This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate. … This week marks the start of our 15th year of publishing the Cybersecurity News of the Week & Patch and Update Report.
Stan’s Top of the News
This week we highlight three stories that illustrate the deep challenges to democracy being wrought by the introduction of applications based on artificial intelligence. These apps make it easy to create and deliver misinformation and disinformation at scale. We can be certain that America’s enemies – both domestic and abroad – will seek to exploit these apps in the 2024 election.
In the Times story, ChatGPT was asked by researchers at NewsGuard to write responses based on false and misleading ideas, the bot complied about 80 percent of the time. In one example, researchers asked ChatGPT to write in the voice of Alex Jones, the conspiracy theorist behind Infowars. In another, researchers at NewsGuard asked for vaccine misinformation in the voice of Joseph Mercola, an anti-vaccine doctor. In the ABC News story, an altered video appears to show President Biden attacking transgender people. And in the third article, seemingly real newscasters are a fake news show broadcast on social media by China.
- Disinformation Researchers Raise Alarms About A.I. Chatbots:Researchers used ChatGPT to produce clean, convincing text that repeated conspiracy theories and misleading narratives. … Soon after ChatGPT debuted last year, researchers tested what the artificial intelligence chatbot would write after it was asked questions peppered with conspiracy theories and false narratives. … The results — in writings formatted as news articles, essays and television scripts — were so troubling that the researchers minced no words. … “This tool is going to be the most powerful tool for spreading misinformation that has ever been on the internet,” said Gordon Crovitz, a co-chief executive of NewsGuard, a company that tracks online misinformation and conducted the experiment last month. “Crafting a new false narrative can now be done at dramatic scale, and much more frequently — it’s like having A.I. agents contributing to disinformation.” The New York Times, February 8, 2023
- New AI voice-cloning tools ‘add fuel’ to misinformation fire: An altered video that shows President Joe Biden making comments that attack transgender people was created with a new generation of artificial intelligence tools. … In a video from a Jan. 25 news report, President Joe Biden talks about tanks. But a doctored version of the video has amassed hundred of thousands of views this week on social media, making it appear he gave a speech that attacks transgender people. … Digital forensics experts say the video was created using a new generation of artificial intelligence tools, which allow anyone to quickly generate audio simulating a person’s voice with a few clicks of a button. And while the Biden clip on social media may have failed to fool most users this time, the clip shows how easy it now is for people to generate hateful and disinformation-filled “deepfake” videos that could do real-world harm. … “Tools like this are going to basically add more fuel to fire,” said Hafiz Malik, a professor of electrical and computer engineering at the University of Michigan who focuses on multimedia forensics. “The monster is already on the loose.” ABC News, February 10, 2022
- Research: Deepfake ‘News Anchors’ in Pro-China Footage: The “news broadcasters” appear stunningly real, but they are AI-generated deepfakes in first-of-their-kind propaganda videos that a research report published Tuesday attributed to Chinese state-aligned actors. … The fake anchors — for a fictitious news outlet called Wolf News — were created by artificial intelligence software and appeared in footage on social media that seemed to promote the interests of the Chinese Communist Party, U.S.-based research firm Graphika said in its report. … “This is the first time we’ve seen a state-aligned operation use AI-generated video footage of a fictitious person to create deceptive political content,” Jack Stubbs, vice president of intelligence at Graphika, told AFP. VOA, February 8, 2023
How Hackable Are You? Take our test. Find out how hackable you are and download our free 8-step guide.
- How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basics. Please take our short quiz as your answers will help you and guide us to improve community safety.
Upcoming events. Please join us.
- SecureTheVillage in collaboration with the CA Department of Financial Protection and Innovation (DFPI) is hosting a cybersecurity threat briefing with FBI SSA Michael Sohn. The briefing is specifically designed for financial institutions and other fintech organizations. Information Security Threat Briefing – A DFPI / FBI / SecureTheVillage Collaboration, February 24, 8:30AM PT.
Cyber Humor … Happy Valentines Day
Cybersecurity Nonprofit of the Week … Open Cybersecurity Alliance
Kudos this week to the Open Cybersecurity Alliance (OCA). The Alliance works with other organizations to make sure cybersecurity tools work effectively with the other technology buried deep inside the Internet. That the Internet is as secure as it is owes a lot to OCA and their commitment to Internet security. We’re happy to spotlight OCA so our readers can better appreciate the work being done by nonprofits like OCA. Like SecureTheVillage, the Open Cybersecurity Alliance is a member of Nonprofit Cyber.
Live on Cyber with Dr. Stan Stahl – Live on LinkedIn and Your Favorite Podcast Platform
Live on Cyber with Dr. Stan Stahl: (Video) (Podcast): “What we have here is a failure to communicate.” Strother Martin to Paul Newman in Cool Hand Luke. A related quote often attributed to George Bernard Shaw, “The single biggest problem in communication is the illusion that it has taken place.” Join Julie and me as we riff on this all-too common challenge: what we say doesn’t always convey what we mean. As always, we provide actionable tips and thoughtful wisdom in a fun conversation on the complexities of cybersecurity and privacy.
Section 2 – Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.
This week’s scams. Please be careful. And warn others.
- Anaconda woman shares story to help others after scammers wipe out savings: MISSOULA, Mont. — Retired nurse Susan Bivins runs her quilting business from the enclosed porch of her small home in Anaconda. … The space is much smaller than she’s used to, but she gazes out the window while finding her gratitude in the little things and says, “This is a nice room, a nice porch, the sun shining in here is so lovely.” … Last year, Bivins was forced to downsize from her dream home after falling victim to an elaborate, socially engineered phone scam that wiped out her retirement savings. NBC Montana, February 10, 2023
- New Report Shows More Teens Are Falling for Online Scams. Here’s the 4 Common Cons: The study was done by Social Catfish, a company dedicated to preventing online scams through reverse search technology. … A new report shows tech-savvy teens are falling for online scams at higher rates than seniors. … And although seniors still remain the most victimized group overall, the surge in money lost by victims under 20 year old’s grew by 1,126-percent in the last five years. … More than $101 million was lost in online scams in 2021 alone, by people under the age of 20. NBC10 Boston, January 16, 2023
- Scammer Used Eventbrite to Peddle Fake Dinner In SF: Beware that not all things on Eventbrite can be trusted! A San Francisco chef was recently alerted to a phony wine dinner being advertised at his Noe Valley restaurant, and it took a few days for him to get Eventbrite to pull it down. … Chef Telmo Faria, chef-owner of Portuguese restaurant Uma Casa in Noe Valley, posted to Instagram and reached out to BrokeAss Stuart to say that a customer had messaged him to ask a few questions about an upcoming five-course dinner, advertised for February 8. The scammer(s) had apparently taken an image from a flyer for a dinner the restaurant hosted in October with a Portuguese wine producer, advertising this five-course dinner with tickets for sale on Eventbrite — saying tickets were $22-$62. (That should have been the first clue this was fake, as the original dinner cost $125 per person.) Sfist, February 6, 2023
- CONSUMER ALERT: New York Department of State’s Division of Consumer Protection Alerts New Yorkers About Romance Scams: As Valentine’s Day Approaches, Learn How to Recognize and Prevent Romance and Sextortion Scams. … Secretary Robert J. Rodriguez: “Romance scams can hurt financially and emotionally, and this Valentine’s Day, I encourage New Yorkers who are looking for love online to follow basic safety tips to protect themselves and their hard-earned money from scammers.” New York State Consumer Protection, February 10, 2023
- ‘Phishing-as-a-service’ kits are driving an uptick in theft: What you can learn from one business owner’s story: Small business owner Cody Mullenaux fell victim to cybercriminals who used sophisticated technology to convince him they were from the Chase fraud department and stole more than $120,000 in wire transfer scam. … The criminals also tricked a Chase employee by successfully impersonating Mullenaux when they called to authorize the fraudulent wire transfers. … Cybersecurity experts warn of uptick in sophisticated multiprong attacks using “phishing-as-a-service” kits. They predict the threat will only get worse this year. CNBC, February 6, 2023
- New Jersey enforces cease and desist orders against three ‘pig butcher’ scammers{ These cybercriminals reach out to romance-seekers from dating apps like Tinder before convincing them to invest in their fraudulent cryptocurrency investment schemes. … The New Jersey Bureau of Securities has ordered three website operators to stop luring romance-seeking victims into their fraudulent cryptocurrency investment schemes. … All three firms claimed to be cryptocurrency trading platforms, where they would entice victims into copying the trades of their “expert traders” so that they could make big returns. … These firms bring in victims by reaching out to romance seekers on dating apps like Tinder through what is known as the “pig butchering” scam. Cointelegraph, February 5, 2023
Be prepared for when you lock yourself out.
