Cyber Risk Update 30 JUN 2023

Bonus Stuff

• Local Government Cyber Watch discord server. This server is focused on cybersecurity collaboration with local government stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V

• The Power of Collaboration in Cyber Defense: Building a Resilient Community https://www.learnsecurity.org/single-post/the-power-of-collaboration-in-cyber-defense-building-a-resilient-community

• Operation Veritas: Tackling Disinformation - Tabletop Exercise in a Box https://www.learnsecurity.org/single-post/operation-veritas-tackling-disinformation-tabletop-exercise-in-a-box

Incident Response

• Here’s how to use cyber threat intelligence to augment incident response https://www.scmagazine.com/perspective/incident-response/heres-how-to-use-cyber-threat-intelligence-to-augment-incident-response

Governance, Risk, and Compliance

• Cyberrisk presents a Catch-22 as organizations digitalize, because reduced digitalization could decrease cyberthreats but could also hamper business growth, writes Doron Rozenblum, global chair of internal audit and risk at Kreston Global. Rozenblum explains internal audit's role in cybersecurity, including identifying assets most likely to be cyberattacked and gauging management's readiness to respond to cyber incidents. https://www.accountingtoday.com/opinion/why-internal-audit-is-the-key-to-cyber-risk-management

• 5 Steps for Minimizing Dark Data Risk. Dark data may be your most elusive asset, but it can also be your most costly if you don't protect it. https://www.darkreading.com/vulnerabilities-threats/5-steps-for-minimizing-dark-data-risk

Third Party | Supply Chain | Cloud

• “SCuBA”? It means better visibility, standards and security practices for government cloud. The Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure Cloud Business Applications (SCuBA) Project is proud to announce its first series of guidance documents are now publicly available. With input from public comment period last year, the final security guidance consists of an Extensible Visibility Reference Framework (eVRF) Guidebook and Technical Reference Architecture (TRA) document, which will help public and private entities implement security, visibility, and resilience best practices for their cloud services.  https://www.cisa.gov/news-events/news/scuba-it-means-better-visibility-standards-and-security-practices-government-cloud

Critical Infrastructure

• Security Intelligence: High-Impact Attacks On Critical Infrastructure Climb 140% (06/26) https://securityintelligence.com/news/high-impact-attacks-on-critical-infrastructure-climb-140/

• Why Cyber Funding Flows for Rural Water Systems. The $7.5 million in new funds from the Cybersecurity for Rural Water Systems Act of 2023 is not just a drop in the bucket for crucially important rural water systems. https://www.darkreading.com/ics-ot/cyber-funding-rural-water-systems

AI

• Fox 12: Artificial intelligence program will soon help with Portland non-emergency calls (06/26) https://www.kptv.com/2023/06/26/artificial-intelligence-program-will-soon-help-with-portland-non-emergency-calls/

• ChatGPT, Generative AI Gets 6-Month Ban in Maine Government https://www.govtech.com/artificial-intelligence/chatgpt-generative-ai-gets-6-month-ban-in-maine-government

• Data scientists: Every company should control its AI. Nine of 10 data and analytics scientists polled at a recent industry event project that artificial intelligence will have a major effect on their enterprises within the next two years, Domino Data Lab reports. Even a higher percentage said organizations must fashion their own AI offerings and control the intellectual property, as opposed to leveraging features from software providers. https://venturebeat.com/ai/enterprises-need-to-control-their-own-generative-ai-say-data-scientists/

Incidents

• Cyber Attack Causes Problems for Fort Worth, Texas https://www.govtech.com/security/cyber-attack-causes-problems-for-fort-worth-texas

• Trans-Rights Hacktivists Steal City of Ft. Worth's Data. In a move to embarrass the city, hacking group known as SiegedSec accessed thousands of files with administrator logins, but it's making no ransom demands. https://www.darkreading.com/attacks-breaches/trans-rights-hacktivists-steal-fort-worth-data

• U.S. Department of Health and Human Services is another MoveIt data-breach victim. https://www.bloomberg.com/news/articles/2023-06-28/us-health-department-ensnared-by-moveit-hacking-campaign

Career

• 2023 Women in IT Security: Call for nominations https://www.scmagazine.com/news/women-in-it-security/2023-women-in-it-security-call-for-nominations

• 3 Ways to Build a More Skilled Cybersecurity Workforce. With the right collaboration among employers, educators, and policymakers, we can come together to create a more secure environment for all. https://www.darkreading.com/microsoft/3-ways-to-build-a-more-skilled-cybersecurity-workforce

OT

• Five ways to get the board to think more seriously about OT security. https://www.scmagazine.com/perspective/critical-infrastructure/five-ways-to-get-the-board-to-think-more-seriously-about-ot-security

Trends

• 8Base Ransomware Gang Escalates Double Extortion Attacks In June https://www.bleepingcomputer.com/news/security/8base-ransomware-gang-escalates-double-extortion-attacks-in-june/

• Research Reveals Rise In Sophisticated Attacks Against Mobile Devices https://www.securitymagazine.com/articles/99569-research-reveals-rise-in-sophisticated-attacks-against-mobile-devices

• Fears Grow of Deepfake ID Scams Following Progress Hack https://arstechnica.com/information-technology/2023/06/fears-grow-of-deepfake-id-scams-following-progress-hack/

• KCRA 3: Enhancing cybersecurity in schools: CA lawmaker to outline plans for protecting school data (06/26) https://www.kcra.com/article/enhancing-cybersecurity-schools-ca-lawmaker-plans-protecting-school-data/44346349#

Deep Fake

• AI-Enabled Voice Cloning Anchors Deepfaked Kidnapping. Virtual kidnapping is just one of many new artificial intelligence attack types that threat actors have begun deploying, as voice cloning emerges as a potent new imposter tool. https://www.darkreading.com/attacks-breaches/ai-enabled-voice-cloning-deepfaked-kidnapping

• How the new deepfake reality will impact cyber insurance. Cyber liability insurers are beginning to take notice of the threats posed by deepfakes. That may mean changes in insurance policies and what it takes to qualify for one. https://www.csoonline.com/article/643895/how-the-new-deepfake-reality-will-impact-cyber-insurance.html

Vulnerabilities

• Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild. A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild. https://www.darkreading.com/application-security/patch-now-cisco-anyconnect-bug-exploit-released

• Microsoft Teams Attack Skips the Phish to Deliver Malware Directly. Exploiting a flaw in how the app handles communication with external tenants gives threat actors an easy way to send malicious files from a trusted source to an organization's employees, but no patch is imminent. https://www.darkreading.com/vulnerabilities-threats/microsoft-teams-attack-phish-deliver-malware-directly

• 2023 CWE Top 25 Most Dangerous Software Weaknesses https://www.cisa.gov/news-events/alerts/2023/06/29/2023-cwe-top-25-most-dangerous-software-weaknesses

Export Restrictions

• The Commerce Department could move as soon as early next month to stop the shipments of chips made by Nvidia and other chip makers to customers in China and other countries of concern without first obtaining a license, WSJ reports. The restrictions come amid concerns that China could use AI chips for weapons development and hacking. The administration is also considering restricting leasing of cloud services to Chinese AI companies, which have used such arrangements to skirt the export bans on advanced chips. https://www.wsj.com/articles/u-s-considers-new-curbs-on-ai-chip-exports-to-china-56b17feb

Legal

• Federal law prohibits the operation, marketing, or sale of any type of jamming equipment that interferes with authorized radio communications, including cellular and Personal Communication Services (PCS), police radar, and Global Positioning Systems (GPS). https://www.fcc.gov/general/jammer-enforcement

• Mobile man charged with using ‘sophisticated’ jamming device to block police communications. https://www.fox10tv.com/2023/06/12/mobile-man-charged-with-using-sophisticated-jamming-device-block-police-communications/