Cyber Risk Update 31 MAR 2023
Here is the cyber risk update for the week of 31 March 2023.
Reports
Malwarebytes State of Malware 2023 https://try.malwarebytes.com/2023-state-of-malware-typ-dl/
Managing Cyber Risks in Today's Digital Age: Insights from PwC Pulse Survey https://www.learnsecurity.org/single-post/managing-cyber-risks-in-today-s-digital-age-insights-from-pwc-pulse-survey
Alerts
CISA: Election Security Still Under Threat at Cyber and Physical Level https://www.nextgov.com/cybersecurity/2023/03/cisa-election-security-still-under-threat-cyber-and-physical-level/384172/
Cybersecurity Awareness
North Dakota is the first state to approve required cybersecurity education https://www-kxnet-com.cdn.ampproject.org/c/s/www.kxnet.com/news/state-news/north-dakota-is-first-state-to-approve-required-cybersecurity-education/amp/
Local Government Data Breaches
More information is emerging about the massive cyber breach of Minneapolis Public Schools. The school district has refused to pay $1 million in ransomware to the Medusa Media Team, cyber criminal group. https://www.cbsnews.com/minnesota/news/cybersecurity-expert-mps-hack-investigation/
Nation States
Secret trove offers rare look into Russian cyberwar ambitions, More than 5,000 pages of documents from a Moscow-based contractor offer unusual glimpses into planning and training for security services, including the notorious hacking group Sandworm https://www.washingtonpost.com/national-security/2023/03/30/russian-cyberwarfare-documents-vulkan-files/
“These documents suggest that Russia sees attacks on civilian critical infrastructure and social media manipulation as one and the same mission, which is essentially an attack on the enemy’s will to fight.” John Hultquist, vice president for intelligence analysis at Mandiant
Since a mass ransomware attack in late January 2023/early February 2023, the Russia-linked Clop gang has disclosed less than half of the 130 organizations it claimed to have compromised via GoAnywhere file transfer software. https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/
A joint cybersecurity advisory from German and Korean government agencies warn about Kimsuky's use of Chrome extensions to steal target's Gmail emails. Kimsuky (aka Thallium, Velvet Chollima) is a North Korean threat group that uses spear phishing to conduct cyber espionage. https://www.bleepingcomputer.com/news/security/north-korean-hackers-using-chrome-extensions-to-steal-gmail-emails/
North Korean threat actor APT43 pivots back to strategic cyber espionage https://www.csoonline.com/article/3692288/north-korean-threat-actor-apt43-pivots-back-to-strategic-cyberespionage.html
Chinese Hackers Targeting Security and Network Appliances https://www.healthcareinfosecurity.com/chinese-hackers-targeting-security-network-appliances-a-21467
Threat Actor Trends
BianLian has shifted its focus to extortion, seemingly because of Avast’s release of a decryption tool that allowed a victim of the ransomware gang to decrypt and recover their files without paying any ransom. https://www.csoonline.com/article/3691130/bianlian-ransomware-group-shifts-focus-to-extortion.html
Office of the Director of National Intelligence highlights cyber threats in 2023 Intelligence Threat Assessment. CISOs everywhere should pay attention when ODNI outlines cybersecurity threats coming from nation-states and independent groups around the world. https://www.csoonline.com/article/3691619/office-of-the-director-of-national-intelligence-highlights-cyber-threats-in-2023-intelligence-threa.html
It's Raining Zero-Days in Cyberspace. Chinese Hackers and Others Increasingly Favor Unpatched Vulnerabilities https://www.databreachtoday.com/its-raining-zero-days-in-cyberspace-a-21472
Attacks involving data theft nearly doubled and harassment spiked 20 times by late 2022 - Palo Alto Networks Unit 42
Webinars
Water ISAC - Special Web Briefing - What You Need to Know: EPA’s New Operational Technology Cybersecurity Requirement to Help PWSs https://www.waterisac.org/event/special-web-briefing-what-you-need-know-epa%E2%80%99s-new-operational-technology-cybersecurity
Emerging Threats
CISOs need a plan for handling generative AI risks https://www.navex.com/blog/article/how-cisos-can-start-talking-about-chatgpt/
Tools
Introducing Microsoft Security Copilot: The AI-Powered Security Solution for the Modern Era https://www.learnsecurity.org/single-post/introducing-microsoft-security-copilot-the-ai-powered-security-solution-for-the-modern-era
Free AI Programs Prone to Security Risks, Researchers Say. The task of finding bugs in AI models is in its infancy, but one company is offering a free scanner to help. https://www.bloomberg.com/news/articles/2023-03-29/free-ai-programs-prone-to-security-risks-researchers-say
Fines
This is a new potential cost and risk related to disclosing misleading information about a data breach or ransomware attack. Blackbaud to Pay $3M for Misleading Ransomware Attack Disclosure. To settle the SEC's charges (but without confirming or denying the SEC's findings), Blackbaud has agreed to pay a $3 million civil penalty for failing to disclose the full scope of the cyber-attack. "Public companies have an obligation to provide their investors with accurate and timely material information; Blackbaud failed to do so." David Hirsch, the head of the SEC Enforcement Division's Crypto Assets and Cyber Unit. https://www.bleepingcomputer.com/news/security/blackbaud-to-pay-3m-for-misleading-ransomware-attack-disclosure/
The Securities and Exchange Commission found in recent examinations that some advisors had inadequate compliance policies and procedures, according to a risk alert released Monday. For instance, advisors used off-the-shelf compliance programs that were not tailored to their businesses or risks, or they outsourced compliance functions without assessing how third parties were performing them. They also allocated too few resources to compliance. https://www.investmentnews.com/sec-faults-new-advisors-for-compliance-shortcomings-235657
Resources
Space ISAC Stands Up Operational Watch Center to Keep Pace With Proliferating Threats to Space Systems https://cyber-center.org/s-isac-stands-up-watch-center/
NIST launches Trustworthy and Responsible AI Resource Center (AIRC) https://airc.nist.gov
Cyber Risk is Enterprise Risk
For IT to function better, the business side of the company has to get more involved. https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/businesss-its-not-my-problem-it-problem
It's time to minimize silos and increase collaboration https://venturebeat.com/enterprise-analytics/5-ways-to-foster-data-transparency-and-collaboration-in-divided-departments/
Cybersecurity gets another up boost in the Federal government. Previewing the DOD's newest cyber position. https://defensescoop.com/2023/03/30/forthcoming-assistant-secretary-for-cyber-position-at-dod-could-encompass-electronic-warfare-and-information-warfare/
Privacy
California’s Office of Administrative Law OKs Privacy Regulations https://www.insurancejournal.com/news/west/2023/03/31/714528.htm
In California, a statewide ban blocking use of facial recognition on body cam footage has expired. Now several assemblymembers say they don’t want a new ban — instead, they’d rather create restrictions to curtail inaccurate arrests. https://www.govtech.com/public-safety/california-hears-bid-to-re-ban-police-facial-recognition-tech
Bonus
The Art of Continuous Improvement: Lessons from a Lifelong Learner https://www.learnsecurity.org/single-post/the-art-of-continuous-improvement-lessons-from-a-lifelong-learner
Survey Finds Boards Have Work To Do on Cybersecurity: Executive Summary https://www.wsj.com/articles/survey-finds-boards-have-work-to-do-on-cybersecurity-executive-summary-6cf47acb
The SEC Proposes Cybersecurity Expertise: Why Cyber Literacy is Critical for Council Members https://www.learnsecurity.org/single-post/the-sec-proposes-cybersecurity-expertise-why-cyber-literacy-is-critical-for-council-members
Comments