Cybersecurity News of the Week, August 18, 2024

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Corner

A Cybercriminal may have released your Social Security number, email, and address. The information had been collected by a data broker, National Public Data. The company is now the defendant in a class action lawsuit.

Here are the top three things everyone must do to protect themselves:

  • Freeze your credit.
  • Use Multi Factor Authentication.
  • Always be suspicious online.

It’s beyond time for us – we the people – who are having our lives disrupted by the epidemic of cybercrime –  to follow the great words of Howard Beale in 1976’s Network: Get up out of your chairs, open the window, stick your head out, and yell, and say it: ‘I’m as mad as hell, and I’m not gonna take this anymore!’.

We need Congress and the White House to pass strong national privacy laws with opt-in, not opt-out. Like GDPR. Companies like National Public Data should need our permission before they can collect and sell our information.

We need Congress and the Administration to implement strong laws and regulations on the security controls these companies MUST have if they are to be entrusted with our information. Things like Secure by Design and Privacy by Design.

SecureTheVillage is here to help. Take our How Hackable Are You? test at SecureTheVillage and get our free 13-point guide. Sign up for our free weekly newsletter and our monthly Family Protection Newsletter. And if you’re an SMB, reach out to learn about LA Cybersecure, our team-based learn-by doing Program.

  • Massive Data Breach Includes Social Security Numbers, Potentially Affects Billions: In what could be one of the largest data breaches in history, personal information of potentially billions of individuals may have been compromised in a hack of National Public Data (NPD), a Florida-based background check company. The breach, which allegedly occurred in April 2024, has raised significant concerns about data security and identity theft risks.
  • Identity Theft Resource Center recommends credit freeze after Social Security number breach: An “incident” involving data that contained names and sensitive information might put you at risk, but it’s nothing new, experts say. … Cybersecurity experts say this incident is par for the course as companies amass data on consumers. … “Incidents like this should ideally stimulate a public conversation regarding the data aggregation industry,” said Robert Roccio, a threat analyst at cybersecurity company GroupSense. “It’s a massive business and it is worth considering whether these organizations are being responsible with the information they collect on ordinary Americans.” … James E. Lee, chief operating officer at Identity Theft Resource Center, a nonprofit that helps consumers deal with fraud, said that there is “nothing new” about this particular data haul and that SSNs already circulate online. … “The steps you need to take today are the steps you needed to be taking for years,” Lee said.
  • NationalPublicData.com Hack Exposes a Nation’s Data: A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records. We’ll also take a closer look at the data broker that got hacked — a background check company founded by an actor and retired sheriff’s deputy from Florida.

From SecureTheVillage

  • Upcoming Events
    • Cybersecurity is a Forest Fire and All I Have is a Garden Hose. Managing Emerging Threats without Burning Out. Dr. Stahl leads a panel discussion at AITP-LA meeting. August 29. 6:00 – 9:00PM. Accenture in DTLA
    • A Reasonable Approach to Reasonable Security. Save the Date. October 22, 2024. SecureTheVillage’s 5th Annual Reasonable Security Summit.
  • Smaller business? Nonprofit? Take your security to the next level. Apply Now! If you’re a small business or nonprofit in the greater Los Angeles area, apply NOW for LA Cybersecure. Protect your organization with our innovative team-based learn-by-doing program with coaching and guidance that costs less than two cups of coffee a week.
  • IT Service Provider / MSP? Take your client’s security to the next level. Apply Now!  If you’re an IT service provider in the greater Los Angeles area, apply NOW for LA Cybersecure. With our innovative team-based learn-by-doing program, you’ll have both that “seat at the table” and the peace of mind that you’re providing your clients with the IT security management they need. … The LA Cybersecure Program is funded in part by a grant from the Center for Internet Security (CIS) Alan Paller Laureate Program.
  • Family Protection Newsletter: Did you know we created the Family Protection Newsletter for non-cyber experts? For your parents, friends, those who need to protect themselves in a digital world. Sign up or share with a friend! Click here to learn more and quickly add to your free subscription! 
  • How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basic controls and download our free updated 13-step guide.
  • Please Support SecureTheVillage: We need your help if we’re to build a world of CyberGuardians TM. Please donate to SecureTheVillage. Thank you. It takes a village to secure the village. TM

Cybersecurity Nonprofit of the Week … National Cybersecurity Alliance,

Kudos this week to the National Cybersecurity Alliance, a non-profit organization on a mission to create a more secure, interconnected world. The Alliance is an advocate for the safe use of technology, educating everyone on how we can protect ourselves, our families, and our organizations from cybercrime. They create strong partnerships between governments and corporations to amplify their message and to foster a greater “digital” good, encouraging everyone to do their part to prevent digital wrongdoing of any kind. As they say, the real solution to cybercrime isn’t technology, it’s all of us doing our part.  Like SecureTheVillage, the National Cybersecurity Alliance is a member of Nonprofit Cyber, a coalition of implementation-focused cybersecurity nonprofits.

