Cyber Risk Update 7 JUL 2024

Bonus Stuff

• Local Government Cyber Watch discord server. This server is focused on cybersecurity collaboration with local government stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V

• Embrace Tenacity: Leave Stubbornness Behind for Success https://www.learnsecurity.org/single-post/embrace-tenacity-leave-stubbornness-behind-for-success

• The Power of Collaboration in Cyber Defense: Building a Resilient Community https://www.learnsecurity.org/single-post/the-power-of-collaboration-in-cyber-defense-building-a-resilient-community

Cyber Incidents

• City of Dallas invests $4M in cybersecurity after ransomware attack https://www.fox4news.com/news/city-of-dallas-invests-4m-in-cybersecurity-after-ransomware-attack

• Tech Times: UCLA Confirms Falling Victim to Cyberattack (07/04) https://www.techtimes.com/articles/293386/20230704/ucla-confirms-falling-victim-cyberattack.htm

Tools & Resources

• Executive Gov: CISA Pursuing Partnership, Launches Webpage for CyberSentry Program (07/05). The Cybersecurity and Infrastructure Security Agency is pursuing vendors to help protect the national critical functions through CyberSentry, a public-private threat monitoring and detection program for U.S. critical infrastructure. In a blog post published Thursday, Jermaine Roebuck, associate director for threat hunting at CISA, introduced a webpage for the program meant to integrate agency IT defense operations with that owned by industry partners. https://executivegov.com/2023/07/cisa-seeks-partnership-launches-webpage-for-cybersentry-program/

Elections

• Homeland Security: CISA Announces Updates to the Election Security Team https://www.hstoday.us/federal-pages/dhs/cisa-announces-updates-to-the-election-security-team/

Trends

• Government Technology: CL0P Ransomware Gang Attacks Top June Cyber Headlines (07/02) On June 7, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory (Alert code AA23-158A) highlighting the very serious challenge posed by the CL0P ransomware gang’s exploitation of the MOVEit software vulnerability. Progress Software, the company behind MOVEit, has acknowledged the vulnerability and taken swift measures to mitigate it. https://www.govtech.com/blogs/lohrmann-on-cybersecurity/cl0p-ransomware-gang-attacks-top-june-cyber-headlines

Vulnerabilities

• Inside Cybersecurity: DHS-sponsored initiative issues 2023 report on ‘most dangerous’ software weaknesses (Paywall) (06/30) https://insidecybersecurity.com/daily-news/dhs-sponsored-initiative-issues-2023-report-most-dangerous-software-weaknesses

• Progress Software Releases Service Pack for MOVEit Transfer Vulnerabilities https://www.cisa.gov/news-events/alerts/2023/07/07/progress-software-releases-service-pack-moveit-transfer-vulnerabilities

TTP

• "Juice jacking" latest device vulnerability. Rebecca Herold, CEO of Privacy & Security Brainiacs SaaS Services and The Privacy Professor Consultancy, discusses the risks of "juice jacking" — a term used to describe the theft of data or planting of malware through public USB charging stations. Herold points out recent warnings from the FBI and Federal Communications Commission about these risks and suggests several mitigation strategies, including using a "juice jack blocker" to prevent data theft while charging, carrying personal charging devices, and using charging-only cables in public USB ports. https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2023/protecting-phones-data-and-your-business-from-juice-jacking-risks

Incident Response

• Seven ways to prepare for double extortion ransomware The ransomware threat has changed here are seven ways to keep the organization's data safe under the threat of double extortion. https://www.scmagazine.com/perspective/ransomware/seven-ways-to-prepare-for-double-extortion-ransomware

In Other News

• A Pentagon review, launched after a low-ranking Massachusetts Air National Guard member was accused of sharing highly classified intelligence documents on Discord, didn’t uncover widespread failures or call for dramatic changes to how the Pentagon handles classified information. It did call for senior leaders to be held accountable for ensuring access to secrets was being appropriately limited. https://www.wsj.com/articles/pentagon-finds-shortcomings-in-handling-classified-files-in-wake-of-intelligence-leak-411011da

• We weren't breached, Microsoft says. Microsoft refuted the claim by hacktivist group Anonymous Sudan that it hacked the tech giant and got access to 30 million customer accounts. Microsoft said its analysis of the data sampling posted shows "this is not a legitimate claim." The hacking group has been linked with pro-Russian causes. (InfoSecurity Magazine) https://www.infosecurity-magazine.com/news/microsoft-denies-major-30-million/

