Cyber Risk Update 23 DEC 2022

Supply Chain Risks - emergency services often rely on satellite communications.

• Suspected Russian Hackers Infiltrated U.S. Satellite Network https://www.cyberscoop.com/apt28-fancy-bear-satellite

Local Governments are still a target

• Little Rock School District approves $250K payment in ransomware settlement https://www.cybersecuritydive.com/news/little-rock-school-ransomware-payment/639083/

• Election disinformation campaigns fizzled, but still concerning https://www.cyberscoop.com/2022-midterm-election-interference-nation-state/

• New Agenda Ransomware Variant, Written in Rust, Aiming at Critical Infrastructure - https://thehackernews.com/2022/12/new-agenda-ransomware-variant-written.html

• Studies show that on average, 1,200 organizations fall victim to ransomware on a weekly basis. https://go.techtarget.com/r/255679556/36921820

• US agencies conclude Iran is likely behind website aimed at stoking violence against election officials - https://www.cyberscoop.com/fbi-iran-cisa-death-threats-election/

Threat Actors are busy during the holidays

• Incident responders brace for end-of-year cyber scaries. Fears of the next SolarWinds or Log4j-style incident hitting over the holidays have some cybersecurity experts on edge. https://www.cybersecuritydive.com/news/cyber-security-incident-response-holiday-prep/639137/?:%202022-12-21%20Cybersecurity%20Dive%20%5Bissue:46917%5D

• FBI Warns of Last Minute Holiday Scams https://www.fbi.gov/contact-us/field-offices/atlanta/news/press-releases/fbi-atlanta-warns-georgians-of-last-minute-holiday-scams

• Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users https://www.ic3.gov/Media/Y2022/PSA221221

Upcoming compliance changes

• The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act, expands the data privacy law to cover employees, job applicants, independent contractors, and the operations between businesses. A previous exemption excluded employee data from the CCPA sunsets at the end of the year. https://www.cybersecuritydive.com/news/ccpa-data-privacy-compliance-AI-bias/639318/

Looking forward

• How our outlook on cybersecurity will change in 2023 "cybersecurity (in some shape or form) is in the minds of nearly all major stakeholders, board members, and leadership teams across the world." https://betanews.com/2022/12/22/outlook-cybersecurity-2023/

• Taking a ‘whole of state’ approach to cybersecurity. The continuing escalation and sophistication of cyber-attacks highlight the increasing importance for state government officials and private sector enterprises to band together in a so-called “whole of state” approach to creating a sustainable cybersecurity defense. https://statescoop.com/video/taking-a-whole-of-state-approach-to-cybersecurity/