Cyber Risk Update 8 DEC 2023
This is a selection of this week's events. For more news and advisories, check out our discord server. CIKR Cyber Sentinels discord server. This server is focused on cybersecurity collaboration with critical infrastructure stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V
Alerts
The 3 Most Prevalent Cyber Threats of the Holidays https://thehackernews.com/2023/12/ransomware-as-service-growing-threat.html
Tech Spective: Navigating Cyber Threats This Holiday Season (12/07) https://techspective.net/2023/12/07/navigating-cyber-threats-this-holiday-season
Incidents
Attackers breach US government agencies through ColdFusion flaw https://www.csoonline.com/article/1251480/attackers-breach-us-government-agencies-through-coldfusion-flaw.html
The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident. https://www.nissan.com.au/website-update.html
Medical products maker Henry Schein disclosed that more than 29,000 employees had their personal data exposed in a September cyberattack. https://apps.web.maine.gov/online/aeviewer/ME/40/6a08eecd-1ccf-451e-a419-a0b873114853.shtml
Japan's Space Program at Risk After Microsoft Active Directory Breach. The agency, known as JAXA, has shut down parts of its network as it conducts an investigation to discover the scope and impact of the breach. https://www.darkreading.com/cyberattacks-data-breaches/japan-space-program-risk-microsoft-active-directory-breach
Stockton Hospital Struck by Hackers. Dameron Hospital in Stockton, Calif., has rescheduled some procedures after a cyberattack. The incident hasn’t affected emergency room or patient care procedures at the 200-bed facility, but the hospital said it is working with third-party providers to understand what has happened. https://www.beckershospitalreview.com/cybersecurity/california-hospital-in-downtime-processes-after-cyberattack.html
Liability
Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds. Joe Sullivan, spared prison time, weighs in on the lessons learned from the 2016 Uber breach and the import of the SolarWinds CISO case. https://www.darkreading.com/cyberattacks-data-breaches/6-years-of-silence-former-uber-ciso-speaks-out-on-data-breach-solarwinds
Feds Levy First-Ever HIPAA Fine for a Phishing Breach https://www.govinfosecurity.com/feds-levy-first-ever-hipaa-fine-for-phishing-breach-a-23812
TTP and Malware
Here's more on that 23andMe data breach: it all started with credential-stuffing. Note to users: do not reuse any passwords. https://www.darkreading.com/cyberattacks-data-breaches/23andme-files-credential-stuffing-attack-with-sec
New 5Ghoul attack impacts 5G phones with Qualcomm, MediaTek chips https://www.bleepingcomputer.com/news/security/new-5ghoul-attack-impacts-5g-phones-with-qualcomm-mediatek-chips/
Proxy Trojan Targets macOS Users for Traffic Redirection https://www.darkreading.com/vulnerabilities-threats/3-most-prevalent-cyber-threats-holidays
Ransomware-as-a-Service: The Growing Threat You Can't Ignore https://thehackernews.com/2023/12/ransomware-as-service-growing-threat.html
The Hacker News: New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices (12/07) https://thehackernews.com/2023/12/new-bluetooth-flaw-let-hackers-take.html
Security Week: Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images (12/06) https://www.securityweek.com/many-consumer-enterprise-devices-exposed-to-attacks-via-malicious-uefi-logo-images
23andMe Hack Is Wake-Up Call About Passwords. Hackers most likely broke into 23andMe user accounts using passwords stolen from other websites that were reused. So-called credential stuffing attacks have become more common in recent years. https://www.wsj.com/tech/personal-tech/23andme-breach-hack-passwords-7587015f
Nation States
US, UK Say Russia Targeted Officials in Political Cyber Campaign https://www.insurancejournal.com/news/national/2023/12/08/751238.htm
The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas of interest, for information-gathering activity. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-341a
The New York Times: Russia’s Latest Disinformation Tactic Exploits American Celebrities (12/07) https://www.nytimes.com/2023/12/07/technology/russia-disinformation-mike-tyson-priscilla-presley.html
Iran Threatens Israel's Critical Infrastructure With 'Polonium' Proxy. Cyber mimics life, as Iran uses Lebanese hackers to attack its bête noire. https://www.darkreading.com/ics-ot-security/iran-threatens-israel-critical-infrastructure-polonium-proxy
Internet propagandists aligned with Russia have duped at least seven Western celebrities, including Elijah Wood and Priscilla Presley, into recording short videos to support its online information war against Ukraine, according to new security research by Microsoft. Russia has denied engaging in disinformation campaigns. Read the full WSJ story. https://www.wsj.com/tech/cybersecurity/actors-recorded-videos-for-vladimir-it-turned-into-russian-propaganda-7ff2ce8e
SLTT EDU CI
American Press: Cyber and Tech Summit held for local government employees (11/29) https://www.americanpress.com/2023/11/29/cyber-and-tech-summit-held-for-local-government-employees
As SAT Goes Digital, Schools Must Prepare for Disruption. Local school districts nationwide need to ensure the basic security and readiness of their network infrastructure before spring 2024. https://www.darkreading.com/vulnerabilities-threats/sat-goes-digital-schools-must-prepare
Why the United States has to rethink its critical infrastructure strategy. The recent attacks on water utilities in the U.S. bring to light how our local facilities are no match against well-funded nation-state threat actors bent on doing us harm. https://www.scmagazine.com/perspective/why-the-united-states-has-to-rethink-its-critical-infrastructure-strategy
Governance, Risk, and Compliance
4 Metrics That Help CISOs Become Strategic Partners With the Board. To demonstrate the CISO role's value, frame your work using metrics that align with the most critical parts of every business: risk, growth, expenses, and people. https://www.darkreading.com/cybersecurity-operations/4-metrics-that-help-cisos-become-strategic-partners-with-board
20 federal agencies miss the deadline for implementing cyber incident tracking requirements, watchdog says
The Government Accountability Office found that just three federal agencies were in compliance with the Office of Management and Budget’s advanced cyber event logging requirements. https://www.govexec.com/management/2023/12/20-federal-agencies-miss-deadline-implementing-cyber-incident-tracking-requirements-watchdog-says/392556/
HHS Publishes Healthcare Sector Cybersecurity Strategy https://www.hipaajournal.com/hhs-publishes-healthcare-sector-cybersecurity-strategy/
Zero Trust
MSSP Alert: Veeam Unveils Zero Trust Data Resilience (ZTDR) Model (12/07) https://www.msspalert.com/news/veeam-unveils-zero-trust-data-resilience-ztdr-model
Zero Trust Maturity Model https://www.cisa.gov/zero-trust-maturity-model
Resources
Security Boulevard: Dragos Offers Free OT Security Tools to Small Utilities (12/07) https://securityboulevard.com/2023/12/dragos-offers-free-ot-security-tools-to-small-utilities
OT, ICS, SCADA
Ransomware, Data Breaches Inundate OT & Industrial Sector. Because of the criticality of remaining operational, industrial companies and utilities are far more likely to pay, attracting even more threat groups and a focus on OT systems. https://www.darkreading.com/ics-ot-security/ransomware-data-breaches-inundate-ot-industrial-sector
Siemens PLCs Still Vulnerable to Stuxnet-like Cyberattacks. Security updates are tedious and difficult, so users continue to use a weak version of a core protocol and remain exposed to major attacks on critical infrastructure. https://www.darkreading.com/ics-ot-security/siemens-plcs-still-vulnerable-stuxnet-like-cyberattacks
Trends
Almost 50% of organizations plan to reduce cybersecurity headcounts: Survey. While organizations are realizing the need for knowledgeable teams to address unknown threats, they are also looking to reduce their security headcount and infrastructure spending. https://www.csoonline.com/article/1251369/almost-50-organizations-plan-to-reduce-cybersecurity-headcounts-survey.html
Hidden risk: Local governments are spending big to mop up after hacks and prevent new ones. That means peril—and opportunity—for investors who buy their bonds. Cybercrime has left schools, hospitals and utilities from Baltimore to Los Angeles struggling to pay ransom, restore services and boost security. Dented finances threaten credit ratings. https://www.wsj.com/finance/investing/a-hidden-risk-in-the-municipal-bond-market-hackers-d0ff1de2
An Apple-commissioned data breach report found 2.6 billion records were stolen by hackers between 2021 and 2022. https://www.scmagazine.com/news/apple-backed-data-breach-report-says-2-6-billion-records-leaked-in-2-years
Awareness
(JANUARY 21 - 27, 2024) The Data Privacy Week 2024 Champions Toolkit will be released in the coming weeks! Pre-register to receive your toolkit here. https://staysafeonline.org/programs/data-privacy-week/
Hacking the Human Mind: Exploiting Vulnerabilities in the 'First Line of Cyber Defense' https://thehackernews.com/2023/12/hacking-human-mind-exploiting.html
Comments