Cyber Risk Update 23 JUN 2023

Here is some of the latest news on cyber risk.

Incident Response

Ransomware attacks pose communications dilemmas for local governments. Experts say it's crucial that local governments communicate with the public following a ransomware attack but must walk a fine line between sharing too little and too much information. https://www.csoonline.com/article/3700488/ransomware-attacks-pose-communications-dilemmas-for-local-governments.html

Tabletop Exercises

Operation Veritas: Tackling Disinformation - Tabletop Exercise in a Box https://www.learnsecurity.org/single-post/operation-veritas-tackling-disinformation-tabletop-exercise-in-a-box

Local Government Cyber Watch discord server. This server is focused on cybersecurity collaboration with local government stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V

Vulnerabilities

US feds stress urgent MOVEit platform patching after attacks hit agencies. The Clop ransomware gang has hit at least three US government agencies by exploiting MOVEit file transfer flaws. The State Department offered a $10-million reward for proof of Clop links to a foreign government. https://www.csoonline.com/article/3700150/us-feds-stress-urgent-moveit-platform-patching-after-attacks-hit-agencies.html

Incidents

Calpers data at risk: California Public Employees’ Retirement System said the personal information of about 769,000 of its retired members was compromised after it became the latest large organization to be affected by cyberattacks involving Progress Software's MoveIt file-transfer tool. The data breach occurred at PBI Research Services/Berwyn Group, which Calpers uses to track member deaths and avoid overpaying beneficiaries. https://www.wsj.com/livecoverage/stock-market-today-dow-jones-06-22-2023/card/calpers-latest-hit-by-attack-on-file-sharing-tool-2x5hGEBHGEESau9ZuvxC
There seems to be very little information on this, but many local government law enforcement agencies use Priority Dispatch products. Even if a solution is completely on-prem and doesn't phone home, there could still be concerns about any agency information the vendor has or depending on how long they were in their system, the potential for a supply chain compromise. https://securecyberdefense.com/priority-dispatch-compromise/ (Mark Kirkendall posted)
Gen Digital, the parent company of the security companies Avast and Norton, is the latest victim in a rash of Cl0p attacks on the bug in the MOVEit transfer software, leading to employee data being revealed. https://www.darkreading.com/attacks-breaches/avast-norton-victim-moveit-ransomware-attacks

Cyber Insurance

Cyber Insurance: A Growth Market for Insurers With Some Caveats. As demand for cyber insurance continues to grow, insurers must remain vigilant in managing the changing risk associated with the line of coverage. According to DBRS Morningstar, while cyber insurance is a market opportunity for insurers, it also presents a different type of risk to manage, one that can be more difficult to value and price than most other insurance risks. https://www.insurancejournal.com/magazines/mag-features/2023/06/19/725399.htm
Cyber Insurance Premiums Surge by 50% as Ransomware Attacks Increase. US cyber insurance premiums surged 50% in 2022 as increased ransomware attacks and online commerce drove demand for coverage. Premiums collected from policies written by insurers reached $7.2 billion in 2022 and tripled in the past three years, ratings firm AM Best said in a study released this week. https://www.insurancejournal.com/news/national/2023/06/14/725215.htm

Cybersecurity Budget

Security budget hikes are missing the mark, CISOs say. Knee-jerk security budget reactions and impractical expectations are hampering the ability of CISOs to make business-critical security investments. https://www.csoonline.com/article/3700073/security-budget-hikes-are-missing-the-mark-cisos-say.html

Third-Party Risk

Why assessing third parties for security risk is still an unsolved problem. A recent ranking of the most cyber-secure companies reveals weaknesses in current third-party risk management practices. https://www.csoonline.com/article/3699433/why-assessing-third-parties-for-security-risk-is-still-an-unsolved-problem.html

TTP

Attackers Create Synthetic Security Researchers to Steal IP. Threat groups created a fake security company, "High Sierra," with faux exploits and fake profiles for security researchers on GitHub and elsewhere, aiming to get targets to install their malware. https://www.darkreading.com/attacks-breaches/attackers-create-synthetic-security-researchers

Cyber Criminals

Emerging Ransomware Group 8Base Doxxes SMBs Globally. A threat you've never heard of is using double extortion attacks on mom-and-pop shops around the globe. https://www.darkreading.com/vulnerabilities-threats/emerging-ransomware-8base-doxxes-smbs-globally

Nation States

Critical Barracuda ESG Zero-Day Linked to Novel Chinese APT. A PRC-aligned actor used a trio of custom malware to take advantage of inherent weaknesses in edge appliances. https://www.darkreading.com/attacks-breaches/critical-barracuda-esg-zero-day-chinese-apt
North Korean APT targets defectors, activists with infostealer malware. The AhnLab Security Emergency Response Center reported that the infostealer had wiretapping features that were previously unknown.
https://www.scmagazine.com/news/malware/north-korean-apt-targets-defectors-activists-with-infostealer-malware
During the Trump administration, U.S. officials tracked workers from Chinese telecom companies Huawei Technologies and ZTE entering and exiting suspected Chinese spy facilities in Cuba, according to people familiar with the matter. The two countries already jointly run four eavesdropping stations on the island, according to U.S. officials. https://www.wsj.com/articles/u-s-tracked-huawei-zte-workers-at-suspected-chinese-spy-sites-in-cuba-355caddc
Malicious USB drives part of new self-propagating malware campaign. Researchers say the Chinese state-backed APT group is continuing to refine its espionage-focused tool set. https://www.scmagazine.com/news/threat-intelligence/usb-drives-self-propagating-malware