- So, You’re Locked Out of Multi-Factor Authentication. Now What?: You did everything right and secured your account with multi-factor authentication, but now you’ve managed to lock yourself out. Here’s how to escape this predicament. … Multi-factor authentication (MFA) is simply the best thing you can do to keep bad guys from accessing your accounts. But what happens if you lose your security key, delete your authenticator app, or lose all your devices and can’t prove you’re you? It’s a nightmare scenario, but don’t panic! Here’s what to do when this bad dream becomes a reality. PC Magazine, February 10, 2023
Section 3 – Cybersecurity News for the Cyber-Concerned.
Here’s a follow-up to our lead story last week. That was an essay in Foreign Affairs by CISA Director Jen Easterly and Eric Goldstein, the agency’s executive assistant director for cybersecurity, where they laid out their challenge to the tech industry to do a better job of building security and privacy into their products.
- How CISA plans to get tech firms to bake security into their products: The Cybersecurity and Infrastructure Security Agency (CISA) is pressing ahead on its push for technology manufacturers to make their products secure as they design them — and to make their default settings secure when consumers buy them. … The push comes as CISA leaders highlight what they consider a key problem in cybersecurity: For many technology makers, it’s more important to get a product out quickly than to develop it with security in mind. … CISA plans to identify what “secure-by-design” and “secure-by-default” means, so everyone can shoot for those goals, agency officials told me in an interview last week. … They also plan to hail success stories in the tech industry, they said. The Washington Post, February 6, 2023
The cyber-insurance market continues in turmoil.
- Insurers Say Cyberattack That Hit Merck Was Warlike Act, Not Covered: Merck wants to be paid under what is known as an all-risks policy. Such policies are broadly written to cover a range of changing circumstances. … The costly NotPetya cyberattack, which the U.S. blamed on Russia, should be considered a “cyber nuclear attack,” insurers argued as they urged judges to overturn a legal win by Merck & Co. in a dispute that could have broad ramifications for business insurance. … Merck, which had an estimated $1.4 billion in losses after NotPetya invaded its computer systems in 2017, suffered the collateral damage of a warlike act not covered by insurance, lawyers for a group of carriers told judges Wednesday in a state appeals court in Trenton, N.J. The Wall Street Journal, February 8, 2023
We have several cybercrime stories to report on this week, including another story of how cybercrimes against American businesses continue to fund North Korea’s economy.
