Cyber Risk Update 17 MAR 23

Moody’s Corp. said the incident was “credit negative” for AT&T because it could negatively impact customer behavior, attract regulatory scrutiny or cause churn to spike. “Cyber incidents in the telecoms industry appear to be rising, raising questions about the industry’s cyber risk governance and defenses, as well as the overall exposure profile. The AT&T breach, stemming from a hack against a marketing vendor, further highlights the multitude of exposure lanes for cyberattacks,” Neil Begley, senior vice president for Moody’s Investors Service, said in a statement. - Wall Street Journal

The ransomware actors that breached Oakland municipal government networks on February 8, 2023 began releasing the stolen data. https://www.infosecurity-magazine.com/news/city-of-oakland-faces-major-data/
Ransomware attackers penetrated networks at 860 critical infrastructure operators in 2022, according to the FBI's latest annual internet crime report. https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf
According to a press release published on March 14 from the US Attorney's Office in the Eastern District of New York, Sagar Steven Singh (19) and Nicholas Ceraolo (25) used the stolen password of a police officer to gain access into a database containing records of narcotics, currency seizures, and intelligence reports. https://www.darkreading.com/attacks-breaches/vile-gang-duo-breaches-police-database-impersonates-officers-extortion

Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware https://thehackernews.com/2023/03/warning-ai-generated-youtube-video.html
Hackers Lure Cybersecurity Researchers With Fake LinkedIn Recruiter Profiles. Campaign demonstrates the DPRK-backed cyberattackers are gaining tools to avoid EDR tools. https://www.darkreading.com/application-security/north-korean-hackers-targeting-security-researchers
Your Biggest Cybersecurity Risks Could Be Inside Your Organization https://hbr.org/2023/03/your-biggest-cybersecurity-risks-could-be-inside-your-organization

This is a new potential cost and risk related to disclosing misleading information about a data breach or ransomware attack. Blackbaud to Pay $3M for Misleading Ransomware Attack Disclosure. https://www.bleepingcomputer.com/news/security/blackbaud-to-pay-3m-for-misleading-ransomware-attack-disclosure/
"To settle the SEC's charges (but without confirming or denying the SEC's findings), Blackbaud has agreed to pay a $3 million civil penalty for failing to disclose the full scope of the cyber attack. "Public companies have an obligation to provide their investors with accurate and timely material information; Blackbaud failed to do so." David Hirsch, the head of the SEC Enforcement Division's Crypto Assets and Cyber Unit."

Scams Cost Consumers $8.8 Billion in 2022 — The Top Five Frauds. Losses from scams jumped to shocking new highs last year. These are the five most common frauds. https://www.kiplinger.com/personal-finance/scams-cost-consumers-billions-top-five-frauds
2023: the year ransomware is no longer an IF but a WHEN https://technative.io/2023-the-year-ransomware-is-no-longer-an-if-but-a-when/

The chances of getting hacked are no longer low. Companies need to rethink their data collection and monitoring strategies to protect employee privacy and corporate integrity. https://www.darkreading.com/risk/the-ethics-of-network-and-security-monitoring