Cyber Humor

Section 2: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware. 

Instructive stories from The Wall Street Journal and PC Magazine. Please talk to your family about online dangers. Always be suspicious.

It’s time to update Windows. Another reminder of the need to keep your programs patched and updated.

Section 3: Cybersecurity and Privacy News for the Cyber-Concerned.

International cyber news this week.

  • Iranian news outlet reported that a major cyber attack targeted the Central Bank of Iran (CBI) and several other banks causing disruptions.:  A major cyberattack has targeted the Central Bank of Iran (CBI) and several other banks, leading to widespread disruptions in the country’s banking system, @IranIntl has learned. Initial assessments indicate this could be one of the largest cyberattacks ever against Iran. … This incident coincides with intensified international scrutiny of Iran’s operations in Middle East, as Teheran announced attacks on Israel unless a ceasefire is achieved in the Gaza conflict. Intelligence experts also blame Iran of attempting to influence the upcoming US Presidential election.
  • Russian spy agency hackers breach human rights groups, victims say: Traditional phishing attacks aimed to break into organizations advocating for Russian dissidents, among others. … Russian spy agencies are using deep knowledge about foreign and domestic opponents, reporters and human rights groups to target them with well-crafted phishing attacks, in some cases successfully, according to the groups and security researchers. … Reports published Wednesday by digital rights group Access Now and Canadian research nonprofit Citizen Lab include samples of the emails sent during the past two years to targets such as Russian rights organization First Department, which represents Russians accused of treason or espionage.
  • Russians team up with young, English-speaking hackers for cyberattacks | 60 Minutes: Cybersecurity investigators worry ransomware attacks may worsen as young, native-English speaking hackers in the U.S., U.K. and Canada team up with Russian hackers.

Kudos to the Justice Department and FBI.

  • Justice Department Disrupts North Korean ‘Laptop Farm’ Operation: Law enforcement authorities in the U.S. have arrested a Tennessee man accused of running a “laptop farm” that helped North Korean IT workers secure remote jobs at American companies.
    FBI Shuts Down Dispossessor Ransomware Group’s Servers Across U.S., U.K., and Germany: The U.S. Federal Bureau of Investigation (FBI) on Monday announced the disruption of online infrastructure associated with a nascent ransomware group called Radar/Dispossessor. … The effort saw the dismantling of three U.S. servers, three United Kingdom servers, 18 German servers, eight U.S.-based criminal domains, and one German-based criminal domain. Dispossessor is said to be led by individual(s) who go by the online moniker “Brain.”
  • How the Justice Department Is Changing Its Tactics on Cybercrime: The assistant attorney general for national security outlines where the biggest threats are coming from—and what kinds of attacks are most worrisome. … Cyber threats from nation-state adversaries against U.S. targets are growing, and it is Matthew Olsen’s job to stay on top of them. … Olsen, who has been the assistant attorney general for national security since 2021, leads the Justice Department’s efforts to fight terrorism, espionage, cybercrime and other threats to U.S. national security. … In an interview with Dustin Volz at The Wall Street Journal’s Tech Live: Cybersecurity conference in June, Olsen talked about the threat from China, why cyberattack-disclosure rules are sometimes waived and the challenges posed by ransomware, among other things.

Kudos also to Jon DiMaggio in infiltrating LockBit.

  • This cyber sleuth infiltrated the LockBit ransomware gang and unmasked its leader: The notorious LockBit was shrouded in mystery until Jon DiMaggio came along. … Through the looking glass: Security researchers are increasingly taking the fight to cybercriminals, actively tracking down and even infiltrating their groups – the trend is part of a broader strategy to gather intelligence and disrupt cybercriminal activities from within. They’ll often go full James Bond, creating fake personas and engaging in undercover operations to gain the trust of cybercriminals. This is the story of one such researcher. … In a tale that reads like a modern day cyber thriller, cybersecurity researcher Jon DiMaggio successfully unmasked the elusive leader of the notorious LockBit ransomware gang.

Special kudos to San Francisco City Attorney David Chiu for taking on the deepfake nude problem.

CSO Online has an in-depth retrospective on the Change Healthcare breach. Critical to th ebreach was Change Healthcare’s negligence in failing to implement Multi Factor Authentication (MFA) on a public portal.

  • The cyber assault on healthcare: What the Change Healthcare breach reveals: February’s ransomware attack is a wake-up call for healthcare execs – and a reminder to leaders in other industries about what can go wrong.  … The February 2024 ransomware attack on Change Healthcare put the state of healthcare cybersecurity in the headlines and in front of the US Congress, with aftershocks from the seismic event still being felt. … The monumental impact of the attack was evident nearly immediately. The ransomware group ALPHV (also known as BlackCat) hit Change Healthcare in February, stealing six terabytes of data — including sensitive personal information. … The hackers used compromised credentials to remotely access a Change Healthcare Citrix portal, technology that allowed remote access to desktops, on or around Feb. 12. Company officials have acknowledged that the portal was not protected with multifactor authentication, despite MFA being a now-standard enterprise security control. … Dealing with the incident will cost Change Healthcare’s parent company, UnitedHealth Group (UHG), more than $1 billion; that includes lost revenue, direct recovery costs and a $22-million Bitcoin payout to the hacker group. … Others suffered, too.

This week in cybercrime.

  • Carbon black supplier Orion loses $60 million in business email compromise scam: About $60 million was stolen from one of the leading suppliers of carbon products after an employee was tricked into making several wire transfers to cybercriminals. … The funds were stolen from Orion, a Luxembourg-based company that produces carbon black,  a material used to make tires, ink, batteries, plastics and more. … A spokesperson declined to explain the situation in detail but the company filed documents with the Securities and Exchange Commission (SEC) about the incident, which it discovered on Saturday. 
  • AutoCanada discloses cyberattack impacting internal IT systems: Hackers targeted AutoCanada in a cyberattack last Sunday that impacted the automobile dealership group’s internal IT systems, which may lead to disruptions. … The investigation has yet to determine if any data has been compromised during the incident. … The company says that although “business operations remain open at this time, the incident may result in disruptions until the relevant systems are fully restored.” … AutoCanada is a large car dealership operator that employs over 4,700 people. It operates 66 franchised dealerships in Canada covering 25 car brands and another 18 franchises in the United States that 16 car brands.
  • Columbus Mayor Ginther: ‘More personal information’ has likely been exposed in data breach: Ginther talks but somehow leaves much of what happened unanswered. … Columbus Mayor Andrew J. Ginther said Saturday during a media briefing that people should expect more bad news in the coming days and weeks about the ransomware attack resulting in reams of data and personal information about city employees and private citizens leaked onto the dark web. … The press conference marked the first time the mayor publicly acknowledged that private citizens’ data was included in the massive data breach that likely compromised a half-million Columbus residents, putting their finances at risk. … The press conference comes days after a local cybersecurity expert contradicted many of Ginther’s earlier assurances about the nature of the data stolen by a group known for attacking municipal governments and institutions that lacked appropriate IT security.

Section 4: Helping Executives Understand Why and Know How.

With 50% of respondents admitting breaches cost their organizations more than $1 million in lost revenue, cybersecurity is increasingly recognized as a Board responsibility. SecureTheVillage can help.

  • Survey: Senior Executives Being Held More Accountable for Cybersecurity: A global survey of 1,850 IT and cybersecurity decision-makers finds more than half (51%) reporting that directors or executives have faced fines, jail time, loss of position, or loss of employment following a cyberattack. … Conducted by Sapio Research on behalf of Fortinet, the survey also finds more than 50% of respondents admitting breaches cost their organizations more than $1 million in lost revenue, fines and other expenses last year. Just under a third also noted it took longer than a month to recover from a cyberattack. … As a result, nearly all respondents (97%) report their board sees cybersecurity as a business priority, with just under three quarters (72%) noting their board of directors was more focused on security in 2023 than the previous year.

Section 5:  Securing the Technology.

In an illustration of Security by Default, belated kudos to Microsoft for finally making MFA mandatory for Azure.

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge