Cyber Risk Update 8 DEC 2023

This is a selection of this week's events. For more news and advisories, check out our discord server. CIKR Cyber Sentinels discord server. This server is focused on cybersecurity collaboration with critical infrastructure stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V

Alerts

• The 3 Most Prevalent Cyber Threats of the Holidays https://thehackernews.com/2023/12/ransomware-as-service-growing-threat.html

• Tech Spective: Navigating Cyber Threats This Holiday Season (12/07) https://techspective.net/2023/12/07/navigating-cyber-threats-this-holiday-season

Incidents

• Attackers breach US government agencies through ColdFusion flaw https://www.csoonline.com/article/1251480/attackers-breach-us-government-agencies-through-coldfusion-flaw.html

• The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident. https://www.nissan.com.au/website-update.html

• Medical products maker Henry Schein disclosed that more than 29,000 employees had their personal data exposed in a September cyberattack. https://apps.web.maine.gov/online/aeviewer/ME/40/6a08eecd-1ccf-451e-a419-a0b873114853.shtml

• Japan's Space Program at Risk After Microsoft Active Directory Breach. The agency, known as JAXA, has shut down parts of its network as it conducts an investigation to discover the scope and impact of the breach. https://www.darkreading.com/cyberattacks-data-breaches/japan-space-program-risk-microsoft-active-directory-breach

• Stockton Hospital Struck by Hackers. Dameron Hospital in Stockton, Calif., has rescheduled some procedures after a cyberattack. The incident hasn’t affected emergency room or patient care procedures at the 200-bed facility, but the hospital said it is working with third-party providers to understand what has happened. https://www.beckershospitalreview.com/cybersecurity/california-hospital-in-downtime-processes-after-cyberattack.html

Liability

• Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds. Joe Sullivan, spared prison time, weighs in on the lessons learned from the 2016 Uber breach and the import of the SolarWinds CISO case. https://www.darkreading.com/cyberattacks-data-breaches/6-years-of-silence-former-uber-ciso-speaks-out-on-data-breach-solarwinds

• Feds Levy First-Ever HIPAA Fine for a Phishing Breach https://www.govinfosecurity.com/feds-levy-first-ever-hipaa-fine-for-phishing-breach-a-23812

TTP and Malware

• Here's more on that 23andMe data breach: it all started with credential-stuffing. Note to users: do not reuse any passwords. https://www.darkreading.com/cyberattacks-data-breaches/23andme-files-credential-stuffing-attack-with-sec

• New 5Ghoul attack impacts 5G phones with Qualcomm, MediaTek chips https://www.bleepingcomputer.com/news/security/new-5ghoul-attack-impacts-5g-phones-with-qualcomm-mediatek-chips/

• Proxy Trojan Targets macOS Users for Traffic Redirection https://www.darkreading.com/vulnerabilities-threats/3-most-prevalent-cyber-threats-holidays

• Ransomware-as-a-Service: The Growing Threat You Can't Ignore https://thehackernews.com/2023/12/ransomware-as-service-growing-threat.html

• The Hacker News: New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices (12/07) https://thehackernews.com/2023/12/new-bluetooth-flaw-let-hackers-take.html

• Security Week: Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images (12/06) https://www.securityweek.com/many-consumer-enterprise-devices-exposed-to-attacks-via-malicious-uefi-logo-images

• 23andMe Hack Is Wake-Up Call About Passwords. Hackers most likely broke into 23andMe user accounts using passwords stolen from other websites that were reused. So-called credential stuffing attacks have become more common in recent years. https://www.wsj.com/tech/personal-tech/23andme-breach-hack-passwords-7587015f

Nation States

• US, UK Say Russia Targeted Officials in Political Cyber Campaign https://www.insurancejournal.com/news/national/2023/12/08/751238.htm

• The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas of interest, for information-gathering activity. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-341a

• The New York Times: Russia’s Latest Disinformation Tactic Exploits American Celebrities (12/07) https://www.nytimes.com/2023/12/07/technology/russia-disinformation-mike-tyson-priscilla-presley.html

• Iran Threatens Israel's Critical Infrastructure With 'Polonium' Proxy. Cyber mimics life, as Iran uses Lebanese hackers to attack its bête noire. https://www.darkreading.com/ics-ot-security/iran-threatens-israel-critical-infrastructure-polonium-proxy

• Internet propagandists aligned with Russia have duped at least seven Western celebrities, including Elijah Wood and Priscilla Presley, into recording short videos to support its online information war against Ukraine, according to new security research by Microsoft. Russia has denied engaging in disinformation campaigns. Read the full WSJ story. https://www.wsj.com/tech/cybersecurity/actors-recorded-videos-for-vladimir-it-turned-into-russian-propaganda-7ff2ce8e

SLTT EDU CI

• American Press: Cyber and Tech Summit held for local government employees (11/29) https://www.americanpress.com/2023/11/29/cyber-and-tech-summit-held-for-local-government-employees

• As SAT Goes Digital, Schools Must Prepare for Disruption. Local school districts nationwide need to ensure the basic security and readiness of their network infrastructure before spring 2024. https://www.darkreading.com/vulnerabilities-threats/sat-goes-digital-schools-must-prepare

• Why the United States has to rethink its critical infrastructure strategy. The recent attacks on water utilities in the U.S. bring to light how our local facilities are no match against well-funded nation-state threat actors bent on doing us harm. https://www.scmagazine.com/perspective/why-the-united-states-has-to-rethink-its-critical-infrastructure-strategy

Governance, Risk, and Compliance

• 4 Metrics That Help CISOs Become Strategic Partners With the Board. To demonstrate the CISO role's value, frame your work using metrics that align with the most critical parts of every business: risk, growth, expenses, and people. https://www.darkreading.com/cybersecurity-operations/4-metrics-that-help-cisos-become-strategic-partners-with-board

• 20 federal agencies miss the deadline for implementing cyber incident tracking requirements, watchdog says

• The Government Accountability Office found that just three federal agencies were in compliance with the Office of Management and Budget’s advanced cyber event logging requirements. https://www.govexec.com/management/2023/12/20-federal-agencies-miss-deadline-implementing-cyber-incident-tracking-requirements-watchdog-says/392556/

• HHS Publishes Healthcare Sector Cybersecurity Strategy https://www.hipaajournal.com/hhs-publishes-healthcare-sector-cybersecurity-strategy/

Zero Trust

• MSSP Alert: Veeam Unveils Zero Trust Data Resilience (ZTDR) Model (12/07) https://www.msspalert.com/news/veeam-unveils-zero-trust-data-resilience-ztdr-model

• Zero Trust Maturity Model https://www.cisa.gov/zero-trust-maturity-model

Resources

• Security Boulevard: Dragos Offers Free OT Security Tools to Small Utilities (12/07) https://securityboulevard.com/2023/12/dragos-offers-free-ot-security-tools-to-small-utilities

OT, ICS, SCADA

• Ransomware, Data Breaches Inundate OT & Industrial Sector. Because of the criticality of remaining operational, industrial companies and utilities are far more likely to pay, attracting even more threat groups and a focus on OT systems. https://www.darkreading.com/ics-ot-security/ransomware-data-breaches-inundate-ot-industrial-sector

• Siemens PLCs Still Vulnerable to Stuxnet-like Cyberattacks. Security updates are tedious and difficult, so users continue to use a weak version of a core protocol and remain exposed to major attacks on critical infrastructure. https://www.darkreading.com/ics-ot-security/siemens-plcs-still-vulnerable-stuxnet-like-cyberattacks

Trends

• Almost 50% of organizations plan to reduce cybersecurity headcounts: Survey. While organizations are realizing the need for knowledgeable teams to address unknown threats, they are also looking to reduce their security headcount and infrastructure spending. https://www.csoonline.com/article/1251369/almost-50-organizations-plan-to-reduce-cybersecurity-headcounts-survey.html

• Hidden risk: Local governments are spending big to mop up after hacks and prevent new ones. That means peril—and opportunity—for investors who buy their bonds. Cybercrime has left schools, hospitals and utilities from Baltimore to Los Angeles struggling to pay ransom, restore services and boost security. Dented finances threaten credit ratings. https://www.wsj.com/finance/investing/a-hidden-risk-in-the-municipal-bond-market-hackers-d0ff1de2

• An Apple-commissioned data breach report found 2.6 billion records were stolen by hackers between 2021 and 2022. https://www.scmagazine.com/news/apple-backed-data-breach-report-says-2-6-billion-records-leaked-in-2-years

Awareness

• (JANUARY 21 - 27, 2024) The Data Privacy Week 2024 Champions Toolkit will be released in the coming weeks! Pre-register to receive your toolkit here. https://staysafeonline.org/programs/data-privacy-week/

• Hacking the Human Mind: Exploiting Vulnerabilities in the 'First Line of Cyber Defense' https://thehackernews.com/2023/12/hacking-human-mind-exploiting.html