Cybersecurity News of the Week, December 3, 2023

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Top of the News

We have two stories in our Top of the News this week, both pointing out how systemically unprepared we are as a nation to manage the impact of hacking and cybercriminal activity. Kudos to New York and their work to do by regulation what companies should do in their own self-interest. We need national laws to the same effect. And let’s “hope” that any agreement by the government to backstop the cyber insurance industry in the event of a major attack includes strict requirements that basic cyber hygiene be a requirement for cyber insurance. As the story in Section 3 about Iranian hackers hitting water districts illustrates, basic cyber hygiene must include a requirement that all default passwords be changed. Beyond changing default passwords, all companies in critical industries need to be required to implement either the NIST Cybersecurity Framework or the Center for Internet Security’s basic controls (IG1).

  • NY reaches $1M breach settlement with First American Title Insurance: The company exposed millions of documents of non-public customer data through a vulnerability in a proprietary application. … The New York State Department of Financial Services reached a $1 million settlement with First American Title Insurance Co. for violations stemming from a 2019 data leak. … The May 2019 breach exposed 885 million documents of non-public customer data due to a vulnerability in the company’s proprietary EaglePro application, the state agency said. The documents dated back to 2003. … The investigation found the company, the second-largest title insurance company in the U.S., failed to maintain effective governance and classification, proper access controls and risk assessment policies. First American agreed to implement measures to better secure customer data.
  • Cyber Insurers Warn Catastrophic Hacks Will Require Government Help: U.S.  officials and insurers plan April meeting on federal cyber insurance backstop. … A cyberattack that disrupts everyday life in the U.S. will likely cost more than the insurance industry can afford to cover, requiring government intervention, insurers and brokers said. … The idea of a federal backstop to help insurers cope in the event of a catastrophic cyberattack has been examined by the government in recent years, but has gained momentum with tandem efforts at the Treasury Department, the Office of the National Cyber Director and the Cybersecurity and Infrastructure Security Agency over the past year.

Small and Midsize Organizations. Take your security to the next level. Apply Now! If you’re a small business, nonprofit, or IT / MSP in the greater Los Angeles area, apply NOW for LA Cybersecure, a pilot program with coaching and guidance that costs less than two cups of coffee a week. The LA Cybersecure Pilot Program is funded by a grant from the Center for Internet Security (CIS) Alan Paller Laureate Program.

Family Protection Newsletter: Did you know we created the Family Protection Newsletter for non-cyber experts? For your parents, friends, those who need to protect themselves in a digital world. Sign up or share with a friend! Click here to learn more and quickly add to your free subscription! 

How Hackable Are You? Take our test. Find out how hackable you are and download our free updated 13-step guide.

  • How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basics. Please take our short test as your answers will help you and guide us to improve community safety.

Upcoming events. Please join us.

Please Support SecureTheVillage.

  • We need your help if we’re to build a world of CyberGuardians. Please donate to SecureTheVillage. Thank you for being part of our village. It takes a village to secure the village. TM     

Cyber Humor

Nonprofit of the Week  …  Nonprofit Cyber

Kudos this week to the 36 nonprofits comprising Nonprofit Cyber. the coalition of nonprofit organizations that focus on raising the bar in cybersecurity. Nonprofit Cyber coalition members collaborate, work together on projects, voluntarily align activities to minimize duplication and increase mutual support, and link the community to key stakeholders with a shared communication channel. Nonprofit Cyber has compiled the Nonprofit Cyber Solutions Index. This is the first comprehensive index of actual cybersecurity capabilities provided by the nonprofit community. In particular, the index identifies a large selection of free or low-cost cybersecurity capabilities for individuals, small businesses, and others left behind in the current environment. SecureTheVillage is a proud member of Nonprofit Cyber.

Live on Cyber with Dr. Stan Stahl – Live on LinkedIn and Your Favorite Podcast Platform

Are We Just Talking to Ourselves in Cybersecurity? (Video) (Podcast): Smaller organizations, families, and individuals are on the wrong side of the digital divide, and they’re getting eaten alive by scammers and cybercriminals. How do we bridge the information gap from the experts to small businesses and nonprofits? Are we just talking to ourselves in cybersecurity? In this #LiveOnCyber episode, hear what brought Julie, a thought leadership expert, to SecureTheVillage and how SecureTheVillage is addressing security for those without big IT teams. … Want to join the fight for online safety? Learn how LA Cybersecure is helping: … Subscribe to Live on Cyber with Stan Stahl, PhD and Julie Michelle Morris, your weekly 15-min update on the latest in privacy and information security affecting our businesses and the communities we live in!

Section 2 – Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware. 

If you or someone you know is a victim of pig butchering or other investment fraud, talk to your accountant about deducting these losses on your tax return.

  • Scammed by investment fraud? You may be able to deduct losses from taxes: According to IRS guidance, cryptocurrency-related losses are taken as a capital loss. But in certain cases, victims can claim a nonpersonal theft loss which can reduce or zero out their income taxes in the year they discovered the theft. In addition, if their losses exceed their income for that year, they can carry forward the loss to offset 80% of their income in future years. Individuals cannot carry back their losses to prior years to obtain refunds.

Apple’s updates respond to actively exploited vulnerabilities. Keeping devices patched and updated is one of the 5 most important things you can do to stay cyber-safe.

Section 3 – Cybersecurity and Privacy News for the Cyber-Concerned.

Meta is in the news with two stories, neither of which is positive and both of which again confirm that, to Meta, we are the product.

  • Meta Designed Products to Capitalize on Teen Vulnerabilities, States Allege: Newly unredacted documents in complaint by attorneys general show Meta conversations about age, product design and potential harms. … Meta Platforms sought to design its social-media products in ways to take advantage of known weaknesses of young users’ brains, according to newly unredacted legal filings citing internal company documents. … An internal 2020 Meta presentation shows that the company sought to engineer its products to capitalize on the parts of youth psychology that render teens “predisposed to impulse, peer pressure, and potentially harmful risky behavior,” the filings show. … References to the documents were initially redacted in the suit, which was filed in late October by members of a coalition of 41 states and the District of Columbia, alleging that Meta has intentionally built Facebook and Instagram with addictive features that harm young users. Meta approved the filing of an unredacted version on Wednesday. … “Teens are insatiable when it comes to ‘feel good’ dopamine effects,” the Meta presentation shows, according to the unredacted filing, describing the company’s existing product as already well-suited to providing the sort of stimuli that trigger the potent neurotransmitter. “And every time one of our teen users finds something unexpected their brains deliver them a dopamine hit.”
  • Meta Is Struggling to Boot Pedophiles Off Facebook and Instagram: The social-media company has stepped up enforcement, but its algorithms continue to promote problematic content. … Meta Platforms has spent months trying to fix child-safety problems on Instagram and Facebook, but it is struggling to prevent its own systems from enabling and even promoting a vast network of pedophile accounts. … The social-media giant set up a child-safety task force in June after The Wall Street Journal and researchers at Stanford University and the University of Massachusetts Amherst revealed that Instagram’s algorithms connected a web of accounts devoted to the creation, purchasing and trading of underage-sex content. … Five months later, tests conducted by the Journal as well as by the Canadian Centre for Child Protection show that Meta’s recommendation systems still promote such content. The company has taken down hashtags related to pedophilia, but its systems sometimes recommend new ones with minor variations. Even when Meta is alerted to problem accounts and user groups, it has been spotty in removing them.

Related to our Section 2 story on investment scams, here’s a detailed story on the “Pig Butchering” industry.

  • Crypto Scam: Inside the Billion-Dollar ‘Pig-Butchering’ Industry: At a Thai police headquarters in October 2022, Chinese businessman Wang Yicheng congratulated one of Bangkok’s most senior cybercrime investigators on his recent promotion, presenting the official with a large bouquet of flowers wrapped in red paper and a bow. … Wang, the vice president of a local Chinese trade group, wished the new cybercrime investigator “smooth work and new achievements,” according to the group’s website, which displays photographs of the event. … Over the past two years, Wang has forged relationships with members of Thailand’s law-enforcement and political elite, the trade group’s online posts show. During that time, a cryptocurrency account registered in Wang’s name was receiving millions of dollars linked to a type of cryptocurrency investment scam known as pig butchering, a Reuters investigation has found. … In total, crypto worth more than $90 million flowed into the account between January 2021 and November 2022, according to registration documents and transaction logs reviewed by Reuters. Of that, at least $9.1 million came from a crypto wallet that U.S. blockchain analysis firm TRM Labs said was linked to pig-butchering scams. Two other major crypto-tracking firms also said the account received funds linked to such scams. … The victim of one of the scams was a 71-year-old California man. He sent money to crypto wallets that channeled more than $100,000 into the account in Wang’s name, according to blockchain analysis company Coinfirm. The man’s family told Reuters he lost about $2.7 million, his life savings, after falling prey to someone claiming to be an attractive young woman called Emma. … Erin West, a California prosecutor specializing in cybercrime said many victims in the hundreds of pig-butchering cases she has handled since early 2022 have lost more than $1 million. Many are never able to recover their money. West said at least one victim died by suicide and another attempted suicide. “I’ve never seen this level of absolute devastation,” she added.

A major privacy battle is looming in Congress over extending the surveillance powers in Section 702.

  • A Civil Rights Firestorm Erupts Around a Looming Surveillance Power Grab: Dozens of advocacy groups are pressuring the US Congress to abandon plans to ram through the renewal of a controversial surveillance program that they say poses an “alarming threat to civil rights.” … United States lawmakers are receiving a flood of warnings from across civil society not to be bend to the efforts by some members of Congress to derail a highly sought debate over the future of a powerful but polarizing US surveillance program. … House and Senate party leaders are preparing to unveil legislation on Wednesday directing the spending priorities of the US military and its $831 billion budget next year. Rumors, meanwhile, have been circulating on Capitol Hill about plans reportedly hatched by House speaker Mike Johnson to amend the bill in an effort to extend Section 702, a sweeping surveillance program drawing fire from a large contingent of Democratic and Republican lawmakers favoring privacy reforms. … WIRED first reported on the rumors on Monday, citing senior congressional aides familiar with ongoing negotiations over the bill, the National Defense Authorization Act (NDAA), separate versions of which were passed by the House and Senate this summer. … More than 80 civil rights and grassroots organizations—including Asian Americans Advancing Justice | AAJC, Color of Change, Muslims for Just Futures, Stop AAPI Hate, and United We Dream—signed a statement this morning opposing “any efforts” to extend the 702 program using the NDAA. The statement, expected to hit the inboxes of all 535 members of Congress this afternoon, says that failure to reform contentious aspects of the program, such as federal agents’ ability to access Americans’ communications without a warrant, poses an “alarming threat to civil rights,” and that any attempt to use must-pass legislation to extend the program would “sell out the communities that have been most often wrongfully targeted by these agencies and warrantless spying powers generally.”

Two stories this week on law enforcement activities. Kudos to all those in law enforcement who are doing what they can to protect us from cybercrime.

  • International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war: In an unprecedented effort, law enforcement and judicial authorities from seven countries have joined forces with Europol and Eurojust to dismantle and apprehend in Ukraine key figures behind significant ransomware operations wreaking havoc across the world. … More than 20 investigators from Norway, France, Germany and the United States were deployed to Kyiv to assist the Ukrainian National Police with their investigative measures.
  • Russian developer of Trickbot malware pleads guilty, faces 35-year sentence: A Russian national pleaded guilty in federal court in Cleveland on Thursday to charges related to his involvement in developing and deploying the malicious software known as Trickbot. He faces a maximum penalty of 35 years, the U.S. Department of Justice said. … According to court documents, Vladimir Dunaev, 40, was a member of a cybercriminal organization that deployed Trickbot to steal money and install ransomware on victims’ computers. The group’s victims — including hospitals, schools, and businesses in the U.S. — suffered tens of millions of dollars in losses. … Trickbot, which was taken down last year, is believed to have stolen more than $180 million worldwide. Dunaev was extradited from South Korea to the U.S. in 2021.

This week in cybercrime. First up are all the water systems and factories under attack by Iranian hackers which failed to change default passwords on their logic-controllers. Changing default passwords is basic. It’s remedial cybersecurity. Full stop.  Next up is healthcare giant Henry Schein which seems to have neglected the advice of former Senator Fritz Holling that “there’s no education in the second kick of a mule.”

  • Iran-linked cyberattacks threaten equipment used in U.S. water systems and factories: An Iran-linked hacking group is “actively targeting and compromising” multiple U.S. facilities for using an Israeli-made computer system, U.S. cybersecurity officials say. … The Cybersecurity and Infrastructure Security Agency (CISA) said on Friday that the hackers, known as “CyberAv3ngers,” have been infiltrating video screens with the message “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target.” … The cyberattacks have spanned multiple states, CISA said. While the equipment in question, “Unitronics Vision Series programmable logic controllers,” is predominately used in water and wastewater systems, companies in energy, food and beverage manufacturing, and health care are also under threat. … “These compromised devices were publicly exposed to the internet with default passwords,” CISA said
  • Healthcare giant Henry Schein hit twice by BlackCat ransomware: American healthcare company Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, who also breached their network in October. … Henry Schein is a Fortune 500 healthcare products and services provider with operations and affiliates in 32 countries and a revenue of over $12 billion reported in 2022. … It first disclosed on October 15 that it had to take some systems offline to contain another cyberattack that impacted its business one day before. … More than a month later, on November 22, the company said that some of its apps and the e-commerce platform were again taken down following another attack claimed by BlackCat ransomware.
  • 60 credit unions facing outages due to ransomware attack on popular tech provider: About 60 credit unions are dealing with outages due to a ransomware attack on a widely-used technology provider. … National Credit Union Administration (NCUA) spokesperson Joseph Adamoli said the ransomware attack targeted the cloud services provider Ongoing Operations, a company owned by credit union technology firm Trellance.
  • General Electric, DARPA Hack Claims Raise National Security Concerns: Weapons systems data, AI research, and other classified information may be up for sale, not to mention access to other government agencies. … General Electric and the Defense Advanced Research Projects Agency (DARPA) have reportedly been breached, according to claims on the Dark Web that the organizations’ highly sensitive stolen data is up for sale. … A screen capture from the Dark Web ad shows a threat actor named IntelBroker selling access credentials, DARPA-related military information, SQL files, and more. … GE confirmed to Dark Reading its knowledge of stolen data that’s up for sale and that it’s investigating the issue.
  • Emergency rooms in at least 3 states diverting patients after ransomware attack: Ardent Health Services, which oversees 30 hospitals across the U.S., said Monday that it had been the victim of a severe ransomware attack in Oklahoma, New Mexico and Texas, forcing it to take action
  • Staples confirms cyberattack behind service outages, delivery issues: American office supply retailer Staples took down some of its systems earlier this week after a cyberattack to contain the breach’s impact and protect customer data.

Section 4 – Managing  Information Security and Privacy in Your Organization.

Telling stories is basic to human existence. It’s how we connect to each other. It’s how we learn from each other. And it’s vital role in creating a cybersecure culture is too often overlooked.

  • The Power of Storytelling in Cybersecurity Training: Companies have spent millions of dollars training employees to stay safe from phishing. But to a large extent, it isn’t working. … They might consider a powerful but underused weapon: storytelling. … When employees tell each other about the time they fell for a scam, it carries more weight than when an expert tells them the same thing

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge