Cybersecurity News of the Week, February 5, 2023

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Top of the News

Jen Easterly, Director of CISA (Cybersecurity and Infrastructure Security Agency) has an excellent overview of how America can meet its cybersecurity challenges with an “all hands on deck” approach including government, technology providers, smaller businesses, and the people. The article’s length is matched by it comprehensiveness and well worth the time to read.

  • Stop Passing the Buck on Cybersecurity: Despite a global multibillion-dollar cybersecurity industry, the threat from malicious cyber-activity, from both criminal and state actors, continues to grow. While many cyber incidents are never reported by their victims, Verizon’s 2022 Data Breach Investigations Report noted that ransomware attacks rose 13 percent that year—more than the past five years combined. These breaches included attacks that threatened public health and safety, with several hospitals across the United States forced to cancel surgeries and divert patients because they were locked out of their systems. … What the United States faces is less a cyber problem than a broader technology and culture problem. The incentives for developing and selling technology have eclipsed customer safety in importance—a trend that is not unique to software and hardware industries but one that has particularly pernicious effects because of the ubiquity of these technologies. As Americans have integrated technology into nearly every facet of their lives, they have unwittingly come to accept that it is normal for new software and devices to be indefensible by design. They accept products that are released to market with dozens, hundreds, or even thousands of defects. They accept that the cybersecurity burden falls disproportionately on consumers and small organizations, which are often least aware of the threat and least capable of protecting themselves. … Americans need a new model, one they can trust to ensure the safety and integrity of the technology that they use every hour of every day. Problems should be fixed at the earliest possible stage—when technology is designed rather than when it is being used. Under this new model, cybersecurity would ultimately be the responsibility of every CEO and every board. Collaboration would be a prerequisite to self-preservation. Such a culture shift requires the recognition that a cyberthreat to one organization is a threat to all organizations. … The ultimate goal, however, is to dramatically improve product safety, so technology customers rarely need to secure their systems on their own. Although some safety measures will become as easy to use as a seatbelt, most organizations should be protected before they even “buckle up.” This basic level of security will not be achieved under today’s failing model. It is time for a new approach, and if the government and the private sector can build trust and work together, cyberspace can become safer for everyone. Foreign Affairs, February 1, 2023

Are You Cyber-Prepared? How Hackable Are You? Take our test. Find out how hackable you are and download our free 8-step guide for protecting yourself and your family from hackers.

  • How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basics. Please forward the quiz to your colleagues, friends, and neighbors. Let’s get everyone cyber-prepared!!!

Cyber Humor 

Cybersecurity Nonprofit of the Week  …  CyberPeace Institute

Kudos this week to the CyberPeace Institute, an independent and neutral nongovernmental organization whose mission is to ensure the rights of people to security, dignity and equity in cyberspace. Through its Cyber Attacks in Times of Conflict Platform #Ukraine, the CyberPeace Institute is tracking cyberattacks and operations targeting critical infrastructure and civilian objects in Ukraine. Like SecureTheVillage, the CyberPeace Institute is a member of Nonprofit Cyber.

Live on Cyber with Dr. Stan Stahl – Live on LinkedIn

Live on Cyber with Dr. Stan Stahl: Julie and I both had crazy weeks and weren’t able to coordinate schedules for our weekly conversation. This is from two weeks ago in case you missed it. … Tom Stoppard, in his play “Arcadia,” describes the scientific ferment of the 1820s as follows: “A door like this has cracked open five or six times since we got up on our hind legs. It’s the best possible time to be alive when almost everything you thought you knew is wrong.” Here we are again 200 year later where “everything we thought we knew is wrong”  as we work to achieve a future where people protect their information and privacy because they want to, they know how to, and they have the political clout to do so. Join Julie and me as we explore securing the village.  As always, we provide actionable tips and thoughtful wisdom in a fun conversation on the complexities of cybersecurity and privacy.

Section 2 – Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware. 

Reported romance scams climbed more than 60% between 2019 and 2020 according to data from the Federal Trade Commission. Don’t fall victim. Help those in danger of being victimized. If you know someone you believe may be the victim of a romance scam, help them understand that these scams are real. And if you — or someone you know – is a romance scam victim, please visit the Cybercrime Support Network’s new Peer Support Program, a free confidential program for romance scam survivors.

  • Retirees Are Losing Their Life Savings to Romance Scams. Here’s What to Know: Con artists are using dating apps to prey on lonely people, and older ones are a growing target. In a pattern that accelerated during the isolation of the coronavirus pandemic, romance scams claimed $139 million from adults age 60 and older in 2020, according to data from the Federal Trade Commission, up from $84 million the year before. … In one of the more alarming episodes of what has become a leading type of fraud aimed at older Americans, a Holocaust survivor was swindled out of his life savings of nearly $3 million, according to a federal indictment unsealed in New York last week. The New York Times, February 3, 2023

There’s a new and aggressive “malvertising” campaign affecting the ads displayed on Google search. Click an ad and you’re liable to download malicious software (malware) that will attempt to take control of your computer. Simply put: Don’t trust the ads you see. Don’t click the links. If something looks interesting, note where it claims to be from and enter that into a separate browser window. Caveat Emptor.

  • Until further notice, think twice before using Google to download software: Over the past month, Google has been outgunned by malvertisers with new tricks. … Searching Google for downloads of popular software has always come with risks, but over the past few months, it has been downright dangerous, according to researchers and a pseudorandom collection of queries. … “Threat researchers are used to seeing a moderate flow of malvertising via Google Ads,” volunteers at Spamhaus wrote on Thursday. “However, over the past few days, researchers have witnessed a massive spike affecting numerous famous brands, with multiple malware being utilized. This is not ‘the norm.’” ars technica, February 3, 2023

Skimmers are unnoticeable inserts cybercriminals place in ATM terminals, gas pumps, and point-of-dale terminals. They’re designed to copy and send user information from credit and debit cards to cyber thieves who then sell the credit card information to others for their illegal use. When this happens to the owner of a credit card, the associated bank eats the fraud. When this happens to someone using a state-issued electronic benefits transfer (EBT) card, their money is gone. This is not right. We can fix it this by issuing modern chip-enabled cards. Fairness and justice demands that we do. If you live in California, please notify your state legislators.

  • Scammers Are Stealing Money From EBT Cards, Leaving Low Income Californians With Little Money for Food: Local leaders are calling on the state to distribute safer cards, but no word on if that will happen. … Ingrid Brown relies on her state-issued electronic benefits transfer (EBT) card to buy food. But recently, the money on the card disappeared. All $381. … “I feel upset. And it’s wrong. Because people are going hungry,” she said. … Brown was confused when she learned the money was spent at a grocery store in New York. … “It sucks that the state is supposed to be providing these benefits to the people who need it, and it’s instead going to scammers with seemingly no end in sight,” he said. … USC professor and security expert Clifford Neuman said thieves are stealing the money using a skimmer, a device they attach to ATMs or point-of-sale terminals at grocery stores recipients’ use. Once the thieves have the money, it can be spent anywhere. NBC Mews LA 4, February 1, 2023

Section 3 – Cybersecurity News for the Cyber-Concerned.

This week’s stories of cybercrime all serve to illustrate the importance of the agenda Jen Easterly lays out in our lead story. One of the realities of cybercrime is the collateral damage caused when government can’t manage appraisals, hospitals can’t take patients, global financial markets can’t function, and universities can’t teach students; not to mention the collateral damage of lost business and lost jobs.

  • How much did the Dallas Central Appraisal District pay in a ransomware attack?: On Election Day 2022, Dallas County Chief Appraiser Ken Nolan and his staff showed up for work, but there was an unexpected problem. Nothing worked. … The Dallas Central Appraisal District’s desktop computers, all 300 of them, were frozen. Emails didn’t go through either. The website disappeared. … The only message that came through was from the world’s No. 1 cyber extortion group – Royal Ransomware. The Dallas Morning News, February 3, 2023
  • Tallahassee hospital diverting patients, canceling non-emergency surgeries after cyberattack: A Tallahassee hospital has been forced to divert patients to other facilities and cancel all non-emergency surgical procedures after being hit by a cyberattack that began on Thursday night. … Tallahassee Memorial HealthCare – one of the biggest hospitals serving a 21-county region in north Florida and south Georgia – said they have had to take their IT systems offline due to the security issue. The Record, February 3, 2023
  • ‘Global markets’ impacted by ransomware attack on financial software company: A ransomware attack on Dublin-based software company ION Group has impacted the trading of financial derivatives on international markets. … ION Group describes itself as enabling “financial institutions, central banks and corporations to digitize and automate their most business critical processes.” … A pop-up notice on its site on Wednesday warned that “a cybersecurity event” that struck on Tuesday has affected its cleared derivatives unit. … The ransomware attack was caused by the prolific Russia-based LockBit gang, according to ION correspondence cited by Bloomberg. The Record, February 1, 2023
  • Switzerland’s largest university confirms ‘serious cyberattack’: The University of Zurich, Switzerland’s largest university, announced on Friday it was the target of a “serious cyberattack,” which comes amid a wave of hacks targeting German-speaking institutions. … The university’s website is currently inaccessible, but the phone line to the press office is working. In a statement sent to The Record, a spokesperson described the incident as “part of a current accumulation of attacks on educational and health institutions.” The Record, February 3, 2023

The following stories illustrate legal efforts to bring social media companies under control, holding them responsible for the harms their platforms allegedly cause. Stories like this are likely to lead to changing Section 230 that protects Americans’ freedom of expression online by protecting the intermediaries we all rely on. Section 230, originally part of the Communications Decency Act states: “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” Section 230 is under attack by those on both the right and the left and has a good chance of being modified or repealed (if Washington politics don’t get in the way). For more information on Section 230, please see the Electronic Frontier Foundation’s analysis.

  • Social media companies in the US brace to battle onslaught of legal challenges: State and federal lawsuits and bills with far-reaching regulatory implications for TikTok, Meta and others come to a head this year. … The lawsuits take aim at how social media apps and their algorithms negatively affect the youth. … The majority of US state legislatures have introduced or passed bills attempting to reform how social media giants moderate their content and increase security measures for American users. … Elsewhere on the legal front, the supreme court will hear no fewer than four high-profile cases against tech giants, ranging from liability in terrorist attacks to alleged censorship of conservative viewpoints on their platforms. … State and federal lawsuits, two of which were announced this month, also take aim at how social media apps and their highly effective algorithms negatively affect the mental health of American teenagers. . … The concerns cited by public officials about the affects of social media on teenagers are not unfounded. Last year, Facebook data scientist turned whistleblower Frances Haugen leaked internal documents to the Wall Street Journal, showing teens who used Instagram experience harm as a result of “social comparison, social pressure, and negative interactions with other people”. The Guardian, January 31, 2022
  • Social media’s harm to kids: The next blockbuster lawsuit?: With the potential for enormous settlements and social change, nascent litigation against the tech giants could soon rival the massive claims over tobacco and opioids. … Hundreds of families have already filed individual suits over alleged harm to children from social media, but a new case in Seattle is doing something different. It is the first to be brought by government officials, specifically a public school district, using a “public nuisance” theory. In other industries, the same potent combination has led to billion-dollar settlements. … “There is a chance that this will become very large-scale,” said Alexandra Lahav, a professor at Cornell Law School who has written more than 30 articles on mass-tort litigation and is frequently cited in court decisions. … “There’s a lot of similarity to opioids,” said Theodore Rave, who has taught at Harvard Law School and the University of Texas at Austin. “It has the potential” to have a similar social impact, he said. Courthouse News Service, February 1, 2023

The week saw two privacy victories. In the first, the FTC settled a case with GoodRX that alleged  the company deceptively shared details on users’ illnesses and medicines with ad firms. In the second, Letitia James,, New York Attorney General, has fined a developer of stalker applications that allowed user’s to surreptitiously keep track of their partners.

  • GoodRx Leaked User Health Data to Facebook and Google, F.T.C. Says: Millions of Americans have used GoodRx, a drug discount app, to search for lower prices on prescriptions like antidepressants, H.I.V. medications and treatments for sexually transmitted diseases at their local drugstores. But U.S. regulators say the app’s coupons and convenience came at a high cost for users: wrongful disclosure of their intimate health information. … On Wednesday, the Federal Trade Commission accused the app’s developer, GoodRx Holdings, of sharing sensitive personal data on millions of users’ prescription medications and illnesses with companies like Facebook and Google without authorization. … The crackdown on GoodRx comes at a moment of heightened concern over the leaking of sensitive health information, particularly in states that have banned or severely limited abortions. And it underscores the F.T.C.’s intensifying efforts to push digital health services to beef up their user privacy and security protections. … The F.T.C.’s case against GoodRx could upend widespread user-profiling and ad-targeting practices in the multibillion-dollar digital health industry, and it puts companies on notice that regulators intend to curb the nearly unfettered trade in consumers’ health details. The New York Times, February 1, 2023
  • New York attorney general fines developer of stalking apps: The New York attorney general has ordered a spyware maker whose apps are marketed as tools for surveilling one’s partner to pay a $410,000 fine and amend their business practices. … Under Thursday’s agreement with Patrick Hinchy, a Florida-based man whose 16 companies operate a constellation of spyware apps and services, the entities must alter practices around marketing of their products and inform owners of targeted devices that the app was active on their phones. … “Snooping on a partner and tracking their cell phone without their knowledge isn’t just a sign of an unhealthy relationship, it is against the law,” said New York Attorney General Letitia James, citing the risk of domestic abuse. “Today’s agreement will block these companies from allowing New Yorkers to be monitored without their awareness, and will continue our ongoing fight to protect New Yorkers’ rights, safety, and privacy.” The Record, February 3, 2023

In national security news, North Korea continues to fund its nuclear weapons program – along with its entire economy – on what it steals from the west.

  • Crypto theft: North Korea-linked hackers stole $1.7b in 2022: North Korea-backed hackers stole $1.7bn (£1.4bn) of crypto in 2022, says blockchain analysis firm Chainalysis. … This nearly quadruples the country’s previous record for cryptocurrency theft – $429m in 2021. … Experts have said the country, facing heavy sanctions, is turning to crypto theft to fund its nuclear arsenal. … “For context, North Korea’s total exports in 2020 totalled $142m worth of goods, so it isn’t a stretch to say that cryptocurrency hacking is a sizable chunk of the nation’s economy,” Chainalysis said in a report on Wednesday. BBC, February 2, 2023

Meanwhile, the United States has strengthened its cybersecurity alliance in the Middle East.

  • U.S., allies in Middle East and North Africa broaden collaboration on cyberdefense: The United States and four allies in the Middle East and North Africa are announcing today that they’re formally expanding a 2020 deal normalizing relations between Israel and a handful of other nations in the region to include cybersecurity. … The arrangement, which is still developing, will involve increased sharing of information on cybersecurity threats, as well as the potential for tabletop exercises and more, among some signatories of the Abraham Accords. Department of Homeland Security Undersecretary for Strategy, Policy and Plans Rob Silvers, who traveled to Israel for the announcement and further talks, said the expansion builds on existing cyber collaboration between Israel, the United Arab Emirates and the United States to include Bahrain and Morocco. The Washington Post, January 31, 2023

Section 4 – Managing  Information Security and Privacy in Your Organization.

A new threat intelligence report from Microsoft documents 100 different ransomware gangs and more than 50 ransomware families. The report recommends continued vigilance in keeping systems patched and updated.

  • Microsoft: Over 100 threat actors deploy ransomware in attacks: Microsoft revealed today that its security teams are tracking more than 100 ransomware gangs and over 50 unique ransomware families that were actively used until the end of last year. … “Some of the most prominent ransomware payloads in recent campaigns include Lockbit Black, BlackCat (aka ALPHV), Play, Vice Society, Black Basta, & Royal,” Microsoft said. … “Defense strategies, however, should focus less on payloads but more on the chain of activities that lead to their deployment,” since ransomware gangs are still targeting servers and devices not yet patched against common or recently addressed vulnerabilities. … Furthermore, while new ransomware families launch all the time, most threat actors utilize the same tactics when breaching and spreading through networks, making the effort of detecting such behavior even more helpful in thwarting their attacks. … As Redmond added, attackers increasingly rely on tactics beyond phishing to conduct their attacks, with threat actors, such as DEV-0671 and DEV-0882, capitalizing on recently patched Exchange Server vulnerabilities to hack vulnerable servers and deploy Cuba and Play ransomware. … Last week, the Exchange team urged admins to deploy the latest supported Cumulative Update (CU) to secure on-premises Exchange servers and have them always ready to install an emergency security update. Bleeping Computer, January 31, 2023

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge