Cybersecurity News of the Week, April 14, 2024

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Top of the News

The growth of cybercrime is at the Top of the News this week as the FBI provides 2023 data showing a 22% cybercrime spike. Meanwhile, researchers at the University of Oxford have compiled the first-ever cybercrime index. No surprise: Russia ranks at the top.

  • FBI: More Than $12 Billion Lost to Online Fraud in 2023 : American consumers and business owners lost a record $12.5 billion last year to online scammers, marking a 22% spike in cybercrime over 2022, according to the FBI. … The agency says it also received a record number of complaints about online crimes last year — 880,000 — a bump of nearly 10%. … Losses due to online investment scams top the FBI’s list of 2023 cybercrimes, costing Americans $4.57 billion last year, up 38% over the $3.31 billion lost in 2022. Next on the list — with a price tag of $2.9 billion — are bogus business emails, where bad actors compromise legitimate business accounts and trick unsuspecting consumers into sending money, sensitive data or both. Tech support scams rose 15%, making them the third costliest scam of the year, totaling nearly $1 billion. Losses due to ransomware climbed 74% in 2023, draining Americans of nearly $60 million.
  • Russia Tops Global Cybercrime Index, New Study Reveals:  Russia is the most significant source of global cybercrime and serves as the top hub for digital threat actors worldwide, according to the newly released World Cybercrime Index. … The researchers behind the index, published Wednesday in the journal Plos One, said their study provides the first-ever definitive ranking of international cybercrime hotspots at a national level. The report reveals that the majority of global cyberthreat actors operate from a relatively small number of countries. Russia leads the list, followed by Ukraine, China, the United States, Nigeria and Romania.

Small and Midsize Organizations. Take your security to the next level. Apply Now! If you’re a small business, nonprofit, or IT / MSP in the greater Los Angeles area, apply NOW for LA Cybersecure, a pilot program with coaching and guidance that costs less than two cups of coffee a week. The LA Cybersecure Pilot Program is funded by a grant from the Center for Internet Security (CIS) Alan Paller Laureate Program.

Family Protection Newsletter: Did you know we created the Family Protection Newsletter for non-cyber experts? For your parents, friends, those who need to protect themselves in a digital world. Sign up or share with a friend! Click here to learn more and quickly add to your free subscription! 

How Hackable Are You? Take our test. Find out how hackable you are and download our free updated 13-step guide.

  • How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basics. Please take our short test as your answers will help you and guide us to improve community safety.

Upcoming events. Please join us.

  • Information Security Threat Briefing – A DFPI / FBI / SecureTheVillage Collaboration: SecureTheVillage in collaboration with the CA Department of Financial Protection and Innovation (DFPI) is hosting a cybersecurity threat briefing specifically designed for financial institutions, other fintech organizations, and their IT service providers, MSPs, insurance brokers, and others. FBI Supervisory Special Agent (SSA) Michael Sohn is the keynote speaker. Friday, April 19, 8:30 am – 10:00 am PT.
  • Los Angeles Cybersecurity Workforce Coalition: The monthly meeting of the workforce coalition, Tue, May 7, 1:00 pm – 2:00 pm PT. The LA Cybersecurity Workforce Coalition is for employers, educators, government, nonprofits, and others with a professional interest in the cybersecurity workforce challenge.

Please Support SecureTheVillage.

  • We need your help if we’re to build a world of CyberGuardians TM. Please donate to SecureTheVillage. Thank you. It takes a village to secure the village. TM

Cyber Humor

Cybersecurity Nonprofit of the Week … The Anti Phishing Working Group (APWG)

Kudos this week to the Anti Phishing Working Group (APWG). APWG unifies the global response to common cybercrimes and related infrastructure abuse through technical diplomacy; curation of a real-time clearinghouse of internet event data; development of applied research; and deployment and maintenance of global cybersecurity awareness campaigns. All of us can help APWG help us by forwarding malicious-appearing phishing messages to Like SecureTheVillage, APWG is a fellow-member of Nonprofit Cyber.

Section 2 – Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware. 

Microsoft’s Patch Tuesday is another reminder of the importance of keeping your computers patched and updated.

