Cyber Risk Update 4 AUG 2023

This is a selection of this week's events. For more news and advisories, check out our discord server. Local Government Cyber Watch discord server. This server is focused on cybersecurity collaboration with local government stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V

Bonus Content!

• Why you need activity logging in Microsoft 365 and how to get it https://www.csoonline.com/article/647813/the-importance-of-activity-logging-in-microsoft-365-and-how-to-ensure-you-have-access-to-it.html

• The Nevernight Connection The Nevernight Connection

GRC

• Corporate boards take heed: Give CISOs the cold shoulder at your peril. There’s an ongoing shift to recognize the key business value of cybersecurity leaders. It’s a good time for CISOs to assert themselves. https://www.csoonline.com/article/647795/corporate-boards-take-heed-give-cisos-the-cold-shoulder-at-your-peril.html

• Crucial components of a data governance framework. Most companies are aware they need a framework for data governance, but no one solution fits all situations. Here is a look at different philosophies about data governance and some of the key components of a successful framework. https://www.techrepublic.com/article/data-governance-framework/

• Security workers who want to come forward about wrongdoings risk retaliation and fear not making a difference. Should society do more to support them?

• Read more https://www.csoonline.com/article/646644/why-whistleblowers-in-cybersecurity-are-important-and-need-support.html

• Cybersecurity Dive: Poor access management besets most cloud compromises, Google says (08/03) https://www.cybersecuritydive.com/news/account-access-cloud-compromises/689886/

Incidents

• EMS1: Calif. city officials restore 911 dispatching after cyberattack (07/30) https://www.ems1.com/cyber-attacks/articles/calif-city-officials-restore-911-dispatching-after-cyberattack-KRGZn1Yjll7VHEpk/

• Hundreds of Citrix NetScaler ADC and Gateway Servers Hacked in Major Cyber Attack https://thehackernews.com/2023/08/hundreds-of-citrix-netscaler-adc-and.html

TTP & Malware

• Tech Target: CISA details backdoor malware used in Barracuda ESG attacks (07/31) https://www.techtarget.com/searchsecurity/news/366546265/CISA-details-backdoor-malware-used-in-Barracuda-ESG-attacks

• SC Media: Hacked Barracuda ESGs impacted by novel Submarine malware (07/31) https://www.scmagazine.com/brief/hacked-barracuda-esgs-impacted-by-novel-submarine-malware

• The DarkBART and DarkBERT cybercriminal chatbots, based on Google Bard, represent a major leap ahead for adversarial AI, including Google Lens integration for images and instant access to the whole of the cyber-underground knowledge base. https://www.darkreading.com/application-security/gpt-based-malware-trains-dark-web

• The Hidden Virtual Network Computing (hVNC) malware infests Macs and silently executes complete takeovers, with no user permission needed. It also sports persistence through reboots. https://www.darkreading.com/application-security/apple-users-remote-control-tricky-macos-malware

AI

• UK calls artificial intelligence a “chronic risk” to its national security. The National Risk Register officially classes AI as a long-term security threat to the UK’s safety and critical systems. https://www.csoonline.com/article/648576/uk-calls-artificial-intelligence-a-chronic-risk-to-its-national-security.html

Nation States

• Government Technology: China-Backed Hackers Threaten Texas Military Sites, Utilities (07/31) https://www.govtech.com/security/china-backed-hackers-threaten-texas-military-sites-utilities

• Iran's APT34 Hits UAE With Supply Chain Attack. The prolific APT, also known as OilRig, was caught targeting an IT company's government clients in the region, with the aim of carrying out cyber espionage. https://www.darkreading.com/dr-global/iran-apt34-uae-supply-chain-attack

• Russia-linked SolarWinds hackers have used Microsoft 365 to phish government agencies and tech providers. The same group that infiltrated SolarWinds software in a hack disclosed in late 2020, and said to be part of Russian intelligence, has turned its attention to users of Microsoft 365 office systems, Microsoft said. The group, tracked as APT21, is using phishing email posing as tech support staff in a likely espionage campaign, according to Microsoft researchers. Fewer than 40 entities worldwide have been affected, in government, tech, media and manufacturing, as well as non-governmental organizations, Microsoft said. https://www.bleepingcomputer.com/news/security/russian-hackers-target-govt-orgs-in-microsoft-teams-phishing-attacks/

• Little-known cloud provider linked to state-supported hackers, cyber researchers say. A company called Cloudzy has provided computing infrastructure to cyber criminals in China, North Korea, Iran and other U.S. adversaries, according to cybersecurity company Halcyon. Cloudzy Chief Executive Hannan Nozari denied that his company gets about half of its revenue from malicious customers, as Halcyon estimated. He instead put the figure at 2%. https://www.reuters.com/technology/cloud-company-assisted-17-different-government-hacking-groups-us-researchers-2023-08-01/

Cyber Insurance

• SC Media: No evidence organizations with cyber insurance more likely to pay ransom (07/31) https://www.scmagazine.com/news/no-evidence-organizations-with-cyberinsurance-more-likely-to-pay-ransom

• Create a 'win-win' scenario for security teams and cyber insurers. Here are four points cyber insurers need to understand about an applicant's security posture and it's up to the CISO to make this information clear to the provider. https://www.scmagazine.com/perspective/create-a-win-win-scenario-for-security-teams-and-cyber-insurers

OT ICS

• Air-Gapped ICS Systems Targeted by Sophisticated Malware https://www.darkreading.com/ics-ot/air-gapped-ics-systems-targeted-sophisticated-malware

Financial Impact

• Cyber Attacks Are Taking a Financial Toll on Louisiana https://www.govtech.com/security/cyber-attacks-are-taking-a-financial-toll-on-louisiana

Trends

• Between 80- and 95% of Cyberattacks Begin With Phishing https://www.securitymagazine.com/articles/99696-between-80-and-95-of-cyberattacks-begin-with-phishing

• World Cup Glory Looms, and So Do Cyber Threats, Microsoft Warns. The attack surface of a live event like this summer’s World Cup in Australia and New Zealand rivals that of a large multinational enterprise, or even a small city. https://www.darkreading.com/ics-ot/world-cup-glory-looms-cyber-threats-microsoft-warns

Elections Security

• The Messenger: How America Can Protect Elections from Hackers and Conspiracy Theories (08/02) https://themessenger.com/tech/how-america-can-protect-elections-from-hackers-and-conspiracy-theories

Critical Infrastructure

• Forbes: Protecting Critical Infrastructure: Cybersecurity Challenges (08/02) https://www.forbes.com/sites/forbesbusinesscouncil/2023/08/02/protecting-critical-infrastructure-cybersecurity-challenges/?sh=33e4e9f56792