• Beware: New 'RustBucket' Malware Variant Targeting macOS Users https://thehackernews.com/2023/07/beware-new-rustbucket-malware-variant.html

Litigation

• Court Says Fear Created by Data Breach Suffices for Class-Action to Proceed https://www.insurancejournal.com/news/national/2023/07/05/728555.htm

Innovation

• What’s Working: What happened since Colorado invested in Colorado Springs as a cybersecurity hub. The city had a big head start with five nearby military bases. Now the region’s cybersecurity growth is on the map and ahead of metro areas like Denver. https://coloradosun.com/2023/06/24/colorado-cybersecurity-jobs-security/

Nation States

• Russian gang released ‘sensitive personal and government information’, Australia’s cybersecurity chief says. https://www.theguardian.com/technology/2023/jul/05/hwl-ebsworth-hack-russian-gang-released-sensitive-personal-and-government-information-australian-cybersecurity-chief-says

• New Chinese APT campaign found targeting European embassies. The China-based APT actor has been found using HTML smuggling to avoid detection. https://www.csoonline.com/article/644522/new-chinese-apt-campaign-found-targeting-european-embassies.html

Governance

• CISOs Find 'Business as Usual' Shows the Harsh Realities of Cyber-Risk. C-suite security leaders are feeling less prepared to cope with cyberattacks and more at risk than last year. https://www.darkreading.com/risk/cisos-find-business-as-usual-shows-the-harsh-realities-of-cyber-risk

AI

• WCNC: Police turning to artificial intelligence for traffic help (07/03) https://www.wcnc.com/article/tech/police-artificial-intelligence-traffic-help/275-d43be275-6f15-459c-a1a1-4e2c6498984a

Trends

• Around 2 in 5 (39%) businesses experienced a data breach in their cloud environment in 2022, a 4% rise compared with the previous year. The leading cause of cloud data breaches was human error, at 55%. This was significantly above the next highest factor identified by respondents (21%), which was exploitation of vulnerabilities. https://www.infosecurity-magazine.com/news/human-error-cloud-data-breaches/

• ED Tech Magazine: Cybersecurity Remains the Top Concern for School IT Leaders for the Fifth Year Straight (07/06) https://edtechmagazine.com/k12/article/2023/07/cybersecurity-remains-top-concern-school-it-leaders-fifth-year-straight

Malware & TTP

• Increased Truebot Activity Infects U.S. and Canada Based Networks https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a

• UPI: Canadian, U.S. authorities issue updated cybersecurity advisory on malware https://www.upi.com/Top_News/World-News/2023/07/06/authorities-issue-cyber-security-hacker-warning-truebot/7481688684757/

• Tech Target: CISA: Truebot malware infecting networks in U.S., Canada https://www.techtarget.com/searchsecurity/news/366543952/CISA-Truebot-malware-infecting-networks-in-US-Canada

• Greatest cyber threats to aircraft come from the ground. Passengers’ Wi-Fi devices offer hackers more access to commercial airliners than onboard avionics do https://www.csoonline.com/article/644636/greatest-cyber-threats-to-aircraft-come-from-the-ground.html

• Google Searches for 'USPS Package Tracking' Lead to Banking Theft. Attackers are leveraging well-executed brand impersonation in a Google ads malvertising effort that collects both credit card and bank details from victims. https://www.darkreading.com/endpoint/google-searches-usps-tracking-banking-theft

Privacy

• Wash. city's police using suspect tracking system. Lynnwood, Wash., police have adopted the StarChase GPS tracking system that lets officers attach a tracking device to a suspect's car, which reduces the need to confront suspects. Law enforcement agencies have been adapting their surveillance practices after the state loosened guidelines, which has enabled the Washington State Police to track suspects from the air. https://www.king5.com/article/news/local/public-safety/lynnwood-police-gps-tracking-technology-reduce-pursuits/281-ff380020-9d56-49d2-b9b3-fd3346b45824

• Colo. cities embrace cameras in fight against crime. Law enforcement agencies in cities across Colorado are turning to advanced camera systems to help them increase arrests, clear outstanding warrants and recover stolen vehicles. Officials report positive results with the technology, but say they must balance efforts to decrease crime against privacy concerns. https://www.dailycamera.com/2023/07/02/boulder-county-law-enforcement-turns-to-flock-safety-for-crime-reduction/