Cyber Risk Update 26 JAN 2024

This is a selection of this week's events.  For more news and advisories, check out our discord server.  CIKR Cyber Sentinels discord server. This server is focused on cybersecurity collaboration with critical infrastructure stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V  

Resources and Guides

• Incident Response Guide Water and Wastewater Sector (Jan 2024) https://www.ic3.gov/Media/News/2024/240118-2.pdf

Nation-States

• North Korea continues to target private companies to illicitly acquire income for its WMD and ballistic missile programs. For an overview of North Korean cyber operations, explore this product from ODNI’s Cyber Threat Intelligence Integration Center: https://www.dni.gov/files/CTIIC/documents/products/North-Korean-TTPs-for-Revenue-Generation.pdf

• Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs https://thehackernews.com/2024/01/microsoft-warns-of-widening-apt29.html

Financial Impact

• Cyber-attacks affecting parties in structured finance (SF) transactions could have credit implications for SF notes even if they do not cause, or seem likely to cause, a payment default, Fitch Ratings says. The credit impact could result from interruptions to operational activities, a reassessment of the quality of risk management, or spill-overs to underlying obligor behavior. Ultimately, a cyber-attack could lead to a missed bond payment that is owed on a timely basis. https://www.fitchratings.com/research/structured-finance/cyber-attacks-can-present-various-risks-to-structured-finance-deals-25-01-2024

• DOE Announces Up to $70 Million to Strengthen Energy Sector Against Physical and Cyber Hazards https://www.energy.gov/articles/doe-announces-70-million-strengthen-energy-sector-against-physical-and-cyber-hazards

TTP & Malware

• Microsoft reveals how hackers breached its Exchange Online accounts https://www.bleepingcomputer.com/news/security/microsoft-reveals-how-hackers-breached-its-exchange-online-accounts/

• Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair. https://krebsonsecurity.com/2024/01/using-google-search-to-find-software-can-be-risky/

Cyber Incidents

• Local governments in Colorado, Pennsylvania and Missouri dealing with ransomware https://therecord.media/local-governments-across-us-dealing-with-ransomware

• EquiLend systems offline after cyberattack https://www.bloomberg.com/news/articles/2024-01-24/latest-cyberattack-leaves-banks-stuck-with-excel-and-a-headache

Definitions

• Shadow IT: Shadow IT is any software, hardware or IT resource used on an enterprise network without the IT department’s approval and often without IT’s knowledge or oversight. https://www.ibm.com/topics/shadow-it

Good News

• Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree https://thehackernews.com/2024/01/russian-trickbot-mastermind-gets-5-year.html

• Ukraine: Hack wiped 2 petabytes of data from Russian research center https://www.bleepingcomputer.com/news/security/ukraine-hack-wiped-2-petabytes-of-data-from-russian-research-center/

• Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. https://krebsonsecurity.com/2024/01/who-is-alleged-medibank-hacker-aleksandr-ermakov/

Vulnerabilities

• Nearly 800 GoAnywhere instances are unpatched, exposed to critical CVE. Although patching lags, the number of hosts with publicly exposed and vulnerable admin interfaces are limited. https://www.cybersecuritydive.com/news/goanywhere-unpatched-critical-CVE/705759/

AI

• US FTC Launches Investigation Into Tech Giants' AI Influence. Chair Lina Khan Says Probe Will Look for Potential 'Undue Influence' https://www.govinfosecurity.com/us-ftc-launches-investigation-into-tech-giants-ai-influence-a-24192

Useful resources for AI

• CISA on AI https://www.cisa.gov/ai 

• AI Road Map https://www.cisa.gov/resources-tools/resources/roadmap-ai

• Federal AI https://ai.gov/ 

• CISA Artificial Intelligence Use Cases https://www.cisa.gov/ai/cisa-use-cases

• NIST AI Risk Management Framework https://www.nist.gov/itl/ai-risk-management-framework

• Engaging with Artificial Intelligence (AI) https://www.cyber.gov.au/resources-business-and-government/governance-and-user-education/governance/engaging-with-artificial-intelligence

Guidance

• CISA published Guidance on Assembling a Group of Products created by the Software Bill of Materials (SBOM) Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to advance and refine SBOM and ultimately promote adoption. Specifically, software producers often need to assemble and test products together before releasing them to customers. These products may contain components that experience version changes over time, therefore creating a need to be tracked. This document serves as a guide for creating the build for SBOM assembled products.  https://www.cisa.gov/resources-tools/resources/guidance-assembling-group-products

Governance Risk and Compliance

• Crossing a New Threshold for Material Cybersecurity Incident Reporting https://wp.nyu.edu/compliance_enforcement/2024/01/25/crossing-a-new-threshold-for-material-cybersecurity-incident-reporting/

Career

• CISA Interns https://www.cisa.gov/careers/work-rolescyber-and-it-interns