Cybersecurity News of the Week, January 14, 2023

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Top of the News

Election disinformation makes the  top of this week’s cybersecurity and privacy news. There will be 83 elections this year in what’s expected to be the largest concentration for at least the next 24 years. With Taiwan’s election this last week and our Iowa Caucus this week, the enemies of democracy are out in force. AI and Deep Fakes make the situation worse. With it, the states are beginning to act.

• Elections and Disinformation Are Colliding Like Never Before in 2024: A wave of elections coincides with state influence operations, a surge of extremism, A.I. advances and a pullback in social media protections. … Billions of people will vote in major elections this year — around half of the global population, by some estimates — in one of the largest and most consequential democratic exercises in living memory. The results will affect how the world is run for decades to come. … At the same time, false narratives and conspiracy theories have evolved into an increasingly global menace. … Baseless claims of election fraud have battered trust in democracy. Foreign influence campaigns regularly target polarizing domestic challenges. Artificial intelligence has supercharged disinformation efforts and distorted perceptions of reality. All while major social media companies have scaled back their safeguards and downsized election teams. … “Almost every democracy is under stress, independent of technology,” said Darrell M. West, a senior fellow at the Brookings Institution think tank. “When you add disinformation on top of that, it just creates many opportunities for mischief.” … It is, he said, a “perfect storm of disinformation.”
• State Legislators, Wary of Deceptive Election Ads, Tighten A.I. Rules: Sophisticated political deepfakes have warped elections overseas. Can U.S. legislators act fast enough to make A.I. campaign ads more transparent? … When experts in artificial intelligence recently showed a gathering of state legislators a deepfake image that had been generated by A.I. in early 2022, depicting former presidents Donald J. Trump and Barack Obama playing one-on-one basketball, the crowd chuckled at how rudimentary it was. … Then the panel brought out a fake video that was made just a year later, and the legislators gasped at how realistic it looked. … Alarmed by the increasing sophistication of what can be false or highly misleading political ads generated by artificial intelligence, state lawmakers are scrambling to draft bills to regulate them. … With primary voters about to cast the first ballots in 2024, the issue has become even more pressing for legislators in dozens of states who are returning to work this month. … “States know that there’s going to have to be some regulatory guardrails,” said Tim Storey, president and chief executive of the National Conference of State Legislatures, which convened the A.I. panel at a conference in December. “It’s almost trying to figure out what’s happening in real time.” … The broader goal, legislators said, was to prevent what has already happened elsewhere, especially in some elections overseas.
• Taiwan bombarded with cyberattacks ahead of election: Cybersecurity groups link the attacks against Taiwanese critical infrastructure to China. … Taiwan faces a deluge of cyberattacks days before a critical presidential election with experts blaming China for an unprecedented and increasingly sophisticated level of interference. … The Jan. 13 election is the first real security test of 2024 — one of the biggest years for democratic elections in history — and underlines the rising cyber threat posed by China. … Google Cloud’s cyber threat intelligence firm Mandiant warned Tuesday of a “substantial volume of espionage operations” by China against Taiwan’s government, technology and critical infrastructure, according to a statement from Ben Read, the company’s head of cyber espionage analysis. “While this type of targeting has occurred for years, the volume over the past few months has been notable.” … Cyberattacks designed to overwhelm and crash networks in Taiwan have reached new levels in the final quarter of 2023, spiking 3,370 percent — a more than thirty fold increase — since the previous year, according to a new threat report from website security firm Cloudflare. While the report did not directly link the attacks to China, it did note that China is one of the largest sources of these types of attacks.

Small and Midsize Organizations. Take your security to the next level. Apply Now! If you’re a small business, nonprofit, or IT / MSP in the greater Los Angeles area, apply NOW for LA Cybersecure, a pilot program with coaching and guidance that costs less than two cups of coffee a week. https://securethevillage.org/la-cybersecure-pilot/ The LA Cybersecure Pilot Program is funded by a grant from the Center for Internet Security (CIS) Alan Paller Laureate Program.

Family Protection Newsletter: Did you know we created the Family Protection Newsletter for non-cyber experts? For your parents, friends, those who need to protect themselves in a digital world. Sign up or share with a friend! Click here to learn more and quickly add to your free subscription! 

How Hackable Are You? Take our test. Find out how hackable you are and download our free updated 13-step guide.

• How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basics. Please take our short test as your answers will help you and guide us to improve community safety.

Upcoming events. Please join us.

• Los Angeles Cybersecurity Workforce Coalition: The monthly meeting of the workforce coalition, Tue, February 6, 1:00 pm – 2:00 pm PT. The LA Cybersecurity Workforce Coalition is for employers, educators, government, nonprofits, and others with a professional interest in the cybersecurity workforce challenge.

Please Support SecureTheVillage.

• We need your help if we’re to build a world of CyberGuardians. Please donate to SecureTheVillage. Thank you. It takes a village to secure the village. ^TM. 

Cyber Humor

Cybersecurity Nonprofit of the Week … Sightline Security

Our kudos this week to Sightline Security, a nonprofit that helps nonprofits secure and protect their critical information. Sightline’s mission is to equip, empower, and support nonprofits to navigate and embed cybersecurity into their organizations with confidence. Kudos to Sightline Security for their cyber support to the vital under-served nonprofit community. Sightline Security is playing a major role in our LA Cybersecurity Pilot Program. Like SecureTheVillage, Sightline Security is a fellow-member of Nonprofit Cyber. SecureTheVillage is proud to have Sightline Security founder and President Kelley Misata on our Board.

Live on Cyber with Dr. Stan Stahl – Live on LinkedIn and Your Favorite Podcast Platform

New Members in the Cybersecurity Hall of Shame: (Video) (Podcast): The tiny Aliquippa water authority in western Pennsylvania got hacked. This was after it ignored government warnings of ongoing cyberattacks by Iran against America’s water districts. Protection was as simple as changing password. Spain’s second largest mobile carrier was shut down when hackers logged into an administrator’s account on the company’s “Ripe NCC” network. The password? “Ripeadmin.” … Join Stan and Julie as they discuss these basic failings … and what everyone can do to keep it from happening to them. … Want to join the fight for online safety? Learn how LA Cybersecure is helping: https://securethevillage.org/la-cybersecure-pilot/. … Subscribe to Live on Cyber with Stan Stahl, PhD and Julie Michelle Morris, your weekly 15-min update on the latest in privacy and information security affecting our businesses and the communities we live in!

Section 2 – Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware. 

Big kudos to Smith’s Grocery Store in Utah for saving a cyber scam victim. Every retail store in America should follow Smith’s example. Train your staff to be aware.

• Grocery store cashier saves Utah woman from gift card scam: The Federal Trade Commission reports Americans lost $228.1 million to gift card scams in 2022. The total losses for 2023 aren’t available yet, but through the third quarter of last year, victims lost $160.9 million to gift card scammers. … Bernella Brown, a senior citizen from Utah, narrowly escaped becoming another statistic of gift card scams. ,,, “I had a bad feeling about it, but I was so emotionally caught up in getting my money back that I didn’t have any feelings except do what she (the scammer) said,” she recalled. … But an alert cashier at Smith’s grocery store recognized the signs of a scam and refused the transaction, preventing her from losing thousands of dollars. … Amy Peterson, spokesperson for Smith’s, emphasized the importance of their training program which asks cashiers to be vigilant and engage customers in conversations about their purchases. Many victims, especially senior citizens, are often seen in the store buying high-dollar gift cards while communicating with scammers on their cell phones.

A good instructive piece by The Wall Street Journal on password security. Share this with the people in your life who might be struggling with passwords.

• A Better New Year’s Resolution: Make Your Passwords Secure: Protect yourself from cyberattacks and identity thefts in four steps … I recently staged a password intervention. … One family member admitted to using the same password for every account. Another stored login credentials in iPhone Contacts. Both habits make accounts vulnerable to hackers. I had to step in. … I set them up with a password manager, swapped out their weak passwords, turned on two-factor authentication and changed their device passcodes from “1111” to something longer and less obvious. … The great thing is, these updates made their digital lives safer and more convenient to access. If you need to stage an intervention on a family member—or even on yourself—use these four steps.

Section 3 – Cybersecurity and Privacy News for the Cyber-Concerned.

Amidst all the news of how AI is making cyber-defense harder, here’s a story from The Wall Street Journal about how our side is using AI.

• AI Helps U.S. Intelligence Track Hackers Targeting Critical Infrastructure: Chinese hackers, trying to burrow into U.S. ports and pipelines, use techniques that would be difficult to detect without AI, NSA cybersecurity official says. … NEW YORK—U.S. intelligence authorities are using AI to pick up on the presence of hackers trying to infiltrate and attack American critical infrastructure—and identifying signs of hackers using AI themselves in the attacks. … At a conference Tuesday, cybersecurity leaders discussed burgeoning aspects of AI use by hackers—as well as by law enforcement. Rob Joyce, cybersecurity director at the National Security Agency, said machine learning and artificial intelligence are helping cybersecurity investigators track digital incursions that would otherwise be very difficult to see. … Specifically, Chinese hackers are targeting U.S. transportation networks, pipelines and ports using stealthy techniques that blend in with normal activity on infrastructure networks, Joyce said, speaking at Fordham University in New York. … These methods are “really dangerous” as their aim is societal disruption, as opposed to financial gain or espionage, Joyce said. The hackers don’t use malware that common security tools can pick up, he added. 

If the above story seems like “one step forward,” the next one feels like “one step backwards.”

• Age-old problems to sharing cyber threat info remain, IG report finds: Over-classification, a lack of policy guidance and tensions between private sector cybersecurity firms are continuing to hamper federal government efforts to share cybersecurity threat information, according to a report released Friday by the U.S. intelligence community’s top watch dog.  … Friday’s report, released by the Office of the Inspector General of the Intelligence Community, concludes that while federal agencies have broadly improved their ability to share threat information and defensive mitigations long-standing policy and technical concerns are providing barriers to rapid information sharing.

Meanwhile, the SEC got egg-on-its-face when its Twitter/ X account got hacked. Shame on the SEC for not having multi-factor authentication on their account. Shame also on Elon musk for charging account holders for the privilege of using two-factor authentication.

• Don’t Get Caught Like the SEC: Protect Your Online Accounts With Two-Factor Authentication: The SEC’s X account breach and last year’s 23andMe hack show why everyone needs a second security layer: We get it. Turning on two-factor authentication for your online accounts can be a pain. But like going to the dentist, it’s just something you have to do. … On Tuesday, someone broke into the Securities and Exchange Commission’s official X account and tweeted that spot bitcoin exchange-traded funds had been approved, sending the price of the cryptocurrency briefly higher. The official-looking announcement was a hack, an SEC spokeswoman said; the agency did officially approve the ETFs on Wednesday. 

Another good news story as Ukrainian hackers broke into the Russia’s largest commercial bank and released a treasure-trove of information.

• Ukrainian hackers leak personal data of 38 million clients of Russia’s Alfa-Bank: Ukrainian hackers have leaked the entire customer database of Russia’s largest commercial bank, Alfa-Bank, online, totaling 38 million clients, Ukrainian hacker collective KibOrg said in a statement on Jan. 8. … The database also includes data on millions of legal entities, totaling over 115 million records overall. KibOrg notes that the table contains client records for 20 years, starting in 2004.

Cyberattacks on hospitals are increasing. The consequences are potentially fatal. Making the situation worse, the quality of security management is often low. Kudos to the White House and the State of New York for being proactive.

• Cyberattacks are having fatal consequences, so the White House wants hospital funding tied to hospital security: The Biden administration is looking to introduce a policy that will require US hospitals to meet a certain level of digital security, including multi-factor authentication, in order to secure federal funding. …  A number of attacks in recent months have severely impacted hospitals, forcing ambulances to be diverted and non-urgent procedures to be rescheduled. … Hospitals are already bound by a number of requirements relating to building construction, security and how patients are treated in order to secure funding.
• New York clinic agrees to $1.2M investment, $450K fine in wake of ransomware attack: The New York attorney general has reached a settlement agreement with Refuah Health Center regarding a 2021 ransomware attack. … According to a Jan. 8 report from Gov Info Security, the Spring Valley, N.Y.-based clinic must pay at least $350,000 in a settlement, and an additional $100,000 charge is pending if cybersecurity is not strengthened. … To reinforce current cybersecurity measures, Refuah committed to spending $1.2 million on information security measures from 2024 to 2028. … These fines come after the AG’s office investigated the theft of between 195,000-234,000 patient files. According to the settlement agreement, Refuah neglected to change login credentials for 11 years, which allegedly exposed them to a cyberattack.

This week in cybercrime.

• Hospitality Hackers Target Hotels’ Booking.com Logins: Cyberattackers are checking into the accounts of Booking.com’s hotel partners, hoping to steal their visitor data. …Cyberattackers are hitting the digital road, looking to make some virtual stops at various hotels that contract with Booking.com to sell rooms. The idea is to phish the hotels’ backend Booking.com logins, with the aim of taking over the accounts and ultimately harvesting data on the hotels’ customers. … Many of the phishing messages are to hotel managers, claiming that former guests are writing scathing reviews of the property online. The emails encourage the hotels to log on and reply to the complaints, and helpfully they contain a “Reply to Complaint” link.  … The targets are asked to enter their passwords on the site, and the attackers are home free.
• Kansas chief justice highlights cyber security, specialty courts during annual speech: Kansas Supreme Court Chief Justice Marla Luckert confirmed that the hackers who compromised the ­­­Kansas judicial branch in October is a Russian-based ransomware group during the annual State of the Judiciary speech on Wednesday. … A forensic examination confirmed that the group exfiltrated some data, but Luckert said the courts are still determining what and whose personal information was stolen. However, court systems are now returning to the centralized case management systems now that cybersecurity experts have enhanced security measures. … Since the attacks, courts have relied on old-school paper filing for court documents. … “As I speak, electronic filing is being restored in some districts. The remaining districts should have e-filing restored over the next two weeks. We are optimistic that the full functionality of our systems, including appellate e-filing, is on the near horizon,” Luckert said. … Luckert said the courts didn’t pay any ransom to the hackers and that cybersecurity experts may not have specifically targeted Kansas when breaching the data.
• LockBit claims November attack on New Jersey hospital that disrupted patient care: The LockBit ransomware gang took credit for a November attack on a hospital system that forced multiple facilities in New Jersey and Pennsylvania to cancel appointments and operate without patient files. … This weekend, LockBit posted Capital Health to its extortion website, threatening to leak seven terabytes of stolen data from the company.
• Mortgage firm loanDepot cyberattack impacts IT systems, payment portal: U.S. mortgage lender loanDepot has suffered a cyberattack that caused the company to take IT systems offline, preventing online payments against loans. … loanDepot is one of the largest nonbank retail mortgage lenders in the USA, employing approximately 6,000 people and servicing loans of over $140 billion.
• Entire population of Brazil possibly exposed in massive data leak: The private data of hundreds of millions of Brazilians were publicly accessible to threat actors, putting individuals at risk.

Section 4 – Managing  Information Security and Privacy in Your Organization.

If you’re a business or nonprofit, please alert your IT support to take care of these. If you’re IT, please take care of them.

• Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe: Poorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing financially motivated campaign to gain initial access.
• CISA Urges Patching of Exploited SharePoint Server Vulnerability: The US cybersecurity agency CISA on Wednesday issued a warning on threat actors exploiting a critical Microsoft SharePoint Server vulnerability in the wild. … The security defect, tracked as CVE-2023-29357 (CVSS score of 9.8) and patched on June 2023 Patch Tuesday, is described as an elevation of privilege (EoP) flaw that allows unauthenticated attackers to gain administrator privileges.