Cyber Risk Update 28 JUL 2023
This is a selection of this week's events. For more news and advisories, check out our discord server. Local Government Cyber Watch discord server. This server is focused on cybersecurity collaboration with local government stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V
Bonus Content!
Achievement Unlocked: Relate Shark Week to Cybersecurity https://www.learnsecurity.org/single-post/achievement-unlocked-relate-shark-week-to-cybersecurity
The FBI’s Cynthia Kaiser on How the Bureau Fights Ransomware https://cyberscoop.com/cynthia-kaiser-fbi-ransomware-hive/
The John Walker Spy Ring and The U.S. Navy’s Biggest Betrayal https://news.usni.org/2014/09/02/john-walker-spy-ring-u-s-navys-biggest-betrayal
Cybersecurity Heroes: A Look at How Organizations Empower Cybersecurity Awareness https://www.learnsecurity.org/single-post/cybersecurity-heroes-a-look-at-how-organizations-empower-cybersecurity-awareness
Incidents
Ransomware Prompted Emergency Declaration for Mississippi County. The ransomware attack, concealed in an email, downed all three of the George County’s servers when it struck on July 15. The incident prompted an emergency declaration that allowed the IT team to circumvent contracting processes. https://www.govtech.com/security/ransomware-prompted-emergency-declaration-for-mississippi-county
Hawai'i Community College Pays Ransomware Gang To Prevent Data Leak https://www.bleepingcomputer.com/news/security/hawaii-community-college-pays-ransomware-gang-to-prevent-data-leak/
NetScaler RCE bug abused to pilfer critical infrastructure Active Directory data. CISA reported the attack on an unnamed critical infrastructure organization two days after Citrix issued a patch for the vulnerability. https://www.scmagazine.com/news/critical-infrastructure/netscaler-rce-bug-critical-infrastructure-active-directory-data
Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps. China-linked APT actors could have single-hop access to the gamut of Microsoft cloud services and apps, including SharePoint, Teams, and OneDrive, among many others. https://www.darkreading.com/cloud/microsoft-365-breach-risk-widens-millions-of-azure-ad-apps
Financial Impact
Orgs Face Record $4.5M Per Data Breach Incident. Cl0p stands to make $100M on the MOVEit campaign, and according to a just-released survey, more than half of businesses are willing to pass data breach costs onto customers. https://www.darkreading.com/attacks-breaches/orgs-record-4.5m-data-breach-incident
Resources
On MSFT: Microsoft Expands Cloud Security Measures To Combat Rising Nation-State Cyberthreats (07/21) https://www.onmsft.com/news/microsoft-expands-cloud-security-measures-to-combat-rising-nation-state-cyberthreats/
Do this now https://securitytxt.org/
GRC
The old “trust but verify” adage should be the motto for every CISO. Zero trust is not enough. CISOs should abandon trust and focus on verifying everything from third-party tools to their teams' abilities. https://www.csoonline.com/article/646698/the-old-trust-but-verify-adage-should-be-the-motto-for-every-ciso.html
Why whistleblowers in cybersecurity are important and need support. Security workers who want to come forward about wrongdoings risk retaliation and fear not making a difference. Should society do more to support them? https://www.csoonline.com/article/646644/why-whistleblowers-in-cybersecurity-are-important-and-need-support.html
Knowledge Bytes
AIT scams. Artificial inflation of traffic (AIT) scam also known as SMS traffic-pumping scams. Find out more at https://www.csoonline.com/article/646950/the-rise-of-ait-scams-how-fraudsters-are-undermining-text-passcodes.html
Malware and TTP
Lazarus Hackers Hijack Microsoft IIS Servers To Spread Malware https://www.bleepingcomputer.com/news/security/lazarus-hackers-hijack-microsoft-iis-servers-to-spread-malware/
New AI phishing tool FraudGPT tied to same group behind WormGPT. Much like WormGPT, Netenrich researchers said this new set of phishing tools has also focused on business emails compromises (BEC). https://www.scmagazine.com/news/new-ai-phishing-tool-fraudgpt-tied-to-same-group-behind-wormgpt
Ransomware Delivery URLs: Top Campaigns and Trends https://unit42.paloaltonetworks.com/url-delivered-ransomware/
Massive macOS Campaign Targets Crypto Wallets, Data https://www.darkreading.com/attacks-breaches/massive-campaign-targets-macos-users-crypto-wallet-data-theft
FBI Director Lays Out Bureau’s Stance on Artificial Intelligence at Cyber Threat Summit https://www.fbi.gov/news/stories/fbi-director-lays-out-bureau-s-stance-on-artificial-intelligence-at-cyber-threat-summit
Vulnerabilities
A set of five security vulnerabilities have been disclosed in the Terrestrial Trunked Radio (TETRA) standard for radio communication used widely by government entities and critical infrastructure sectors, including what's believed to be an intentional backdoor that could have potentially exposed sensitive information. https://thehackernews.com/2023/07/tetraburst-5-new-vulnerabilities.html
Comments