Cyber Risk Update 29 SEP 2023

Local Government Trends

• Sunnyside Sun: Cyberattacks on local governments are on the rise, highlighting a need for enhanced security (09/26) Computer servers run by the city of Dallas were found to be infected with malware on May 3, 2023, spurring staff to begin shutting off computers to prevent its spread. The effects of the attack were sprawling, including hits to police and public courts, hampering residents' ability to report non-emergencies to the city's 311 service, leaving people unable to pay water bills online, and taking the city's public library system offline... The federal Cybersecurity and Infrastructure Security Agency, also known as CISA, released a strategic plan in August 2023 declaring "too many American organizations are soft targets" and calling for state and local governments as well as tribal and territorial governments to harden their IT systems. https://www.sunnysidesun.com/news/national/cyberattacks-on-local-governments-are-on-the-rise-highlighting-a-need-for-enhanced-security/collection_fbd722a5-6b33-5fab-9f7e-cbd4d9c52698.html#1

Feds Shut Down

• 'Skeleton crew' at CISA if government shuts down. Government shutdown would relegate CISA to 'skeleton crew.' Most employees of the main U.S. body responsible for security oversight of federal agencies and the country's infrastructure would be furloughed in the event of a government shutdown. The Cybersecurity and Infrastructure Agency said 571 of its 3,117 staff members would remain on the job if the government goes unfunded after Sept. 30. https://www.dhs.gov/sites/default/files/2023-09/23_0926_dhs_procedures_related_to_lapse_in_appropriations_september_2023.pdf

• Agencies ramp up shutdown prep as Congress hurtles toward deadline. The White House has kicked off official shutdown planning efforts. https://www.govexec.com/management/2023/09/agencies-ramp-shutdown-prep-congress-hurtles-toward-deadline/390700/

• Gov Info Security: US Federal Shutdown 'Dangerous and Irresponsible (09/26). A U.S. federal government shutdown would have "immeasurable" damaging effects on the federal government's ability to fight cyberthreats, a top official said Tuesday amid forewarnings that the country should start preparing now for potential cyber interference in the 2024 presidential election... In updated shutdown guidance published Tuesday, the Department of Homeland Security estimated that approximately 82 percent of the more than 3,100 employees at the Cybersecurity and Infrastructure Security Agency would go on furlough in the event of a shutdown. Only 571 workers would stay on the job. https://www.govinfosecurity.com/us-federal-shutdown-dangerous-irresponsible-a-23171

• Shutdowns and the ‘avalanche of work’ for government tech shops https://www.nextgov.com/digital-government/2023/09/shutdowns-and-avalanche-work-government-tech-shops/390371/

Incidents

• 1.2 Terabytes Amount of data stolen from the city of Dallas in a May ransomware attack, according to a post-mortem report on the incident from city's information and technology services department. The report provides enlightening details and timelines useful to others fighting ransomware gangs, including how the Royal hackers spent a month doing reconnaissance and taking data, as well how city workers responded to the strike and what went wrong. https://dallascityhall.com/DCH%20Documents/dallas-ransomware-incident-may-2023-incident-remediation-efforts-and-resolution.pdf

• Ontario healthcare organization data breach exposes personal health information of 3.4 million care seekers https://www.bitdefender.com/blog/hotforsecurity/ontario-healthcare-organization-data-breach-exposes-personal-health-information-of-3-4-million-care-seekers/

• Ransomware group demands $51 million from Johnson Controls after cyber attack https://www.bitdefender.com/blog/hotforsecurity/ransomware-group-demands-51-million-from-johnson-controls-after-cyber-attack/

• MOVEit Flaw Leads to 900 University Data Breaches. National Student Clearinghouse, a nonprofit serving thousands of universities with enrollment services, exposes more than 900 schools within its MOVEit environment. https://www.darkreading.com/application-security/moveit-flaw-900-university-data-breaches

• Tech Target: Clop MoveIt Transfer attacks affect over 2000 organizations (09/26) https://www.techtarget.com/searchsecurity/news/366553304/Clop-MoveIt-Transfer-attacks-affect-over-2000-organizations

Nation States

• China APT Cracks Cisco Firmware in Attacks Against the US and Japan. Sophisticated hackers are rewriting router firmware in real time and hiding their footprints, leaving defenders with hardly a fighting chance. https://www.darkreading.com/threat-intelligence/china-apt-cracks-cisco-firmware-attacks-against-us-japan

• China-linked hackers are lurking in firmware within network routers and storage devices, cybersecurity officials in the U.S. and Japan warned on Wednesday. Companies should review subsidiary connections and patch routers in an effort to shut out the group, known as BlackTech, according to the alert. "BlackTech has demonstrated capabilities in modifying router firmware without detection and exploiting routers’ domain-trust relationships to pivot from international subsidiaries to headquarters in Japan and the United States, which are the primary targets," the alert said.

• Equipment from Cisco, Citrix, D-Link, Fortinet, Netgear and several other tech providers has been exploited. Read the alert for signs of compromise and potential remedies. (WSJ) https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-158a

• U.S. security and military experts are ready to support Taiwan in case of a Chinese cyberattack. The U.S. has been conducting cybersecurity exercises with Taiwan and would treat the island as any other ally, Anne Neuberger, deputy national security adviser for cyber and emerging technologies, said Wednesday at a Politico event. That would include sending cybersecurity teams to hunt hackers, stop attacks and strengthen networks, Neuberger said. (Politico) https://www.politico.com/news/2023/09/27/taiwan-chinese-cyberattacks-white-house-00118492

Cybersecurity basics are still not a focus

• 'Gold Melody' Access Broker Plays on Unpatched Servers' Strings. A financially motivated threat actor uses known vulnerabilities, ordinary TTPs, and off-the-shelf tools to exploit the unprepared, highlighting the fact that many organizations still don't focus on the security basics. https://www.darkreading.com/threat-intelligence/-gold-melody-access-broker-unpatched-servers

Governance, Risk, and Compliance

• 4 Pillars for Building a Responsible Cybersecurity Disclosure Program. Responsible disclosure must strike a balance between the immediate need to protect users and the broader security implications for the entire community. https://www.darkreading.com/risk/4-pillars-for-building-a-responsible-cybersecurity-disclosure-program

• Silicon Angle: New CISA HBOM framework offers improved hardware supply chain risk assessments (09/26) https://siliconangle.com/2023/09/26/new-cisa-hbom-framework-offers-improved-hardware-supply-chain-risk-assessments/

• Wave of State Data Protection Laws Is a Gathering Compliance Nightmare. In absence of a single national data privacy law, companies continue to face a multi-state balancing act. Data privacy practitioner Scott Allendevaux sets the scene. https://www.corporatecomplianceinsights.com/state-data-protection-laws-2023/

• Proactive Security: What It Means for Enterprise Security Strategy. Proactive Security holds the elusive promise of helping enterprises finally get ahead of threats, but CISOs must come to grips with the technological and philosophical change that it brings. https://www.darkreading.com/omdia/proactive-security-what-it-means-for-enterprise-security-strategy

• Boards lagging on cyber-security expertise, study finds. Investors increasingly turning attention to cyber-risk management, strategy and governance practices https://www.corporatesecretary.com/articles/technology-social-media/33591/boards-lagging-cyber-security-expertise-study-finds

Tools and Resources

• Microsoft Adds Passkeys to Windows 11. It's the latest step in the gradual shift away from traditional passwords. https://www.darkreading.com/application-security/microsoft-adds-passkeys-to-windows-11

• What’s a cyber incident response retainer and why do you need one? Whether you need to hire a team to respond to any and all cyberattacks or just some hired guns to boost your capabilities, incident response retainers can ensure you’re covered. https://www.csoonline.com/article/653584/whats-a-cyber-incident-response-retainer-and-why-do-you-need-one.html

Critical Infrastructure

• Weak spots: The aging power grid in the U.S. isn't fully fortified against cyberattacks, domestic terrorism and demands related to changing climate needs, according to a new report from the Safe, a nonprofit research group. https://safe2020.wpenginepowered.com/wp-content/uploads/2023/09/SAF-_GridSec_Sept23_v01.5_singles.pdf

Reports

• The Uptime Institute Global Data Center Survey, now in its 13th year, is the most comprehensive and longest-running study of its kind. The findings in this report highlight the experiences and strategies of data center owners and operators in the areas of resiliency, sustainability, efficiency, regulations, staffing, cloud and innovative technologies. https://uptimeinstitute.com/resources/research-and-reports/uptime-institute-global-data-center-survey-results-2023

• CISOs are struggling to get cybersecurity budgets: Report. In the latter part of Q4 2022, many CISOs reported that their approved 2023 budgets were being slashed as part of an overall budget tightening. https://www.csoonline.com/article/653504/cisos-are-struggling-to-get-cybersecurity-budgets-report.html

• 2023 Cloud Threat Findings Report https://offers.cadosecurity.com/cado-security-labs-2023-threat-findings-report

Awareness

• Cyber Scoop: CISA launches campaign to teach Americans to be safe online (09/26) https://cyberscoop.com/cisa-cybersecurity-awareness-campaign/

• Bank Info Security: CISA Urges Americans to Apply MFA, 'Think Before They Click' (09/26) https://www.bankinfosecurity.com/cisa-urges-americans-to-apply-mfa-think-before-they-click-a-23175

• Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors https://thehackernews.com/2023/09/red-cross-themed-phishing-attacks.html

Threat Actors

• The Hacker News: ShadowSyndicate: A New Cybercrime Group Linked to 7 Ransomware Families (09/26) https://thehackernews.com/2023/09/shadowsyndicate-new-cybercrime-group.html

• The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord. https://krebsonsecurity.com/2023/09/snatch-ransom-group-exposes-visitor-ip-addresses/

Trends

• The Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification to highlight emerging ransomware trends and encourage organizations to implement the recommendations in the “Mitigations” section to reduce the likelihood and impact of ransomware incidents. https://www.ic3.gov/Media/News/2023/230928.pdf

• Average cost of a data breach reaching $4.35 million and counting. https://thehackernews.com/2023/09/new-survey-uncovers-how-companies-are.html

• The double-digit jumps of the last few years are over, but cybersecurity budgets have been spared the worst of corporate cutbacks. Escalating hacker threats and increased regulatory burdens will keep cyber spending on the rise, my colleague James Rundle reports. Plus, cyber accounts for a bigger portion of the overall tech budget across industries. https://www.wsj.com/articles/cybersecurity-budgets-grow-but-at-a-slower-pace-89ce3d3c

Elections

• Inside Cybersecurity: Former CISA chief Krebs sees possible sophisticated threats to election systems in response to Ukraine war (Paywall) (09/26) https://insidecybersecurity.com/daily-news/former-cisa-chief-krebs-sees-possible-sophisticated-threats-election-systems-response?s=na

Liability

• 4 Legal Surprises You May Encounter After a Cybersecurity Incident. Many organizations are not prepared to respond to all the constituencies that come knocking after a breach or ransomware incident. https://www.darkreading.com/attacks-breaches/4-legal-surprises-you-may-encounter-after-cybersecurity-incident