Cyber Risk Update 12 MAY 2023

Local Government Cyber Watch discord server. This server is focused on cybersecurity collaboration with local government stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V (we are up to 113 members!)

AI

• Navigating AI ChatBots: Establishing Guidelines and Embracing Change https://www.learnsecurity.org/single-post/navigating-ai-chatbots-establishing-guidelines-and-embracing-change

• Why You Need an AI Ethics Committee https://hbr.org/2022/07/why-you-need-an-ai-ethics-committee

• How Generative AI Changes Strategy https://hbr.org/podcast/2023/05/how-generative-ai-changes-strategy

Cyber Incidents

• BlackByte ransomware claims City of Augusta cyberattack. The city of Augusta in Georgia, U.S., has confirmed that the most recent IT system outage was caused by unauthorized access to its network. https://www.bleepingcomputer.com/news/security/blackbyte-ransomware-claims-city-of-augusta-cyberattack/

• Scope of the Dallas Cyber Attack Remains a Mystery. Officials with the city of Dallas have not definitively outlined the full scope of the May 3 cyber-attack that disrupted its systems. They have also not released whether the perpetrators demanded any sort of ransom. https://www.govtech.com/security/scope-of-the-dallas-cyber-attack-remains-a-mystery

• The Devastating Business Impacts of a Cyber Breach https://hbr.org/2023/05/the-devastating-business-impacts-of-a-cyber-breach

Legislation Watch

• More than 30 states and the federal government have moved to ban TikTok on work devices, but Montana’s new law stands as the first outright ban of TikTok on all devices. https://www.scmagazine.com/news/privacy/security-experts-montanas-ban-on-tiktok-pointless-and-technically-naive

Cyber Risk Management

• If we are looking to reduce risk, then we must work together as an industry to create a more efficient, collaborative model with less box checking. https://www.scmagazine.com/perspective/risk-management/three-ways-to-improve-collaborative-risk-management

Governance

• City Councils Are Having the Wrong Conversations About Cybersecurity https://www.learnsecurity.org/single-post/city-councils-are-having-the-wrong-conversations-about-cybersecurity

Nation States

• The Underground History of Russia’s Most Ingenious Hacker Group. From USB worms to satellite-based hacking, Russia’s FSB hackers, known as Turla, have spent 25 years distinguishing themselves as “adversary number one.” https://www-wired-com.cdn.ampproject.org/c/s/www.wired.com/story/turla-history-russia-fsb-hackers/amp

• New Russian-linked CosmicEnergy malware targets industrial systems https://www.bleepingcomputer.com/news/security/new-russian-linked-cosmicenergy-malware-targets-industrial-systems/

Critical Infrastructure

• Insider threats surge across US CNI as attackers exploit human factors. Economic pressures and remote working could be increasing critical national infrastructure insider threats while nation-state actors and ransomware attacks continue to pose significant risks. https://www.csoonline.com/article/3696318/insider-threats-surge-across-us-cni-as-attackers-exploit-human-factors.html

Litigation

• TikTok sues Montana. The suit, filed Monday in the U.S. District Court of Montana, alleges the state's ban of the video app violates the First Amendment and several other laws. The case was brought against the state’s attorney general, who is tasked with enforcing the ban signed last week and due to go into effect Jan. 1, 2024. https://www.wsj.com/articles/tiktok-sues-montana-over-states-ban-of-its-service-145ee291

Disinformation

• A faked image of a smoke-engulfed building billed as the Pentagon circulated online Monday led to a temporary drop in financial markets. The image appeared to be generated by AI and came from an apparently bogus Twitter account claiming to be the Bloomberg news outlet. Twitter suspended the account. https://www.washingtonpost.com/technology/2023/05/22/pentagon-explosion-ai-image-hoax/

Collaboration

• What cybersecurity professionals can learn from the humble ant. When ants work together to defend their colony, it’s all for one and one for all. This model could help forge an immediate global, coordinated, and effective response to cyberattacks. https://www.csoonline.com/article/3697009/what-cybersecurity-professionals-can-learn-from-the-humble-ant.html

Career

• How Do I Work with a Difficult Boss? A senior leader who is struggling with his new boss must learn how to handle the negative work dynamic. https://hbr.org/podcast/2023/05/how-do-i-work-with-a-difficult-boss

• Launch Your Cybersecurity Career with Certified in Cybersecurity (CC) from (ISC)² https://www.learnsecurity.org/single-post/launch-your-cybersecurity-career-with-certified-in-cybersecurity-cc-from-isc

Physical Security

• Active Shooter Preparedness: Resources for Organizations and Individuals https://www.learnsecurity.org/single-post/active-shooter-preparedness-resources-for-organizations-and-individuals