- North Korean Hackers Targeting Healthcare with Ransomware to Fund its Operations: State-backed hackers from North Korea are conducting ransomware attacks against healthcare and critical infrastructure facilities to fund illicit activities, U.S. and South Korean cybersecurity and intelligence agencies warned in a joint advisory. February 10, 2023
- City of Oakland hit with ransomware attack of unknown severity: On Friday afternoon, a city of Oakland spokesperson confirmed that the city is the target of an ongoing ransomware attack, the full severity and scope of which are still unclear. … “The City is following industry best practices and developing a response plan to address the issue,” the spokesperson wrote. “In an abundance of caution, [the Information Technology Department] has taken affected systems offline while they work to secure and restore services safely. In the meantime, the public should expect delays from the City as a result. We are actively monitoring the situation and sending updated information as it becomes available.” SF Gate, February 10, 2023
- December ransomware attack leads to massive data breach from California health network: A network of healthcare facilities across California reported a data breach last week after suffering from a ransomware attack in December. … Some of the medical groups within the Heritage Provider Network posted notices on their websites and sent out notification letters on February 1 to more than 3.3 million patients informing them of a data breach that involved names, Social Security numbers, phone numbers and dates of birth, as well as information related to treatment, such as lab test results, prescription data, radiology reports and health plan numbers. The Record, February 10. 2023
- Royal Mail faces threat from ransomware group LockBit: UK’s Royal Mail is facing a threat from ransomware group LockBit, according to information published on a website, at a time when the British postal and parcel firm is grappling with the fallout of a “cyber incident” from last month. Reuters, February 7, 2023
We conclude this section with three stories reflecting how deeply information security and privacy have become embedded in the battle of freedom and democracy against autocracy. Treat them as counterpoints to our lead stories and to CISA’s important work to build security and privacy into our technology.
- What is hybrid warfare? Inside the centre dealing with modern threats: Mysterious underwater explosions, anonymous cyber attacks and subtle online campaigns to undermine Western democracies – these are all “hybrid threats”. The BBC visited a centre dedicated to targeting a relatively new form of warfare which is increasingly concerning Nato and the EU. … “It is about manipulation of the information space. It’s about attacks on critical infrastructure,” explains Teija Tiilikainen, when asked to define hybrid warfare. … She is director of the European Centre of Excellence for Countering Hybrid Threats (Hybrid CoE), which was established in Helsinki, Finland, six years ago. … Ms Tiilikainen says it is an ambiguous threat format, which is something nations find very difficult to counter and protect themselves against. … But these threats are very real. BBC News, February 6, 2023
- Pegasus spyware journalists had to take extreme measures to avoid becoming victims: Pegasus spyware journalists Laurent Richard and Sandrine Rigaud were the first to discover an extensive list of specific people being targeted by NSO’s clients. In working on the story, they said they had to take extreme privacy precautions to avoid their own devices being compromised. … Excerpts from their interview with Bloomberg about their upcoming new book, Pegasus: How a Spy In Your Pocket Threatens the End of Privacy, Dignity, and Democracy (Apple Books, Amazon Kindle). 9TO5Mac, February 6, 2023
- US and UK sanction Russian cybercriminal gang accused of infecting millions of computers worldwide: The US and UK governments on Thursday sanctioned six Russians and one Ukrainian for their alleged involvement in an infamous Russia-based cybercrime network that infected millions of computers worldwide, including those in American hospitals. … The sanctions target seven alleged core members of a cybercrime gang known as Trickbot, whose eponymous hacking tool has for years stalked US critical infrastructure, the US Treasury Department said in a statement. … The malicious code has often been used to deploy ransomware – locking computers until hackers are paid off. The Pentagon grew concerned enough about the potential for Trickbot-enabled ransomware to disrupt voting that the US military hackers knocked some Trickbot infrastructure offline ahead of the 2020 election. CNN Politics, February 9, 2023
Section 4 – Managing Information Security and Privacy in Your Organization.
Here’s another story illustrating the critical importance of patching and updating systems. There’s a vulnerability in VMWare for which a patch has been available for some time. After several organizations that failed to patch the vulnerability fell victim to ransomware attack, CISA was able to develop a decryptor to help companies recover from the attack. Not to be beaten, the cybercriminals have now modified their exploit so CISA’s tool no longer works. Patch and update folks. Patch and update.
- New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool: After the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The Hacker News, February 11, 2023
