Cybersecurity News of the Week, February 25, 2024

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Top of the News

This week’s Top of the News is personal. I’m incredibly proud of our team at SecureTheVillage as we launched our first cohort. I’m thankful to our partners, Sightline Security and the Cyber Readiness Institute, for their support. And I’m profoundly grateful to the Center for internet Security and their Alan Paller Laureate Program for their support. It takes a village …

  • Small Businesses and Nonprofits in LA Get Cybercrime Support As First Cohort Kicks Off Through Innovative Pilot Program: SecureTheVillage’s innovative LA Cybersecure Program Provides Education, Tools, and Coaching to Empower Small Businesses and Nonprofits to Defend Themselves in a way that, until now, only Big Businesses have Been Able to Achieve. … In October, 2023, in this press release, the Los Angeles nonprofit SecureTheVillage announced the LA Cybersecure Pilot Program to help teach small and midsize businesses and nonprofits how to understand, assess, and set their own roadmap to mitigate cybercrime. Five Participant organizations are participating in a community-based program to measurably improve their cybersecurity capabilities. Upon completion of the program, each Participant will receive a Cyberguardian™ Certificate of Completion. … On Wednesday, January 17, the Pilot officially kicked off the first Cohort. The meeting was led by Stan Stahl, PhD, Founder and President of SecureTheVillage. In that introductory meeting, the five small business and nonprofit participants got to know each other and their coaches. Stahl described the goals of the program and our strategy. He then turned the meeting over to Kelley Misata, PhD, founder and President of Sightline Security. The cohort is following Sightline’s proven Kickstart Program. … As described in October, the program is partially funded by the Center for Internet Security’s Alan Paller Laureate Program. The program aims to enhance cybersecurity practices among small organizations, equipping them to better defend against cybercrime. Small business and nonprofit Cohorts will complete the Sightline Security’s and Cyber Readiness Institute’s programs as part of their education. … The Program commences with a cybersecurity assessment conducted by Sightline Security. It is followed by a Certificate of Completion from the Cyber Readiness Institute. With these in hand, Participants will develop their own customized road map for improvements. The final 3 months of the program, Participants will work to implement these improvements.

Small and Midsize Organizations. Take your security to the next level. Apply Now! If you’re a small business, nonprofit, or IT / MSP in the greater Los Angeles area, apply NOW for LA Cybersecure, a pilot program with coaching and guidance that costs less than two cups of coffee a week. The LA Cybersecure Pilot Program is funded by a grant from the Center for Internet Security (CIS) Alan Paller Laureate Program.

Family Protection Newsletter: Did you know we created the Family Protection Newsletter for non-cyber experts? For your parents, friends, those who need to protect themselves in a digital world. Sign up or share with a friend! Click here to learn more and quickly add to your free subscription! 

How Hackable Are You? Take our test. Find out how hackable you are and download our free updated 13-step guide.

  • How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basics. Please take our short test as your answers will help you and guide us to improve community safety.

Upcoming events. Please join us.

  • Los Angeles Cybersecurity Workforce Coalition: The monthly meeting of the workforce coalition, Tue, March 5, 1:00 pm – 2:00 pm PT. The LA Cybersecurity Workforce Coalition is for employers, educators, government, nonprofits, and others with a professional interest in the cybersecurity workforce challenge.

Quick Survey. Please Help the Cyber Readiness Institute.

The Cyber Readiness Institute (CRI) is conducting a survey to gauge the state of cyber readiness among small and medium-sized businesses (SMBs). The non-profit organization is asking SMBs, as well as cross section of industry experts to participate to better understand the awareness of cyber issues, the implementation of cyber hygiene practices, and the incentives that drive SMBs. The survey will run until the end of February. We encourage you to take just 10 minutes to share your perspectives. Your input will help CRI advocate for improved cybersecurity preparedness among SMBs. Here is the link to the survey:

Please Support SecureTheVillage.

  • We need your help if we’re to build a world of CyberGuardiansTM. Please donate to SecureTheVillage. Thank you. It takes a village to secure the village. TM

Cyber Humor

Cybersecurity Nonprofit of the Week … Nonprofit Cyber

Happy second anniversary and great kudos to Nonprofit Cyber. Nonprofit Cyber is a 40-member coalition of cybersecurity nonprofits focused on tangible results.  Coalition members collaborate, work together on projects, voluntarily align activities to minimize duplication and increase mutual support, and link the community to key stakeholders with a shared communication channel. Nonprofit Cyber has compiled the Nonprofit Cyber Solutions Index, a comprehensive index of actual cybersecurity capabilities provided by the nonprofit community. In particular, the index identifies a large selection of free or low-cost cybersecurity capabilities for individuals, small businesses, and others left behind in the current environment. SecureTheVillage is a proud member of Nonprofit Cyber.

Live on Cyber with Dr. Stan Stahl – Live on LinkedIn and Your Favorite Podcast Platform

More afraid of the sheriff than the cybercriminal: (Video) (Podcast): Why do you stop at a stop signs. Is it because you’re afraid of getting a ticket? Or because you’re afraid of getting into an accident? As the costs and consequences of cybercrime continue to rise, what do we need to do to HELP our smaller businesses stay out of accidents? … Join Stan Stahl, PhD and Julie Michelle Morris this week on Live on Cyber as they discuss the Cyber Readiness Institute’s Cyber Readiness Program and SecureTheVillage’s LA Cybersecure Pilot Program. Both are great opportunities for smaller organizations to learn to drive safely on the Information Superhighway. … Subscribe to your weekly 15-min update on the latest in information security and privacy affecting our businesses and the communities we live in!

Section 2 – Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware. 

  • Why Gen Z Is Surprisingly Susceptible to Financial Scams: The internet reacted in horror last week at the story of how a financial-advice columnist at The Cut lost $50,000 in a scam, but for many young adults, the tale may be uncomfortably familiar. … While younger, digital savvy folks may be adept at using the internet, Generation Z—born between 1995 and 2012—is more than three times as likely to fall for online scams compared to baby boomers, per a 2023 Deloitte report.
  • How to teach your kids to spot a scam on their first phone: Kids can be vulnerable to certain kinds of online scams—especially on their first phone. But they can learn to spot them, too. An IT specialist and parent shares her tips. … It’s 6 PM on a Friday night, and my son comes to me with his head held low and says he just got scammed and now he can’t access an online account. The next day, a friend’s daughter reaches out to say she got scammed out of $300 online marketplace. … Online scams are everywhere, and they’re increasingly difficult to spot. In fact, even the most experienced adult can fall for these scams. They might be embarrassing to discuss, but we need to talk to our kids about the online scams we fall for, what kinds of scams are out there and how to outsmart them. … Here are the five key points I talk through with my kids that help them stay aware.

Section 3 – Cybersecurity and Privacy News for the Cyber-Concerned.

National Cybersecurity: Several China stories lead this week’s National Security News.

  • As China Expands Its Hacking Operations, a Vulnerability Emerges: New revelations underscore the degree to which China has ignored, or evaded, U.S. efforts to curb its extensive computer infiltration efforts. … U.S. officials say that a network of contractors used by China for computer infiltration campaigns is weakened by economic problems and rampant corruption in the country. … The Chinese hacking tools made public in recent days illustrate how much Beijing has expanded the reach of its computer infiltration campaigns through the use of a network of contractors, as well as the vulnerabilities of its emerging system. … The new revelations underscore the degree to which China has ignored, or evaded, American efforts for more than a decade to curb its extensive hacking operations. Instead, China has both built the cyberoperations of its intelligence services and developed a spider web of independent companies to do the work.
  • Leaked Files Show the Secret World of China’s Hackers for Hire: China has increasingly turned to private companies in campaigns to hack foreign governments and control its domestic population. … The hackers offered a menu of services, at a variety of prices. … A local government in southwest China paid less than $15,000 for access to the private website of traffic police in Vietnam. Software that helped run disinformation campaigns and hack accounts on X cost $100,000. For $278,000 Chinese customers could get a trove of personal information behind social media accounts on platforms like Telegram and Facebook. … The offerings, detailed in leaked documents, were a portion of the hacking tools and data caches sold by a Chinese security firm called I-Soon, one of the hundreds of enterprising companies that support China’s aggressive state-sponsored hacking efforts. The work is part of a campaign to break into the websites of foreign governments and telecommunications firms. … The materials, which were posted to a public website last week, revealed an eight-year effort to target databases and tap communications in South Korea, Taiwan, Hong Kong, Malaysia, India and elsewhere in Asia. The files also showed a campaign to closely monitor the activities of ethnic minorities in China and online gambling companies.
  • Biden Plans To Spend Billions Replacing China-Made Cranes at US Ports: The United States will invest tens of billions of dollars to boost maritime cybersecurity around its strategic seaports, including by replacing China-made container cranes that officials believe could leave American infrastructure vulnerable to sabotage. … Foreign-manufactured ship-to-shore cranes, in particular those built by China’s state-owned ZPMC, have been a national security concern for several years. The heavy industries company is the world’s largest crane maker, whose machines account for nearly 80 percent of the lifting equipment used at U.S. ports, according to official estimates. … “By design, these cranes may be controlled, serviced, and programmed from remote locations. These features potentially leave PRC-manufactured cranes vulnerable to exploitation,” said Rear Adm. Jay Vann, head of the U.S. Coast Guard’s cyber command, referring to the People’s Republic of China. … Cranes are part of the Marine Transportation System (MTS) that enable “critical national security sealift capabilities that enable the U.S. Armed Forces to project and maintain power around the globe,” Vann said. “Any disruption to the MTS, whether man-made or natural, physical or in cyberspace, has the potential to cause cascading impacts to our domestic or global supply chains.” … Vann’s comments were made at a press call on Tuesday, a day before the White House announced President Joe Biden‘s plan to put $20 billion toward strengthening cybersecurity in maritime infrastructure, using funds from the $1 trillion bipartisan infrastructure deal passed in 2021.
  • Former NSA chief calls for alternative approach to cyberdefense: The U.S. and its allies need to step back and reassess which strategies are working in cyber and what needs to be changed, according to Michael Rogers, former director of the U.S. National Security Agency. … Addressing the audience at the Munich Cyber Security Conference on Friday, Rogers said that with Western countries experiencing record levels of ransomware, penetrations, and successful data extortions last year, it is necessary to explore alternative approaches in cyber defense. … Continuing with the same strategies and expecting different outcomes is a low-probability success strategy,” he added. … Among the things which, in Rogers’s opinion, need to change in how countries respond to cyber incidents or defend themselves from threat actors is to shift the focus from “effort” to “performance.” … “Don’t tell me how much money you spent or how many people are working on the problem — what I’m interested in are metrics that indicate those efforts are translating into successful outcomes,” Rogers said. “By focusing on metrics, we’re able to identify whether we are succeeding or not.”
  • How the FBI and CISA look to mature the government’s top ransomware task force: Nearly two years after its creation, a task force meant to streamline federal efforts to combat ransomware hopes to further cement how the government handles key aspects of such attacks and do a better job trumpeting its contributions to the broader fight. … The goals mark what the leaders of the Joint Ransomware Task Force, co-led by the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, see as the natural evolution of the organization as its various working groups begin to bear fruit and it looks at better ways to raise awareness of its efforts. … “What we’re trying to build through the JRTF is really a collaborative cycle in which we are identifying the ransomware groups” and how they target U.S. critical infrastructure and businesses, Eric Goldstein, CISA’s executive assistant director for cybersecurity, said during a recent interview. … That data can then be used to “drive a whole of government, and in fact a whole of society response, such that CISA can use that information to notify possible victims before incidents happen.”

Three stories illustrating the evolving cyber threat landscape.

  • Cyber Threats Against Heavy Industry Intensify: Ransomware attacks against manufacturers, utilities and other industrial companies were up 50% last year. … The pace and sophistication of cyberattacks against industrial companies are escalating rapidly, as administration officials warn that nation-states are heavily targeting U.S. critical infrastructure sectors. … Ransomware attacks against industrial companies increased by around 50% last year, according to an annual report from cybersecurity company Dragos published Tuesday, which tracked 905 strikes. 
  • New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide: North Korean state-sponsored threat actors have been attributed to a cyber espionage campaign targeting the defense sector across the world. … In a joint advisory published by Germany’s Federal Office for the Protection of the Constitution (BfV) and South Korea’s National Intelligence Service (NIS), the agencies said the goal of the attacks is to plunder advanced defense technologies in a “cost-effective” manner.
  • Why Data Breaches Spiked in 2023: In spite of recent efforts to beef up cybersecurity, data breaches — in which hackers steal personal data — continue to increase year-on-year: there was a 20% increase in data breaches from 2022 to 2023. There are three primary reasons behind this increased theft of personal data: (1) cloud misconfiguration, (2) new types of ransomware attacks, and (3) increased exploitation of vendor systems. Fortunately, there are ways to reduce the impact of each of these factors.

Meanwhile, law enforcement has launched a major attack on the LockBit gang. Whack-a-mole? Or something more?

  • LockBit takedown: Police shut more than 14,000 accounts on Mega, Tutanota and Protonmail: The law enforcement operation to dismantle the LockBit ransomware service has announced shutting more than 14,000 accounts on third-party services used by affiliated criminals. … Accounts on file-hosting service Mega and encrypted email providers Tutanota and Protonmail were used “for exfiltration or infrastructure,” according to a post on LockBit’s seized darkweb domain.Analysis of these accounts by Europol’s European Cybercrime Centre showed that some were also used in attacks using other ransomware variants, indicating they were operated by affiliates — the hackers using the LockBit platform. … “With each account representing a conduit for ill-gotten gains, this coordinated action strikes at the heart of cybercriminal operations, severely hampering their ability to profit from their nefarious activities,” states the LockBit .onion site, now controlled by British officials.
  • U.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware Leaders: The U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders within the LockBit ransomware group and the arrest of any individual participating in the operation.
  • Authorities Claim LockBit Admin “LockBitSupp” Has Engaged with Law Enforcement: LockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, “has engaged with law enforcement,” authorities said.

Two stories on privacy. An FTC fine for a privacy violation and another illustration of why Congress must act.

  • What Happens to Your Sensitive Data When a Data Broker Goes Bankrupt?: Data on sensitive locations, such as abortion clinics, could be sold off, raising alarms. … In 2021, a company specializing in collecting and selling location data called Near bragged that it was “The World’s Largest Dataset of People’s Behavior in the Real-World,” with data representing “1.6B people across 44 countries.” Last year the company went public with a valuation of $1 billion (via a SPAC). Seven months later it filed for bankruptcy and has agreed to sell the company. … But for the “1.6B people” that Near said its data represents, the important question is: What happens to Near’s mountain of location data? Any company could gain access to it through purchasing the company’s assets. … The prospect of this data, including Near’s collection of location data from sensitive locations such as abortion clinics, being sold off in bankruptcy has raised alarms in Congress. Last week, Sen. Ron Wyden wrote the Federal Trade Commission (FTC) urging the agency to “protect consumers and investors from the outrageous conduct” of Near, citing his office’s investigation into the India-based company. 
  • Avast fined $16.5 million for ‘privacy’ software that actually sold users’ browsing data: For years, the antivirus software company harvested information from users’ web browsers without their consent. … Avast, the cybersecurity software company, is facing a $16.5 million fine after it was caught storing and selling customer information without their consent. The Federal Trade Commission (FTC) announced the fine on Thursday and said that it’s banning Avast from selling user data for advertising purposes.

This week in cybercrime, including a major cyberattack on health care giant, UnitedHealth. The attack is affecting hospitals and pharmacies across much of the country.

  • Hospitals and Pharmacies Reeling After Change Healthcare Cyberattack: Healthcare organizations forced to revert to manual procedures after Change Healthcare, part of Optum, disconnects services. … Pharmacies warned of long waits for customers and U.S. military clinics worldwide have been affected after a cyberattack against one of the country’s largest prescription processors rolled into a third day of downtime. … Health industry experts said that a cyberattack against Change Healthcare, part of insurer UnitedHealth Group’s Optum business, could have severe and lasting consequences should outages continue past the weekend. … “It’s a mess, and I believe it’s our Colonial Pipeline moment in healthcare,” said Carter Groome, chief executive of healthcare-focused consulting firm First Health Advisory, referring to a 2021 cyberattack that forced the major fuel artery for the U.S. East Coast to shut down for six days, causing long lines at gas stations. … Change Healthcare was merged with Optum, a healthcare provider, in 2022 by UnitedHealth. Change Healthcare provides prescription processing services through Optum, which supplies technology services for more than 67,000 pharmacies and care to 129 million individual customers. … Parent company UnitedHealth said Thursday in a regulatory filing with the U.S. Securities and Exchange Commission that it identified a cyberattack affecting systems at Change Healthcare on Wednesday. The company suspects a nation-state was behind the attack, the filing said.
  • Hackers Claim Data Breach at Staffing Giant Robert Half, Sell Sensitive Data: Deja vu at Robert Half? Notorious hackers claim responsibility as the staffing giant makes headlines for yet another alleged data breach in two years. … The hackers, infamously known as IntelBroker and Sanggiero, claim to possess a trove of data from Robert Half, which is being sold for $20,000 in Monero (XMR) cryptocurrency.

Section 4 – Managing  Information Security and Privacy in Your Organization.

  • Hackers are exploiting ConnectWise flaws to deploy LockBit ransomware, security experts warn: Security experts are warning that a pair of high-risk flaws in a popular remote access tool are being exploited by hackers to deploy LockBit ransomware. … Researchers at cybersecurity companies Huntress and Sophos told TechCrunch on Thursday that both had observed LockBit attacks following the exploitation of a set of vulnerabilities impacting ConnectWise ScreenConnect, a widely used remote access tool used by IT technicians to provide remote technical support on customer systems.

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge