Cyber Risk Update 5 MAY 2023

Bonus

• Get more on Discord (Local Government Cyber Watch) invitation link works for the next 7 days https://discord.gg/HzafrnTf

• Local Government Cyber Watch Discord Server (video) https://youtu.be/zvkX-iKD2_M

Fun

• May the 4th Be with… Your Passwords (on World Password Day). Password pontifications and what would Yoda do? As long as passwords are still pertinent, we must persist in encouraging and enabling users to break the propensity toward paltry password preferences. We may never prevail over the password problem before it passes away, but until then there are procedures we can promote toward a positive password posture. When it comes to password hygiene, a Jedi master, Jedi, or perhaps a password Padawan, are you (or your staff)? Read more to find out. https://www.waterisac.org/portal/may-4th-be-%E2%80%A6-your-passwords-world-password-day

OT/ICS/IoT Cybersecurity

• Protecting Critical Infrastructure: Insights from the Dragos ICS & OT Year in Review for 2022 https://www.learnsecurity.org/single-post/protecting-critical-infrastructure-insights-from-the-dragos-ics-ot-year-in-review-for-2022

• Exploitation of 5-Year-Old TBK DVR Vulnerability Spikes. Fortinet warns of a massive spike in malicious attacks targeting a five-year-old authentication bypass vulnerability in TBK DVR devices. Security Week has written an article discussing a spike in attacks exploiting CVE-2018-9995, a 5 year old critical authentication bypass vulnerability in TBK Vision devices, and CVE-2016-20016, a 7 year old vulnerability in MVPower devices. Reported by Fortinet, both of these manufacturers produce CCTV equipment often used to protect critical infrastructure facilities. https://www.securityweek.com/exploitation-of-5-year-old-tbk-dvr-vulnerability-spikes/

• Reigning in ‘Out-of-Control’ Devices. Out-of-control devices run the gamut from known to unknown and benign to malicious, and where you draw the line is unique to your organization. Organizations large and small are adopting endpoint detection and response (EDR) solutions to provide visibility into their networks. However, according to security researchers, many organizations’ percentage of EDR coverage on endpoints is in the range of 60-70 percent, leaving 30-40 percent of devices out of their control, greatly increasing an organization’s cyber risk. https://www.securityweek.com/reigning-in-out-of-control-devices/

Collaboration

• Local Government Cyber Watch Discord Server (video) https://youtu.be/zvkX-iKD2_M

Incidents

• Oakland Reports ‘Outstanding’ Headway in Ransomware Recovery. The February ransomware attack against the Bay Area city exposed personal data and affected city systems for several weeks, but officials are now reporting significant progress in the recovery effort. https://www.govtech.com/security/oakland-reports-outstanding-headway-in-ransomware-recovery

• T-Mobile Discloses 2nd Data Breach of 2023, this One Leaking Account Pins and More https://arstechnica.com/information-technology/2023/05/t-mobile-discloses-2nd-data-breach-of-2023-this-one-leaking-account-pins-and-more/

• ChatGPT Confirms Data Breach, Raising Security Concerns. It now seems that the tables have turned. Instead of attackers using ChatGPT to cause cyber incidents, they have now turned on the technology itself. OpenAI, which developed the chatbot, confirmed a data breach in the system that was caused by a vulnerability in the code’s open-source library, according to Security Week. The breach took the service offline until it was fixed. https://securityintelligence.com/articles/chatgpt-confirms-data-breach/

• Suffolk County, N.Y., hired its first chief information security officer who, in part, will help clean up a 2022 ransomware attack that is still affecting municipal services. Kenneth Brancik joins Suffolk after serving in cybersecurity leadership roles at Mount Sinai Health System, JPMorganChase and Northrop Grumman. (Patch) https://patch.com/new-york/sachem/suffolk-hires-new-cybersecurity-chief

• Cyberattack in Dallas: An apparent ransomware attack on the city of Dallas has affected some systems within the police department (pictured), 311 information lines, city hall and other areas. Dallas Municipal Court canceled trials for Wednesday and the city’s fire and rescue unit was conducting manual dispatch. https://www.dallasnews.com/news/2023/05/03/dallas-websites-affected-by-outages-possible-ransomware-attack/

• Some city services still out in Dallas after ransomware attack. The website of the Dallas police department was inaccessible as of Thursday evening and courts remained closed for a second day. Fewer than 200 of the city's thousands of devices were affected. https://www.dallascitynews.net/city-of-dallas-statement-on-network-outage

• Lake Dallas Independent School District disclosed to regulators Thursday that the personal data of nearly 22,000 Texans were exposed in a recent breach. Compromised information includes financial and medical details. https://oag.my.site.com/datasecuritybreachreport/apex/DataSecurityReportsPage?mod=djemCybersecruityPro&tpl=cy

• Tennessee health system stops all operations amid cyberattack recovery by Jessica Davis. This weeks healthcare data breach roundup also includes two more victims of the hack on Fortra GoAnywhere file transfer service. https://www.scmagazine.com/news/breach/tennessee-health-system-stops-all-operations-amid-cyberattack-recovery

Nation States

• North Korea's ScarCruft Deploys RokRAT Malware via LNK File Infection Chains https://thehackernews.com/2023/05/north-koreas-scarcruft-deploys-rokrat.html

• China 'Innovated' Its Cyberattack Tradecraft, Mandia Says https://www.darkreading.com/attacks-breaches/china-innovated-its-cyberattack-tradecraft-mandia-says

• Microsoft is warning that Iran is using a new set of preferred techniques that combine its traditional cyberattacks with cyber-enabled influence operations (IO) for greater geopolitical effect. https://www.scmagazine.com/news/threat-intelligence/microsoft-warns-iran-increasing-its-cyber-enabled-influence-operations

Governance

• CISOs and boards don't spend enough time together. Just 47% of 600 directors surveyed said they serve on boards that interact with the security chief regularly, according to research from MIT and cybersecurity company Proofpoint. About one-third of directors said they see their CISOs only at board meetings, the researchers found. This arm's length relationship adds to a disconnect between the two sides about cyber priorities, researchers said. (Harvard Business Review) https://hbr.org/2023/05/boards-are-having-the-wrong-conversations-about-cybersecurity

TTPs

• Fake ChatGPT software: Hackers are luring victims with malware disguised as ChatGPT and other generative AI tools, according to the latest cybersecurity research from Facebook parent Meta. The company has identified 10 such malware strains and more than 1,000 malicious links with ChatGPT themes, said CISO Guy Rosen. https://www.reuters.com/technology/meta-says-chatgpt-related-malware-is-rise-2023-05-03/

• Threat actors watch you as you try to respond to cyber incident. Case in point: BlackCat group releases screenshots of stolen Western Digital data. The screenshots included an image of a meeting that was held by the company to discuss the response to the recent cybersecurity incident. https://www.csoonline.com/article/3694904/blackcat-group-releases-screenshots-of-stolen-western-digital-data.html

Trends

• Ransom Demands, Recovery Times, Payments and Breach Lawsuits All On The Rise https://www.scmagazine.com/news/ransomware/ransom-demands-recovery-times-payments-and-breach-lawsuits-rise

• FBI Focuses on Cybersecurity With $90M Budget Request https://www.darkreading.com/remote-workforce/fbi-focuses-cybersecurity-90m-budget-request

• Phishing-resistant MFA shapes the future of authentication forms. Over the last two years, respondents reported a continued reliance on the least secure forms of authentication, including traditional usernames and passwords and one-time passwords (OTPs), according to Yubico. https://www.helpnetsecurity.com/2023/04/28/phishing-resistant-mfa-authentication-forms/

• How AIoT Will Reshape the Security Industry in 2023 https://securityintelligence.com/articles/how-aiot-will-reshape-security-2023/

Mis-dis-malinformation

• Is misinformation the newest malware? Experts say that cybersecurity skills and a whole-of-organization approach can go a long way to tackling misinformation threats. https://www.csoonline.com/article/3695014/is-misinformation-the-newest-malware.html

Ethics

• Ethical issues such as how we treat others, use information, engage with employees, manage resources, approach sustainability, and impact the world around us all affect how we view organizations. In fact, the inappropriate treatment of people and the communities we live in are often the subject of scrutiny and can signal the difference between success or failure. That’s why organizations often strive for ethical decision making and practices. https://www.channelpronetwork.com/blog/entry/5-ethical-issues-technology-watch-2023

AI

• How security teams can defend against the potential downside of Generative AI by Chris Lehman. Generative AI has its benefits, but attackers also have these tools, so security teams must prepare their organizations to fight back. https://www.scmagazine.com/perspective/emerging-technology/how-security-teams-can-defend-against-the-potential-downside-of-generative-ai

• White House unveils AI rules to address safety and privacy. President Biden's rules are not legally binding, but they do offer guidance and begin a conversation at the national level about real and existential threats posed by generative AI technologies such as ChatGPT. https://www.computerworld.com/article/3695731/white-house-unveils-ai-rules-to-address-safety-and-privacy.html