This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.
Stan’s Corner
This is the week when election cybersecurity jumped to the top of the news. The Trump campaign has been hacked following a Microsoft report that Iran was targeting US Presidential campaigns. Voters in Illinois had their voter records exposed in misconfigured databases while a vulnerability in an online portal run by the Georgia Secretary of State’s Office would have allowed anyone to submit a voter cancellation request for any Georgian. It’s not over as CISA and the FBI issued a joint warning about potential attacks on the election infrastructure.
- We received internal Trump documents from ‘Robert.’ Then the campaign confirmed it was hacked.: The campaign suggested Iran was to blame. POLITICO has not independently verified the identity of the hacker or their motivation. … The scope of the information obtained by the hacker is unclear. But it represents a major security breach for former President Donald Trump’s campaign. … Former President Donald Trump’s campaign said Saturday that some of its internal communications had been hacked. … The acknowledgment came after POLITICO began receiving emails from an anonymous account with documents from inside Trump’s operation.
- Iranian hackers target U.S. presidential campaign official, Microsoft says: Iran-backed hackers targeted a high-ranking official at an unidentified U.S. presidential campaign in a June spear-phishing attack, Microsoft said in a new report released Friday.
- Millions of US Voter Data Exposed in 13 Misconfigured Databases: Cybersecurity researcher finds 4.6M Illinois voter records exposed in unsecured databases. Sensitive data including names, addresses, and SSNs were publicly accessible. Incident highlights vulnerabilities in election data security and potential for misuse. Learn more about the discovery and its implications.
- “A Terrible Vulnerability”: Cybersecurity Researcher Discovers Yet Another Flaw in Georgia’s Voter Cancellation Portal: Until Monday, a new online portal run by the Georgia Secretary of State’s Office contained what experts describe as a serious security vulnerability that would have allowed anyone to submit a voter cancellation request for any Georgian. All that was required was a name, date of birth and county of residence — information easily discoverable for many people online.
- CISA, FBI warn of potential DDoS attacks on 2024 elections: Two federal agencies urged voters to be prepared for distributed denial-of-service (DDoS) attacks on infrastructure used to support the 2024 election in November. … The FBI and Cybersecurity and Infrastructure Security Agency (CISA) published a public service announcement on Wednesday preemptively outlining what a DDoS attack on election infrastructure will look like.
From SecureTheVillage
- Smaller business? Nonprofit? Take your security to the next level. Apply Now! If you’re a small business or nonprofit in the greater Los Angeles area, apply NOW for LA Cybersecure. Protect your organization with our innovative team-based learn-by-doing program with coaching and guidance that costs less than two cups of coffee a week.
- IT Service Provider / MSP? Take your client’s security to the next level. Apply Now! If you’re an IT service provider in the greater Los Angeles area, apply NOW for LA Cybersecure. With our innovative team-based learn-by-doing program, you’ll have both that “seat at the table” and the peace of mind that you’re providing your clients with the IT security management they need. … The LA Cybersecure Program is funded in part by a grant from the Center for Internet Security (CIS) Alan Paller Laureate Program.
- Family Protection Newsletter: Did you know we created the Family Protection Newsletter for non-cyber experts? For your parents, friends, those who need to protect themselves in a digital world. Sign up or share with a friend! Click here to learn more and quickly add to your free subscription!
- How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basic controls and download our free updated 13-step guide.
- Please Support SecureTheVillage: We need your help if we’re to build a world of CyberGuardians TM. Please donate to SecureTheVillage. Thank you. It takes a village to secure the village. TM.
Cybersecurity Nonprofit of the Week … Cybercrime Support Network
Kudos this week to the Cybercrime Support Network, a nonprofit that helps consumers impacted by cybercrime. As a leading voice for cybercrime victims, the Cybercrime Support Network is dedicated to serving those affected by the ever growing impact of cybercrime by helping them to recognize, report and recover from an incident. Founded in 2017, Cybercrime Support Network (CSN) connects victims to resources, increases cybercrime and online fraud reporting, and decreases revictimization. Since its founding, CSN has provided help to millions of consumers via FightCybercrime.org and ScamSpotter.org.
Cyber Humor
Section 2: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.
A Consumer Reports study shows poor results from services claiming to delete your data from data broker sites.
- Services That Delete Your Data From People-Search Sites Don’t Work Very Well, Study Finds: EasyOptOuts and Optery performed the best in CR’s study. But doing the work yourself is more effective than all of them. … People-search sites are the fast-food outlets of the industry that peddles Americans’ personal information online, quickly and cheaply serving up data about pretty much anyone. Including you. … Try it. Just type your name into a search engine, and websites like Intelius, PeopleFinders, and Whitepages will display your birthday, home address, marital status, a list of your relatives, and more. … And anyone willing to spend a few dollars can see a lot in addition to that, including your educational and employment histories and public records of real estate transactions, marriages, divorces, lawsuits, bankruptcies, or arrests you’ve been associated with.
A BBC Reporter pretends to fall for a pig-butchering scam in this instructive video.
- ‘Pig butchering’ scammers target BBC reporter: A BBC reporter has been given an in-depth insight into how pig butchering scams work after being targeted himself. … Scammers refer to their victims as pigs, whom they fatten up to be “butchered” – or conned, out of as much money as possible. … Cyber correspondent Joe Tidy was befriended on Instagram by fraudsters pretending to be an attractive 36-year-old woman looking for a romantic relationship. … Knowing the profile for ‘Jessica’ was fake, the reporter played along for more than two months to find out what psychological tricks the pig butchers employ to trick victims around the world into investing into fake crypto schemes.
Section 3: Cybersecurity and Privacy News for the Cyber-Concerned.
While CrowdStrike and Delta continue their p*ssing contest, CISA head Jenn Easterly talks about the root cause: the poor state of software quality. She’s right that we need to fundamentally rethink our laws and regulations, and ultimately the culture in which software is built and maintained. Unfortunately, we’re bleeding now and it will take years to fix the root cause.
- CrowdStrike Hits Back in Heated Spat With Delta Over Global Tech Outage: The cybersecurity company said the airline should take the blame after it struggled to rebound from a software outage that caused disruptions worldwide.
- Delta to CrowdStrike: Don’t Blame Us for Tech Problems: Airline says cybersecurity company is shirking blame for July outage, which led carrier to cancel 7,000 flights; tech firm says it offered help. … Delta Air Lines ratcheted up efforts to seek compensation from CrowdStrike, blasting what it called the cybersecurity company’s “blame the victim” defense for a disruption that the airline said cost at least $500 million.
- Easterly: Cybersecurity is a software quality problem: LAS VEGAS — Jen Easterly, the head of the Cybersecurity and Infrastructure Security Agency, told attendees at the Black Hat security conference on Thursday that delivering major improvements in computer security will require a sea change in how companies approach building software. … Amid an epidemic of breaches, Easterly laid the blame squarely at the feet of the technology industry. “We don’t have a cybersecurity problem. We have a software quality problem,” she said. … “We have a multi-billion dollar cybersecurity industry because for decades, technology vendors have been allowed to create defective, insecure, flawed software,” Easterly said in her remarks. … To address that issue, Easterly and CISA have launched a secure by design pledge, the signatories of which commit to a series of principles to improve the security of how products are developed and deployed. Easterly said 200 companies have now signed that pledge since its launch in March.
An in-depth story of a great piece of cold-war sabotage.
- Moscow’s Spies Were Stealing US Tech — Until the FBI Started a Sabotage Campaign: During the early days of Silicon Valley, a tech industry entrepreneur teamed up with the FBI to ship faulty devices to Moscow. … One day at the dawn of the 1980s, an FBI agent in his 30s named Rick Smith walked into the Balboa Café, an ornate, historic watering hole in San Francisco’s leafy Cow Hollow neighborhood. Smith, who was single at the time, lived nearby and regularly frequented the spot.
The UN has passed a controversial cybercrime treaty opposed by human rights organizations.
- UN cybercrime treaty passes in unanimous vote: The United Nations passed its first cybercrime treaty on Thursday in a unanimous vote supporting an agreement first put forward by Russia. … The passage of the treaty is significant and establishes for the first time a global-level cybercrime and data access-enabling legal framework. … The treaty was adopted late Thursday by the body’s Ad Hoc Committee on Cybercrime and will next go to the General Assembly for a vote in the fall. It is expected to sail through the General Assembly since the same states will be voting on it there. … The agreement follows three years of negotiations capped by the final two-week session that has been underway. … Russia also supported the draft treaty, which was a surprise given earlier concerns raised by the country’s representative. … Opponents of the treaty include human rights organizations and big tech companies.
Meta blocks 63,000 accounts running sextortion scams.
- Meta takes down thousands of Facebook, Instagram accounts running sextortion scams from Nigeria: Meta said Wednesday that it has taken down about 63,000 Instagram accounts in Nigeria running sexual extortion scams and has removed thousands of Facebook groups and pages that were trying to organize, recruit and train new scammers.
A new report from Sophos shows how ransomware gangs are upping the pressure on victims.
- Turning the screws: The pressure tactics of ransomware gangs: Back in 2021, Sophos X-Ops published an article on the top ten ways ransomware operators ramp up pressure on their targets, in an attempt to get them to pay. Last year, X-Ops revealed that threat actors have since developed a symbiotic relationship with sections of the media, leveraging news articles as extortion pressure. Three years on, threat actors continue to adapt and change their tactics to increase leverage against their targets. … The methods we described in the 2021 article – such as threats to publish data, calling employees, and notifying customers and the media about breaches – are all still in use today. However, ransomware gangs are adopting some new, and concerning, tactics.
This week in cybercrime.
- Data Breach: 3 Billion National Public Data Records with SSNs Dumped Online: National Public Data, a service by Jerico Pictures Inc., suffered a massive breach. Hacker “Fenice” leaked 2.9 billion records with personal details, including full names, addresses, and SSNs in plain text. The breach poses significant risks for identity theft and financial fraud. Jerico Pictures Inc. faces potential lawsuits and legal challenges due to the incident.
- Home alarm company ADT says hackers obtained ‘limited’ customer data: The home security systems company ADT Inc. announced Wednesday that unauthorized hackers unlawfully broke into some databases storing customer order information. … The company said the incident happened “recently” but did not provide the date for the intrusion, according to a filing with the Securities and Exchange Commission (SEC). … ADT said that once it learned of the incident, it quickly worked to block the unauthorized access and began investigating the hack with the help of external cybersecurity experts. … Attackers made off with “limited” customer information, including email addresses, phone numbers and home addresses, ADT said.
- Ransomware Leads to $30M in Lost Income at Sonic Automotive: Numerous Dealers Disrupted by Attack Against Software Provider CDK Global. … On Monday, publicly traded Sonic Automotive told investors that a recent ransomware attack against one of its key service providers caused earnings per share to sink by a third during the quarter ending June 30. … Based in North Carolina, Sonic Automotive is one of the 500 largest U.S. publicly traded companies and the country’s fifth largest automotive retailer, measured by revenue.
- McLaren confirms cyber-attack on hospitals, clinics; compromised data remains unknown: GRAND BLANC, MI – McLaren Health Care confirmed the network of hospitals and clinics was the victim of a criminal cyberattack.
- Thursday cyber hack cripples Ohio State School Board Association ahead of back to school: The Ohio School Boards Association is the latest victim of a cyberattack Thursday, forcing the organization representing over 700 school boards across the state to sever its connection to the internet. … According to a letter sent to members, Kathy McFarland, OSBA CEO, said the organization noticed the attack on its online infrastructure on Thursday and immediately severed its connection to the internet. “The network breach quickly affected” normal operations, and services offered by the OSBA will be limited.
Section 4: Helping Executives Understand Why and Know How.
To beat your enemy, you must know your enemy and yourself.
- Fighting Back Against Multi-Staged Ransomware Attacks Crippling Businesses: Modern ransomware attacks are multi-staged and highly targeted. First, attackers research the target organization and its employees. … Traditional ransomware attacks were fairly straightforward. Attackers lured indiscriminate victims using social engineering and phishing tactics. Once victims were tricked into visiting a malicious website or opening a malicious link or attachment, they would execute malware that would spread rapidly and encrypt valuable files and folders. Hackers would then demand a ransom in return for decryption keys. … Modern ransomware attacks are quite different today because they are multi-staged and highly targeted. First, attackers research the target organization and its employees. Next, using custom phishing attacks, stolen credentials or unpatched vulnerabilities, attackers install a trojan or a stager in the victim’s machine. This trojan then modifies the victim’s machine, downloads updates and instructions from command and control [C&C or C2] servers and notifies hackers about the intrusion. While the program awaits instructions, it collects information about the victim’s environment, including passwords stored in a computer’s cache or a user’s browser.
