Cyber Risk Update 17 MAR 23
Bonus
Discovering the History Behind Secret Societies: Truth or Fiction https://www.learnsecurity.org/single-post/discovering-the-history-behind-secret-societies-truth-or-fiction
Women in Cybersecurity Month https://www.learnsecurity.org/single-post/women-in-cybersecurity-month
Cyber Incident Hit Credit Rating
Moody’s Corp. said the incident was “credit negative” for AT&T because it could negatively impact customer behavior, attract regulatory scrutiny or cause churn to spike. “Cyber incidents in the telecoms industry appear to be rising, raising questions about the industry’s cyber risk governance and defenses, as well as the overall exposure profile. The AT&T breach, stemming from a hack against a marketing vendor, further highlights the multitude of exposure lanes for cyberattacks,” Neil Begley, senior vice president for Moody’s Investors Service, said in a statement. - Wall Street Journal
Data Breach
The ransomware actors that breached Oakland municipal government networks on February 8, 2023 began releasing the stolen data. https://www.infosecurity-magazine.com/news/city-of-oakland-faces-major-data/
Ransomware attackers penetrated networks at 860 critical infrastructure operators in 2022, according to the FBI's latest annual internet crime report. https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf
According to a press release published on March 14 from the US Attorney's Office in the Eastern District of New York, Sagar Steven Singh (19) and Nicholas Ceraolo (25) used the stolen password of a police officer to gain access into a database containing records of narcotics, currency seizures, and intelligence reports. https://www.darkreading.com/attacks-breaches/vile-gang-duo-breaches-police-database-impersonates-officers-extortion
New Threats
Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware https://thehackernews.com/2023/03/warning-ai-generated-youtube-video.html
Hackers Lure Cybersecurity Researchers With Fake LinkedIn Recruiter Profiles. Campaign demonstrates the DPRK-backed cyberattackers are gaining tools to avoid EDR tools. https://www.darkreading.com/application-security/north-korean-hackers-targeting-security-researchers
Your Biggest Cybersecurity Risks Could Be Inside Your Organization https://hbr.org/2023/03/your-biggest-cybersecurity-risks-could-be-inside-your-organization
Nation States
Russian hackers step up cyber espionage against Ukraine and allies, Microsoft says. https://www.wsj.com/articles/russian-hackers-step-up-cyber-espionage-against-ukraine-and-allies-microsoft-says-aef4b31e
Wave of Stealthy China Cyberattacks Hits U.S., Private Networks, Google Says https://www.wsj.com/articles/wave-of-stealthy-china-cyberattacks-hits-u-s-private-networks-google-says-2f98eaed
New Risks
This is a new potential cost and risk related to disclosing misleading information about a data breach or ransomware attack. Blackbaud to Pay $3M for Misleading Ransomware Attack Disclosure. https://www.bleepingcomputer.com/news/security/blackbaud-to-pay-3m-for-misleading-ransomware-attack-disclosure/
"To settle the SEC's charges (but without confirming or denying the SEC's findings), Blackbaud has agreed to pay a $3 million civil penalty for failing to disclose the full scope of the cyber attack. "Public companies have an obligation to provide their investors with accurate and timely material information; Blackbaud failed to do so." David Hirsch, the head of the SEC Enforcement Division's Crypto Assets and Cyber Unit."
New Regulations
The SEC’s five commissioners voted to propose new cybersecurity disclosure rules for brokers & asset managers. https://www.wsj.com/articles/sec-to-consider-new-cybersecurity-rules-for-financial-firms-47b346f6?
New Jersey Gov Signs 72-Hour Cyber Incident Reporting Law https://www.govtech.com/security/new-jersey-gov-signs-72-hour-cyber-incident-reporting-law
FERC expands cybersecurity supply chain standards to low-impact assets https://www.utilitydive.com/news/ferc-nerc-cybersecurity-supply-chain-standards-low-impact/645231/
Trends
Scams Cost Consumers $8.8 Billion in 2022 — The Top Five Frauds. Losses from scams jumped to shocking new highs last year. These are the five most common frauds. https://www.kiplinger.com/personal-finance/scams-cost-consumers-billions-top-five-frauds
2023: the year ransomware is no longer an IF but a WHEN https://technative.io/2023-the-year-ransomware-is-no-longer-an-if-but-a-when/
Awareness
Tax Season Security Tips https://staysafeonline.org/resources/tax-time/
Ethics
The chances of getting hacked are no longer low. Companies need to rethink their data collection and monitoring strategies to protect employee privacy and corporate integrity. https://www.darkreading.com/risk/the-ethics-of-network-and-security-monitoring
Comments