecuritydive.com/news/cyber-risk-sec-rules/703090
Bloomberg: Companies Are Still Trying to Figure Out How to Comply With SEC Cyber Rules https://www.bloomberg.com/news/articles/2023-12-18/companies-trying-to-figure-out-how-to-comply-with-sec-cyber-rules

Cyber Incidents

1.5 Billion Records Leaked in Real Estate Wealth Network Data Breach https://www.vpnmentor.com/news/report-realestatewealthnetwork-breach/
Xfinity Data Breach Impacts 36 Million Individuals https://www.securityweek.com/xfinity-data-breach-impacts-36-million-individuals/
2.7M medical records exposed in double-extortion ransomware attack. The personal information of U.S. patients was held by ESO Solutions which helps hospitals and emergency services track patient care. https://www.scmagazine.com/news/eso-solutions-says-2-7m-medical-records-exposed-in-oct-ransomware-attack
Title company First American said it took tech systems offline after a cybersecurity incident, providing no further details in a post at its website. https://www.firstamupdate.com/?mod=djemCybersecruityPro&tpl=cy
Sensitive data exposed in Ohio bank breach. Regional financial institution Middlefield Banc said Thursday that personal data about customers and current and former employees was compromised in an April cyberattack. https://www.sec.gov/Archives/edgar/data/836147/000119312523300259/d441183d8k.htm
Cowboy State Daily: Serious Cyber Breach In Rawlins Could Have Been Prelude To Ransomware Attack (12/20) https://cowboystatedaily.com/2023/12/20/serious-breach-of-rawlins-systems-could-have-been-prelude-to-ransomware-attack

Malware and TTP

Microsoft: Hackers target defense firms with new FalseFont malware https://www.bleepingcomputer.com/news/security/microsoft-hackers-target-defense-firms-with-new-falsefont-malware/
A detailed analysis of the Menorah malware used by APT34 https://securityscorecard.com/research/menorah-malware-apt34/
Chameleon Android Trojan Offers Biometric Bypass. A more sophisticated version of a "work in progress" malware is impersonating a Google Chrome app to attack a wider swath of mobile users. https://www.darkreading.com/endpoint-security/chameleon-android-trojan-offers-biometric-bypass
How AI Is Shaping the Future of Cybercrime. Cybercriminals are increasingly using AI tools to launch successful attacks, but defenders are battling back. https://www.darkreading.com/vulnerabilities-threats/how-ai-shaping-future-cybercrime
1,539 the Number of fake delivery websites that have sprung up worldwide since early November, according to research from cyber company Group-IB. The sites are intended to trick people worried about their in-transit packages into giving up payment data. https://www.group-ib.com/media-center/press-releases/christmas-fake-deliveries-scam/
Attackers Exploit 6-Year-Old Microsoft Office Bug to Spread Spyware. Malicious attachments that exploit an RCE flaw from 2017 are propagating Agent Tesla via socially engineered emails and an evasive infection method. https://www.darkreading.com/cloud-security/attackers-exploit-microsoft-office-bug-spyware
Hackers Abusing GitHub to Evade Detection and Control Compromised Hosts https://thehackernews.com/2023/12/hackers-abusing-github-to-evade.html

Cyber Criminals

The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released a decryption tool that hundreds of victim companies can use to recover systems. Meanwhile, BlackCat responded by briefly "unseizing" its darknet site with a message promising 90 percent commissions for affiliates who continue to work with the crime group, and open season on everything from hospitals to nuclear power plants. https://krebsonsecurity.com/2023/12/blackcat-ransomware-raises-ante-after-fbi-disruption/
Thieves are stealing iPhones, passcodes and thousands of dollars from their victims’ bank accounts. The culprits enable the phone's recovery key to make sure owners can’t get back into their Apple accounts. The company is rolling out its new Stolen Device Protection setting, designed to defend against such attacks. https://www.wsj.com/video/series/joanna-stern-personal-technology/an-iphone-thief-explains-how-he-steals-your-passcode-and-bank-account/C37B4009-E548-4459-8D0A-22B7400C3FEA
Inside Cybersecurity: CISA, FBI alert provides details on Blackcat ransomware following disruption campaign to support victims (Paywall) (12/20) https://insidecybersecurity.com/daily-news/cisa-fbi-alert-provides-details-blackcat-ransomware-following-disruption-campaign-support
Cybersecurity Dive: Notorious ransomware group tussles with law enforcement, regenerates after takedown (12/20) https://www.cybersecuritydive.com/news/notorious-ransomware-group-tussles-regenerates/703105
3,500 arrested, $300M seized in global cybercrime crackdown. Operation HAECHI IV, coordinated by Interpol, spanned 34 countries and led to more than 82,000 suspicious bank accounts being frozen. https://www.scmagazine.com/news/3500-arrested-300m-seized-in-global-cybercrime-crackdown
German police takes down Kingdom Market cybercrime marketplace https://www.bleepingcomputer.com/news/security/german-police-takes-down-kingdom-market-cybercrime-marketplace/
FBI: Play ransomware gang has attacked 300 orgs since 2022 (12/18) https://therecord.media/play-ransomware-targets-hundreds

Pranks Destroy Scam Callers

Nation States

Russian Water Utility Hacked in Retaliation for Kyivstar Hit. Moscow's Rosvodokanal water-management company was ransacked by Ukraine-aligned Blackjack group, with reports that the company's IT infrastructure was "destroyed." https://www.darkreading.com/ics-ot-security/ukrainian-hackers-strike-russian-water-utility
Attacks on critical infrastructure are harbingers of war: Are we prepared? The U.S. has to prepare itself for inevitable cyberattacks on critical infrastructure that seek to inflict both psychological and physical damage. https://www.scmagazine.com/perspective/attacks-on-critical-infrastructure-are-harbingers-of-war-are-we-prepared
China’s decades-long cyber theft could finally pay off in the Age of AI https://thehill.com/opinion/4369076-chinas-decades-long-cyber-theft-could-finally-pay-off-in-the-age-of-ai/
Iranian 'Seedworm' Cyber Spies Target African Telcos & ISPs https://www.darkreading.com/cyberattacks-data-breaches/iranian-seedworm-cyber-spies-target-african-telcos-isps
Pro-Israeli Hacktivists Attack Iranian Gas Stations. Iranian officials blame a software issue for the "disruption" to gasoline pumps. https://www.darkreading.com/cyberattacks-data-breaches/pro-israeli-hacktivists-attack-iranian-gas-stations

Resources

Gov Info Security: CISA Plans to Improve Threat Data-Sharing Approaches in 2024 (12/20) https://www.govinfosecurity.com/cisa-plans-to-improve-threat-data-sharing-approaches-in-2024-a-23940
FBI announces tool to combat ransomware tied to MGM cyberattack (12/19) https://www.nbcnews.com/tech/security/mgm-hack-cyberattack-fbi-ransomware-casino-rcna130473
CISA announces plan to update automated information sharing program, consolidate threat intelligence offerings (12/19) https://insidecybersecurity.com/daily-news/cisa-announces-plan-update-automated-information-sharing-program-consolidate-threat

Trends

26,447 is the number of vulnerabilities disclosed in 2023, up from 25,050 last year, according to research from cyber company Qualys. Of those categorized as high risk, hackers publish exploit tools for about 25% of them on the same day they are disclosed, Qualys said. "This statistic serves as a wake-up call for organizations to adopt a proactive stance toward patch management and threat intelligence," said Saeed Abbasi, a product manager in the company's threat research unit. https://blog.qualys.com/vulnerabilities-threat-research/2023/12/19/2023-threat-landscape-year-in-review-part-one

Career

How cybersecurity roles are changing and what to look for when hiring. https://www.csoonline.com/article/1257437/how-cybersecurity-roles-are-changing-and-what-to-look-for-when-hiring.html
Cisco plans to add another cybersecurity company to the fold, with the buyout of Isovalent https://investor.cisco.com/news/news-details/2023/Cisco-to-Acquire-Isovalent-to-Define-the-Future-of-Multicloud-Networking-and-Security/default.aspx
Biden signs order finalizing 5.2% pay raise for feds in 2024 https://www.govexec.com/pay-benefits/2023/12/biden-signs-order-finalizing-52-pay-raise-feds-2024/392978/
When it comes to leadership style, avoid being a Scrooge https://www.connectionculture.com/post/lessons-from-holiday-movies

AI

Rite Aid banned from using facial recognition software after falsely identifying shoplifters. FTC says the company's 'reckless use' of AI humiliated customers. https://techcrunch.com/2023/12/20/rite-aid-facial-recognition/
Tech Heavy Hitters Join Forces to Form AI Alliance: The Kiplinger Letter. The AI Alliance is an international community of leading technology developers and researchers to cooperate on AI standards, safety and security. https://www.kiplinger.com/business/tech-heavy-hitters-join-forces-ai-alliance-the-kiplinger-letter
UK government report says AI poses a threat to the country's next election. In an annual review of cyber security issues the National Cyber Security Centre warned of increasingly realistic, deepfake videos and other forms of disinformation. https://news.sky.com/story/ai-poses-growing-threat-to-next-general-election-warns-uk-cyber-security-agency-13007659
If AI sees you, it might also guess where you are. Stanford graduate students have found something else AI does well: identifying the locations where pictures were taken, which could expose information individuals never intended to share. https://www.npr.org/2023/12/19/1219984002/artificial-intelligence-can-find-your-location-in-photos-worrying-privacy-expert