  • April’s Patch Tuesday Brings Record Number of Fixes: If only Patch Tuesdays came around infrequently — like total solar eclipse rare — instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month’s patch batch — a record 147 flaws in Windows and related software.

For your “kick-the-bucket-list,” don’t forget your social media sites.

Doubly devastating. You withdraw money from your retirement account, giving it to a scammer for “investing.” The scammer steals your money. And the IRS expects you to pay taxes on the money you withdrew from your retirement account.

  • Senate investigation shows scam victims being taxed on their stolen funds: Investigators from the Senate Special Committee on Aging are releasing a report Thursday detailing the cases of a dozen elderly and other scam victims facing large tax bills on the money that was stolen from them. … The report includes interviews with victims and tax experts who described the cascading misfortune faced by retirees from Pennsylvania, Ohio, Florida, Utah and California. They said getting hit twice — first by sophisticated thieves, then by the federal government — has left them financially devastated and with a deep sense of betrayal. … The investigation has been overseen by committee chairman Bob Casey (D-Pa.), who has made the issue a priority.

Section 3 – Cybersecurity and Privacy News for the Cyber-Concerned.

Supplementing our Top-of-the News, here’s several stories on the evolving cybersecurity landscape. Even as the big players are getting better at defense, attacks are rising,  Kevin Mandia, CEO of Mandiant, says there’s “more malware, more threat actors, they’re better at what they do and they’re more impactful when they’re successful.”

  • What keeps CISOs up at night? Mandiant leaders share top cyber concerns: A trio of top brass for Mandiant shared the emerging advanced tactics, techniques and procedures that they see troubling cyber professionals. … An increasing volume of zero days — 97 total in the last year. The evolution of cyber extortion to now include physical threats and advanced coercion. More and more threat actors “living off the land.” … These are but a few of the top concerns that keep chief information security officers up at night, according to the top leaders of cybersecurity firm Mandiant, now a subsidiary of Google Cloud. … “There’s more of everything bad,” Mandia said of the cyber threat landscape. … “We’re bringing far more awareness to the problems” and the cybersecurity industry has made “a lot of improvements,” he said. …
  • Price of zero-day exploits rises as companies harden products against hackers: Tools that allow government hackers to break into iPhones and Android phones, popular software like the Chrome and Safari browsers, and chat apps like WhatsApp and iMessage, are now worth millions of dollars — and their price has multiplied in the last few years as these products get harder to hack. … On Monday, startup Crowdfense published its updated price list for these hacking tools, which are commonly known as “zero-days” because they rely on unpatched vulnerabilities in software that are unknown to the makers of that software. … Companies like Crowdfense and one of its competitors, Zerodium, claim to acquire these zero-days with the goal of reselling them to other organizations, usually government agencies or government contractors, which claim they need the hacking tools to track or spy on criminals. … Crowdfense is now offering between $5 million and $7 million for zero-days to break into iPhones; up to $5 million for zero-days to break into Android phones; up to $3 million and $3.5 million for Chrome and Safari zero-days, respectively; and $3 million to $5 million for WhatsApp and iMessage zero-days.
  • Hospital IT Helpdesks Targeted By Voice Fraudsters, Warns HHS: The US Department of Health and Human Services (HHS) has warned IT helpdesk operators in the sector of a surge in sophisticated social engineering attacks designed to divert funds to attacker bank accounts. …. The notice from the HHS Office of Information Security and the Health Sector Cybersecurity Coordination Center claimed that the threat actors typically call claiming to be an employee in a financial role – spoofing their phone number to appear as if it has a local area code.
  • Apple alerts users in 92 nations to mercenary spyware attacks: Apple sent threat notifications to iPhone users in 92 countries on Wednesday, warning them that they may have been targeted by mercenary spyware attacks.

The U.S. Cyber Command continues to support our allies as we work together to keep the Information Superhighway safe.

  • 22 ‘hunt forward’ missions deployed overseas in 2023, Cyber Command leader says: U.S. Cyber Command expanded the use of its elite digital warfighting corps in 2023, deploying the team nearly two dozen times around the globe to uncover malicious software and bolster the defenses of allies, the command’s chief said on Wednesday. … The command sent personnel from the Cyber National Mission Force (CNMF) on 22 “hunt forward” missions to 17 different countries last year alone, Air Force Gen. Timothy Haugh, who also leads the National Security Agency, said in written testimony to the Senate Armed Services Committee. … The disclosure is notable for the command, which has previously not shared an annual figure for such missions since they began in 2018.

