Cyber Risk Update 3 NOV 2023

Local Discord Name Change

We are thrilled to announce the results of our recent server name vote, and we have a clear winner! Effective immediately, our server will be known as "CIKR Cyber Sentinels," with "CIKR" pronounced as "Kicker." We'd like to extend our heartfelt gratitude to all of you who participated in the voting process. Your engagement and enthusiasm in shaping our server's identity have been truly inspiring. The name "CIKR Cyber Sentinels" reflects our dedication to safeguarding our digital infrastructure and underscores the critical importance of our work. Thank you once again for your involvement, and we look forward to a bright future as the "CIKR Cyber Sentinels" team. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V

Featured Post

Discussion of cyber risk within corporate walls (What about Local Government?) https://www.learnsecurity.org/single-post/discussion-of-cyber-risk-within-corporate-walls

Cyber Criminals

'One of the most dangerous financial criminal groups' responsible for MGM cyberattack. Scattered Spider's extensive range of TTPs "crosses boundaries to facilitate extortion, encryption, and destruction," says Microsoft. https://www.scmagazine.com/news/one-of-the-most-dangerous-financial-criminal-groups-responsible-for-mgm-cyberattack
Why rookie hackers are capitalizing on ransomware. Low-end cybercriminals now have access to ransomware tools, but smart security teams can also use them to learn how the attacks work and defend against them. https://www.scmagazine.com/perspective/why-rookie-hackers-are-capitalizing-on-ransomware
Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments - https://thehackernews.com/2023/11/kinsing-actors-exploit-linux-flaw-to.html

Cybersecurity Awareness Month

Don't Wait, Update https://www.learnsecurity.org/single-post/don-t-wait-update
Spooktacular Cybersecurity: Stay Safe with Multifactor Authentication (MFA) This Halloween https://www.learnsecurity.org/single-post/spooktacular-cybersecurity-stay-safe-with-multifactor-authentication-mfa-this-halloween
4 Easy Ways to Stay Safe Online https://www.learnsecurity.org/single-post/4-easy-ways-to-stay-safe-online
Cybersecurity Awareness Month Kick Off https://www.learnsecurity.org/single-post/cybersecurity-awareness-month-kick-off
San Diego Business Journal: Phishing Is Best Caught Early (10/16) https://www.sdbj.com/cyber-security/phishing-is-best-caught-early/
Haunted by Weak Passwords? Unlocking the Secrets of Strong Passwords: A Spook-Free Guide for Cybersecurity Awareness Month. https://www.learnsecurity.org/single-post/haunted-by-weak-passwords
Outsmarting Online Monsters: A Guide to Phishing Prevention https://www.learnsecurity.org/single-post/outsmarting-online-monsters-a-guide-to-phishing-prevention

Incidents

LockBit Group Claims Cyberattack on Boeing. The LockBit ransomware group said it was behind a cyberattack on Boeing, Reuters reports. Hackers said they have a “tremendous amount” of Boeing’s data and will post it online if the company doesn’t pay a ransom by Nov. 2. A Boeing spokeswoman said it is “assessing this claim.” The U.S. Cybersecurity and Infrastructure Security Agency said LockBit claimed more victims on its data leak site than any other cybercrime group last year. https://www.reuters.com/business/aerospace-defense/boeing-assessing-lockbit-hacking-gang-threat-sensitive-data-leak-2023-10-27/
Stanford University Investigates Cyberattack. Stanford said it is investigating a cybersecurity incident at the university’s Department of Public Safety to determine the extent of impact. The system that was affected has now been secured. “Based on our investigation to date, there is no indication that the incident affected any other part of the university, nor did it impact police response to emergencies,” the university said in a statement. (WSJ) https://news.stanford.edu/report/2023/10/27/stanford-statement-department-public-safety-cybersecurity-incident/
Toronto Public Library Deals With Hack. Toronto Public Library said it is addressing a cybersecurity incident and some services are unavailable, including public computers, online accounts and digital collections. Library branches are still open and users are able to borrow and return materials, the library said. The library said it anticipates that it may take several days to restore all systems. https://torontopubliclibrary.typepad.com/tpl_maintenance/toronto-public-library-website-maintenance.html
Bermuda Government, Police Systems Still Disrupted Five Weeks After Hack. The Bermuda government’s technology services still haven’t been fully restored after a cyberattack on Sept. 20, the Royal Gazette reports. An electronic land registration system was still down as of last week. The website was created to reduce fraud and remove the need for paper deeds. https://www.royalgazette.com/politics/news/article/20231026/bermuda-cyberattack-still-affecting-systems-five-weeks-on/
ServiceNow Data Exposure: A Wake-Up Call for Companies https://thehackernews.com/2023/10/servicenow-data-exposure-wake-up-call.html
Hackers email stolen student data to parents of Nevada school district https://www.bleepingcomputer.com/news/security/hackers-email-stolen-student-data-to-parents-of-nevada-school-district/
A new report suggests that Russian hackers managed to access over half a million government email addresses at the Department of Justice (DOJ) and Department of Defense (DOD) last spring. As reported by the Daily Caller, over 600,000 emails were breached by a hacking group known as CI0p, which subsequently obtained links to government employee surveys and internal employee tracking codes for the DOJ and DOD from the Office of Personnel Management (OPM). This breach was revealed in a report that OPM submitted to the House Science, Space, and Technology Committee, which was made public by a Freedom of Information Act (FOIA) request... Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA) confirmed a large-scale attack by the ransomware group CI0p, but echoed the report’s determination that the information that was stolen would not present a “systemic risk” to national security. https://amgreatness.com/2023/10/31/report-russian-hackers-breached-hundreds-of-thousands-of-government-email-addresses/

TTP & Malware

Octo Tempest Group Threatens Physical Violence as Social Engineering Tactic. The financially motivated English-speaking threat actors use advanced social engineering techniques, SIM swapping, and even threats of violence to breach targets. https://www.darkreading.com/threat-intelligence/octo-tempest-group-threatens-physical-violence-social-engineering-tactic
An advanced feature of Google targeted ads can allow a rarely precedented flood of malware infections, rendering machines completely useless. https://www.darkreading.com/endpoint/google-dynamic-search-ads-malware-deluge
Massive Cybercrime URL Shortening Service Uncovered Via DNS Data. An actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four years while keeping a sufficiently low profile to operate undetected. In less than a month, Prolific Puma has registered thousands of domains, many on the U.S. top-level domain (us TLD), to help with the delivery of phishing, scams, and malware. https://www.bleepingcomputer.com/news/security/massive-cybercrime-url-shortening-service-uncovered-via-dns-data/

Nation States

North Korea’s state hacking program is varied, fluid, and nimble. North Korea’s evolving and flexible hacking structure encompasses a wide range of malicious activity beyond stealing from cryptocurrency exchanges, fueled by a small but nimble cyber workforce. https://www.csoonline.com/article/657312/north-koreas-state-hacking-program-is-varied-fluid-and-nimble.html
Forbes: Russian Hackers Breached 632,000 DOJ And Pentagon Email Addresses in Massive MOVEit Cyberattack, Report Says (10/30) https://www.forbes.com/sites/tylerroush/2023/10/30/russian-hackers-breached-632000-doj-and-pentagon-email-addresses-in-massive-moveit-cyberattack-report-says/?sh=173885c83cd8
North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware https://thehackernews.com/2023/11/north-korean-hackers-tageting-crypto.html

Governance Risk and Compliance

What the Boardroom Is Missing: CISOs. From communicating why security should be a priority to advocating for accountability and greater focus on protecting data in the cloud, CISOs can make the case for keeping people and sensitive data secure. https://www.darkreading.com/operations/what-the-boardroom-is-missing-cisos
Discussion of cyber risk within corporate walls https://www.learnsecurity.org/single-post/discussion-of-cyber-risk-within-corporate-walls

Trends

Cyber Attacks: The Same Old Story, Only Improved https://wp.nyu.edu/compliance_enforcement/2023/10/28/cyber-attacks-the-same-old-story-only-improved/
The top-level domain for the United States -- .US -- is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified .US domains as among the most prevalent in phishing attacks over the past year. https://krebsonsecurity.com/2023/10/us-harbors-prolific-malicious-link-shortening-service/
CRN: 5 Big Microsoft Changes Meant to Improve Its Security (11/02) https://www.crn.com/news/security/5-big-microsoft-changes-meant-to-improve-its-security

Tools and Resources

Cyber Security News: CISA Announces New Logging Tool for Windows-based Devices (10/30) https://cybersecuritynews.com/cisa-announces-new-logging-made-easy-tool

Vulnerabilities

UAE Cyber Council Warns of Google Chrome Vulnerability. The country has issued a recommendation to update after a high-risk vulnerability was disclosed last week in the browser. https://www.darkreading.com/dr-global/uae-cyber-council-warns-google-chrome-vulnerability

Liability

The SEC on Monday sued technology company SolarWinds and its head of security, Tim Brown, alleging they defrauded shareholders by misleading them about cyber vulnerabilities and the scope of a 2020 cyberattack. https://www.wsj.com/finance/regulation/sec-sues-solarwinds-over-2020-hack-attributed-to-russians-70562fb5
The first-of-its-kind move by the SEC has CISOs concerned that how they respond to a hack, or how they communicate internally and publicly about cybersecurity, could leave them open to legal action. Read our full story. The lawsuit, which SolarWinds and Brown intend to fight, cites internal email and documents that the SEC says paint a different picture about the company's cyber risk than its public statements do. https://www.wsj.com/articles/cyber-chiefs-worry-about-personal-liability-as-sec-sues-solarwinds-executive-0b69cdf3
SEC Charges Against SolarWinds CISO Send Shockwaves Through Security Ranks. The legal actions may have a chilling effect on hiring CISOs, who are already in short supply, but may also expose just how budget-constrained most security executives are. https://www.darkreading.com/attacks-breaches/sec-charges-against-solarwinds-ciso-send-shockwaves-through-security-ranks

Events

Microsoft Ignite 2023. Experience AI transformation in action, online from anywhere. Discover the best of what's next in technology, problem-solve with experts, and make global connections. Empower yourself to lead your organization by attending Microsoft Ignite. Online: November 15–16, 2023 PT | In Seattle: November 14–17, 2023 PT. https://ignite.microsoft.com/en-US/home
The Independent: Swalwell Hosts Cybersecurity Summit at Las Positas College (11/02) https://www.independentnews.com/news/livermore_news/swalwell-hosts-cybersecurity-summit-at-las-positas-college/article_1dad40cc-793c-11ee-9376-af3887d50f88.html