Cyber Risk Update 7 MAR 2024

This is a selection of this week's events.  For more news and advisories, check out our discord server.  CIKR Cyber Sentinels discord server. This server is focused on cybersecurity collaboration with critical infrastructure stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V  

Resources

• TLP (Traffic Light Protocol) Definitions and Usage https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage

• 4 tabletop exercises every security team should run https://www.csoonline.com/article/1311295/4-tabletop-exercises-every-security-team-should-run.html

Nation States

• China-Linked Cyber Spies Blend Watering Hole, Supply Chain Attacks. The nation-state group compromised the website of a Tibetan festival and a software application to target user systems in Asia. https://www.darkreading.com/cyberattacks-data-breaches/china-linked-cyber-spies-blend-watering-hole-supply-chain-attacks

• Lithuania warns China has ramped up espionage campaigns https://therecord.media/lithuania-warns-china-cyber-espionage-increase

Cyber Crime

• The Justice Department alleged Linwei Ding, also known as Leon Ding, sent sensitive Google trade secrets and other confidential information from the company’s network to his personal Google account, while secretly being affiliated with Chinese AI companies. Prosecutors allege that as an insider, Ding stole more than 500 files containing AI trade secrets. https://www.wsj.com/politics/national-security/u-s-charges-chinese-national-with-stealing-ai-secrets-from-google-5c66524a

• Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware https://thehackernews.com/2024/03/watch-out-for-spoofed-zoom-skype-google.html

• Europe Vows to Unify the Fight Against Cyberthreats https://www.govinfosecurity.com/europe-vows-to-unify-fight-against-cyberthreats-a-24534

Cyber Incidents

• Canadian city says timeline for recovery from ransomware attack ‘unknown’ https://therecord.media/canadian-city-hamilton-ransomware-recovery

• Change Healthcare hack leads to closure of elder-care facility.  https://www.post-gazette.com/business/healthcare-business/2024/03/05/jefferson-hills-healthcare-and-rehabilitation-center-closure/stories/202403050057

• These Video Doorbells Have Terrible Security. Amazon Sells Them Anyway. https://www.consumerreports.org/home-garden/home-security-cameras/video-doorbells-sold-by-major-retailers-have-security-flaws-a2579288796/

• NBC: Patients struggle to get lifesaving medication after cyberattack on a major health care company (03/06) https://www.nbcnews.com/health/health-care/cyberattack-change-healthcare-patients-struggle-get-medication-rcna141841

TTP & Malware

• Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks https://thehackernews.com/2024/03/hacked-wordpress-sites-abusing-visitors.html

• Cybersecurity Dive: Yet another threat actor seen exploiting ConnectWise ScreenConnect  https://www.cybersecuritydive.com/news/threat-actor-exploiting-connectwise-screenconnect/709487

Trends

• Government facilities were the third largest critical infrastructure sector targeted by ransomware attacks in 2023, according to cybercrime statistics released Wednesday by the FBI. https://www.nextgov.com/cybersecurity/2024/03/government-facilities-were-third-largest-ransomware-target-2023-fbi-says/394724/

• Financial services sees sharp increase in DDoS attacks as geopolitical tensions rise https://www.cybersecuritydive.com/news/ddos-financial-services-fsisac-akamai/709623/

• Denial-of-service attacks against financial services companies increased 154% last year over 2022, according to a report from the Financial Services Information Sharing and Analysis Center and Akamai Technologies. Hacktivist groups are targeting companies in geopolitical hot spots, and Teresa Walsh of FS-ISAC says, "Even just being offline for a minute can cause huge reputational risks" for banks and financial firms. https://www.wsj.com/articles/banks-face-hacktivist-cyberattacks-f23d3ec8

• U.S. Cybersecurity and Data Privacy Outlook and Review – 2024 https://wp.nyu.edu/compliance_enforcement/2024/03/06/u-s-cybersecurity-and-data-privacy-outlook-and-review-2024/

Governance, Risk, and Compliance

• CFOs take backseat to CISOs on SEC cyber rules. Less than half of finance chiefs are involved in the SEC’s cybersecurity breach disclosure process, AuditBoard found. https://www.cybersecuritydive.com/news/cfo-ciso-sec-cyber-rules-cybersecurity/708611/

Cyber Incident Response Training and Tabletop Exercise

Career

• What Are the Highest-Paying Cybersecurity Specialties? https://www.govinfosecurity.com/blogs/what-are-highest-paying-cybersecurity-specialties-p-3573

AI

• Emerging technologies, such as generative AI and cloud applications, are increasing insider-driven data exposure and theft events, according to Code42. "Today, data is highly portable," says Code42 CEO Joe Payne, adding, "While AI and cloud technologies are igniting new business ventures that allow employees to connect, create, and collaborate, they also make it easier to leak critical corporate data like source code and IP." https://www.nytimes.com/2024/03/05/health/cyberattack-healthcare-cash.html

Elections

• NBC News: A federal agency has told rural counties and small towns how to safeguard their elections, but not all can afford the fixes (03/06) https://www.nbcnews.com/politics/2024-election/rural-counties-small-towns-need-money-protect-elections-november-2024-rcna141918

• No cyber blues on Super Tuesday (03/06) https://thecyberwire.com/podcasts/daily-podcast/2018/notes

• SC Media: New tech to fuel more sophisticated, prevalent election cyber threats (03/06) https://www.scmagazine.com/brief/new-tech-to-fuel-more-sophisticated-prevalent-election-cyber-threats