Seems the security news for Microsoft hasn’t been particularly good lately.  We all need them to raise their security game.

  • Microsoft employees exposed internal passwords in security lapse: Microsoft has resolved a security lapse that exposed internal company files and credentials to the open internet. … Security researchers discovered an open and public storage server hosted on Microsoft’s Azure cloud service that was storing internal information relating to Microsoft’s Bing search engine. … The Azure storage server housed code, scripts and configuration files containing passwords, keys and credentials used by the Microsoft employees for accessing other internal databases and systems. … But the storage server itself was not protected with a password and could be accessed by anyone on the internet.

The discovery of the XZ Backdoor may have prevented a massive attack on our way of life. That’s why it was our lead story last week. Here’s a look down the XZ rabbit hole ferretting out how it happened.

  • The Story Behind The XZ Backdoor Is Way More Fascinating Than It Should Be: It would appear that this backdoor was years in the making. In 2021, someone with the username JiaT75 made their first known commit to an open source project. … As Wired notes, this appears to be a slow burn operation, likely state sponsored, using the openness of open source technology, combined with the social engineering to slip in this very dangerous backdoor. … So, as it stands, it appears that a long con scam was under way. This scam allowed someone (or some agency) to get extra power over some random dependency found in most versions of Linux, through social engineering. … Then, as that user gained more and more trust — and control —, they were eventually able to slip in a backdoor that had the potential to be massively dangerous. It was only stopped because one dude found that some process appeared to be running a bit slow.

This week in cybercrime

  • Second Ransomware Group Demands UnitedHealth Pay for Stolen Data: As UnitedHealth Group continues to recover from February’s ransomware attack, the company is facing a new potential threat. A second hacking group is demanding the health insurance provider pay another ransom or else it’ll sell the company’s stolen data to the highest bidder.
  • Why CISA is Warning CISOs About a Breach at Sisense: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening.
  • US think tank Heritage Foundation hit by cyberattack: Conservative think tank The Heritage Foundation said on Friday that it experienced a cyberattack earlier this week. … A person with knowledge of the cyberattack told TechCrunch that efforts at Heritage were underway to remediate the cyberattack, but said that it wasn’t immediately known what, if any, data was taken.
  • After failed ransomware attack, hackers stole data on 533k people from Wisconsin insurance company: One of the largest health insurance companies in Wisconsin said hackers that launched a failed ransomware attack were still able to steal troves of sensitive information on more than half a million people.
  • Universities in New Mexico, Oklahoma respond to ransomware attacks: Cybercriminals forced class cancellations, limited access to critical staff systems and exposed the sensitive information of thousands of students at a university in New Mexico, and a school in Oklahoma continued to assess damage caused by a ransomware gang. 

Section 4 – Securing the Corporate Technology Infrastructure.

  • Critical Bitdefender Vulnerabilities Let Attackers Gain Control Over System: Update now.
  • “Highly capable” hackers root corporate networks by exploiting Palo Alto Networks firewall 0-day: No patch yet for unauthenticated code-execution bug in  firewall. … The vulnerability, which has been under active exploitation for at least two weeks now, allows the hackers with no authentication to execute malicious code with root privileges. … Any organization that uses a vulnerable configuration of a PAN firewall should make investigating and any necessary remediation a top priority. Volexity, security firm Rapid7, and Palo Alto Networks provide indicators of compromise and detection guidance here, here, and here.
  • CISA Releases Malware Next-Gen Analysis System for Public Use: CISA’s Malware Next-Gen system is now available for any organization to submit malware samples and other suspicious artifacts for analysis. … The US government’s cybersecurity agency CISA has released its threat hunting and internal malware analysis system for public use, promising capabilities for the automatic analysis of potentially malicious files or uniform resource locators (URLs).  … The system, called Malware Next-Gen, will now be available for any organization to submit malware samples and other suspicious artifacts for analysis and will allow CISA to more effectively support partners by automating analysis of newly identified malware.

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge