Cybersecurity News of the Week, August 20, 2023

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Top of the News

Small organizations continue to be an easy target for cybercriminals. As we’ve written regularly, every small organization is at risk – often existential risk – from cybercrime. Managing this risk requires executive leadership and formal management. It also requires ACTION. Strengthening cyber defenses isn’t something to put in next year’s budget. It’s something to do NOW before it’s too late.

Our first story is about how small businesses are being threatened by attacks on MSPs and IT service providers. Think about it – You get hacked because your IT service provider got hacked … and they have the keys to YOUR kingdom.

The next two stories demonstrate how cybercriminals are upping their game, finding new ways to attack and using AI to do it.

The final story provides several additional illustrations of cyber scams targeting small organizations. Most importantly, it also offers protection advice to small business owners; advice on managing information risk. It features an interview with Michael Sohn, FBI SSA and SecureTheVillage friend.

  • ‘Play’ Ransomware Group Targeting MSPs Worldwide in New Campaign: Attackers use remote monitoring and management tools at MSPs to gain unfettered access to target networks. … The fast-rising Play ransomware group that targeted the City of Oakland earlier this year is now hitting managed service providers (MSPs) around the globe in a cyberattack campaign to distribute ransomware to their downstream customers. … Play’s targets appear to be midsized businesses in the finance, legal, software, shipping, law enforcement, and logistics sectors in the US, Australia, UK, Italy, and other countries, Adlumin said in a report this week. Researchers at Adlumin who are tracking the campaign as PlayCrypt say the attacker is also targeting state, local, and tribal entities in these countries as well.
  • Hackers are increasingly hiding within services such as Slack and Trello to deploy malware: A new analysis unpacks a wide array of malware abusing legitimate internet services and what defenders should do to stop it. … Criminal hackers have always abused legitimate web services such as Gmail and Facebook to do their bidding, but increasingly they are finding new ways of blending into popular applications to avoid detection and find unsuspecting victims.
  • AI Is Generating Security Risks Faster Than Companies Can Keep Up: Rapid growth of generative AI-based software is challenging business technology leaders to keep potential cybersecurity issues in check. … Generative artificial intelligence-based tools are set to offer workers an enormous productivity boost, but business technology leaders charged with implementing them are scrambling to understand their potential cybersecurity risks.
  • Phishing scams targeting small business on social media including Meta are a ‘gold mine’ for criminals: Small business owners are reliant on social media like Meta’s Facebook and Instagram for customer contact and growth, and many have built successful followings. … However, the success has come with a cost, with hacking rings taking advantage of Main Street through phishing scams and other means of cyber extortion. … Demands for ransom to regain control of social media accounts can be costly, and the alternative is starting all over again.

New. Family Protection Newsletter: Did you know we created the Family Protection Newsletter, for non-cyber experts? For your parents, friends, those who need to protect themselves in a digital world. Sign up or share with a friend! Click here to learn more and quickly add to your free subscription! 

How Hackable Are You? Take our test. Find out how hackable you are and download our free 8-step guide.

  • How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basics. Please take our short quiz as your answers will help you and guide us to improve community safety.

Upcoming events. Please join us.

Cyber Humor

Cybersecurity Nonprofit of the Week  … Open Cybersecurity Alliance

Kudos this week to the Open Cybersecurity Alliance (OCA). The Alliance works with other organizations to make sure cybersecurity tools work effectively with the other technology buried deep inside the Internet. That the Internet is as secure as it is owes a lot to OCA and their commitment to Internet security. We’re happy to spotlight OCA so our readers can better appreciate the work being done by nonprofits like OCA. Like SecureTheVillage, the Open Cybersecurity Alliance is a member of Nonprofit Cyber.

Live on Cyber with Dr. Stan Stahl – Live on LinkedIn and Your Favorite Podcast Platform

Cyber Security Framework 2.0: (Video) (Podcast): The National Institute of Standards and Technology (NIST) has released a draft of Cyber Security Framework 2.0. It will make waves in the cyber world and for all the right reasons. These include the identification of a new 6th function—Governance—and a spotlight on cybersecurity supply chain risk management. The inclusion of action-guided implementation examples will be transformational in helping smaller organizations. Dive into this episode of Live on Cyber as Stan and Julie dissect the Top 3 monumental shifts in the NIST Cybersecurity Framework 2.0.

Section 2 – Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware. 

Lest there be any doubt about the heartlessness of hackers and the depths of depravity they’re willing to go to steal your money, look no further than the following story.

The FBI has issued a warning that cybercriminals are using beta-testing programs to lure victims.

  • FBI warns about scams that lure you in as a mobile beta-tester: The US Federal Bureau of Investigation (FBI) has just published an official public service announcement headlined with with a very specific warning: Cybercriminals Targeting Victims through Mobile Beta-Testing Applications. … A lot of these scammers start in just the same way as romance scammers: by “meeting” victims on online dating sites using fake profiles, and by building up a friendship and an apparent sense of mutual trust. … Then, instead of drawing their victims into a relationship based on love and emotional affection, they initiate a relationship based more directly on money, usually based on the lure of a cryptocurrency “investment” that isn’t open to just anyone.

Google has made good on their promise to offer protection against AirTag stalking to Android users.

Wirecutter offers an extensive story on the government’s plans to provide more transparancy for Smart Home technology. While properly skeptical of any plan that relies on volunteer industry participation, the story offers an excellent analysis of what’s good along with the bad and the ugly.

  • Uncle Sam Has a Plan to Secure Your Smart Home. Here’s Why We’re Skeptical: The smart home often gets a bad rap. People worry that their devices are snooping on them or sending personal data to nefarious companies. Or that their every move and purchase is being tracked. Or that some creepy rando can talk to their kids through their own security camera. … The threat is real, and industry-wide standards for security measures don’t exist. … That’s changing soon. The Federal Communications Commission recently announced that, in cooperation with the White House and a collective of retailers and device manufacturers, it will launch the U.S. Cyber Trust Mark, a program to certify the privacy and security features of a broad array of smart devices. The big idea is that the program will make it easier for people to make informed, secure choices.

Caveat emptor – buyer beware – as more product reviews are being written by AI-driven “review farms.”

Section 3 – Cybersecurity and Privacy News for the Cyber-Concerned.

CISA Director Jen Easterly warns we could be in for a bumpy ride as tensions with China escalate.

Meanwhile the White House continues to pressure federal agencies to shore up their cyber-defenses.

  • White House orders federal agencies to shore up cybersecurity, warns of potential exposure: The White House ordered federal agencies to shore up their cybersecurity after agencies have lagged in implementing a key executive order President Joe Biden issued in 2021, according to a memo first obtained by CNN. … Multiple federal departments and agencies have, as of the end of June, “failed to fully comply” with critical security practices prescribed by the executive order, “leaving the U.S. Government exposed to malicious cyber intrusions and undermining the example the Government must set for adequate cybersecurity practices,” national security adviser Jake Sullivan said in a memo to Cabinet secretaries this week.

Be Careful. Cybercriminals are using QR-codes in their emails to bypass phishing defenses. While this attack seems to focus on the energy sector, expect to see other cyber-criminal gangs use the same technique in other attacks.

  • A massive phishing campaign using QR codes targets the energy sector: A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. … Starting from May 2023, researchers from Cofense discovered a large-scale phishing campaign using QR codes in attacks aimed at stealing the Microsoft credentials of users from multiple industries. … One of the organizations targeted by hackers is a notable energy company in the US.

This week in cybercrime. Continued fallout from MOVEit debacle. Another school district falls victim. A major real estate listing host has gone offline. And closes its doors following a breach.

  • New York Life data exposed in third-party breach: New York Life Insurance Company (NYLIC), one of the world’s largest corporations, was exposed to the MOVEit Transfer attacks via third-party vendor Pension Benefit Information (PBI).
  • Colorado warns 4 million of data stolen in IBM MOVEit breach: The Colorado Department of Health Care Policy & Financing (HCPF) is alerting more than four million individuals of a data breach that impacted their personal and health information.
  • Suburban DC school district responds to cyberattack: Prince George’s County Public Schools — one of the largest school districts in the United States — announced on Monday that it discovered a cyberattack on its network. … The district is the second-largest in Maryland and serves more than 130,000 students in the Washington, D.C., suburbs. Officials did not respond to requests for comment.
  • Real estate industry grapples with cyberattack on Rapattoni: Property data listing host has been down for several days. … Real estate agents in the Bay Area and various parts of the country are facing significant challenges as they grapple with the aftermath of a cyberattack on a Southern California data host for property listing information. … “It’s paralyzed the real estate industry,” Coldwell Banker agent Peg King of Petaluma told the outlet. “We can’t add listings. We can’t make price changes. We have no idea how to show properties unless we try to figure out who has something listed.”
  • suffers massive data breach, announces closure: Hackers stole the data of 760,000 users. …, a service that allowed users to create custom links for their Discord channels, is closing down following a large data breach. … A hacker stole the data of 760,000 users, per TechRadar, and has posted a sample on Breached Forums in order to potentially sell it. The site now displays a message saying “we are stopping all operations for the foreseeable future”.

And from DEFCON, a “Capture The Flag” contest to capture a satellite. As if we needed another example of how vulnerable our systems are.

  • How a hacking crew overtook a satellite from inside a Las Vegas convention center and won $50,000: The first capture the flag with an real-time in-orbit satellite took place over the weekend at the DEF CON conference. In a room almost overflowing with spectators inside Caesars Forum, the main venue for this year’s DEF CON hacking conference, five teams of hackers from around the world waited anxiously to see who would be named the winner of the first-ever capture the flag in space.

Section 4 – Managing  Information Security and Privacy in Your Organization.

See our Top of the News for the story about MSPs and IT service providers being under attack. If you’re an MSP, double and triple check your defenses. If you buy IT services, make sure sure your IT service provider isn’t putting you at risk.

If your IT uses Citrix, make sure they’ve got this covered.

  • CISA, experts warn of Citrix vulnerabilities being exploited by hackers: Alarms have been raised about several vulnerabilities affecting products from Citrix that are being exploited widely by a variety of threat actors. … On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency said a vulnerability affecting the Citrix Content Collaboration tool had been exploited and mandated that U.S. federal civilian agencies patch the issue by September 6. … Citrix released a warning about the bug — tracked as CVE-2023-24489 — on June 13, telling users that the issue affects the “customer-managed ShareFile storage zones controller.”

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge