This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.
Stan’s Corner
Mutually Assured Disruption: This story should be a wake-up call for all of us. Imagine if 1,000 water districts across the country suddenly started leaking water. Or if traffic lights simultaneously shut down in Los Angeles, New York, and Chicago. I can only hope that if this happens to us, we have the capacity to reciprocate in Beijing, Chendu, and Shanghai. As the world heats up, so will cyber-disruptions. Lives are already being lost as cybercriminals attack our healthcare systems. It will only get worse with nation-state sabotage. NSA Chief Haugh is right to be worried. We should all be concerned.
- China Is ‘Prepositioning’ for Future Cyberattacks—and the New NSA Chief Is Worried: ‘We see it as very unique and different—and also concerning,’ Gen. Timothy Haugh says in a WSJ interview … SINGAPORE—As the U.S. military’s new cyber chief and the head of the nation’s main electronic spy agency, it is Gen. Timothy Haugh’s job to be concerned about China’s clandestine efforts to steal sensitive American data and weapons know-how. … But he is also contending with an unusual Chinese threat, one that is designed not to extract military secrets or data of any kind but to lurk in the infrastructure that undergirds civilian life, as if lying in wait for the right moment to unleash chaos. … “We see it as very unique and different—and also concerning,” Haugh said in an interview with The Wall Street Journal on the sidelines of a security conference in Singapore. “And the concern is both in what is being targeted and then how it is being targeted.” … The U.S. believes the Chinese hacking network—known as Volt Typhoon among cybersecurity experts and U.S. officials—aims to “preposition” in critical infrastructure networks for future attacks. “We can see no other use,” said Haugh, who took charge of the National Security Agency and the military’s Cyber Command in February. … “We see attempts to be latent in a network that is critical infrastructure, that has no intelligence value, which is why it is so concerning,” he said.
From SecureTheVillage
- Smaller business? Nonprofit? Take your security to the next level. Apply Now! If you’re a small business or nonprofit in the greater Los Angeles area, apply NOW for LA Cybersecure. Protect your organization with our innovative team-based learn-by-doing program with coaching and guidance that costs less than two cups of coffee a week.
- IT Service Provider / MSP? Take your client’s security to the next level. Apply Now! If you’re an IT service provider in the greater Los Angeles area, apply NOW for LA Cybersecure. With our innovative team-based learn-by-doing program, you’ll have both that “seat at the table” and the peace of mind that you’re providing your clients with the IT security management they need.
- The LA Cybersecure Program is funded in part by a grant from the Center for Internet Security (CIS) Alan Paller Laureate Program.
- Family Protection Newsletter: Did you know we created the Family Protection Newsletter for non-cyber experts? For your parents, friends, those who need to protect themselves in a digital world. Sign up or share with a friend! Click here to learn more and quickly add to your free subscription!
- How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basic controls and download our free updated 13-step guide.
- Please Support SecureTheVillage: We need your help if we’re to build a world of CyberGuardians TM. Please donate to SecureTheVillage. Thank you. It takes a village to secure the village. TM.
Cybersecurity Nonprofit of the Week … Open Cybersecurity Alliance
Kudos this week to the Open Cybersecurity Alliance (OCA). The Alliance works with other organizations to make sure cybersecurity tools work effectively with the other technology buried deep inside the Internet. That the Internet is as secure as it is owes a lot to OCA and their commitment to Internet security. We’re happy to spotlight OCA so our readers can better appreciate the work being done by nonprofits like OCA. Like SecureTheVillage, the Open Cybersecurity Alliance is a member of Nonprofit Cyber.
Cyber Humor
Section 2: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.
From ABC Good Morning America and the Better Business Bureau.
- Reports of phishing scams more than doubled last year, according to new report: The Better Business Bureau says cybersecurity experts are pointing to a rise of artificial intelligence and text-based scams targeting consumers.
Section 3: Cybersecurity and Privacy News for the Cyber-Concerned.
Three privacy stories make the news this week. The first two illustrate the point Bruce Schneier and Barath Raghavan make in the third story.
- Is Your Driving Being Secretly Scored?: The insurance industry, hungry for insights into how people drive, has turned to automakers and smartphone apps like Life360. … You know you have a credit score. Did you know that you might also have a driver score? … The score reflects the safety of your driving habits — how often you slam on the brakes, speed, look at your phone or drive late at night. … While you can see your credit score, you will have a harder time finding out what your driving score is. But auto insurance companies can get it — and that could affect the rate you pay.
- Windows Recall: How it works, how to turn it off and why you should: Microsoft backpedals after well-earned backlash over Windows Recall, a new feature coming to Copilot+ PCs on June 18 that promises to save images of your desktop every few seconds, scan and analyze them with AI help, then make that data searchable using natural language.
- How Online Privacy Is Like Fishing: In the wake of a Microsoft spying controversy, it’s time for an ecosystem perspective. … Microsoft recently caught state-backed hackers using its generative AI tools to help with their attacks. In the security community, the immediate questions weren’t about how hackers were using the tools (that was utterly predictable), but about how Microsoft figured it out. The natural conclusion was that Microsoft was spying on its AI users, looking for harmful hackers at work. … Some pushed back at characterizing Microsoft’s actions as “spying.” Of course cloud service providers monitor what users are doing. And because we expect Microsoft to be doing something like this, it’s not fair to call it spying. … We see this argument as an example of our shifting collective expectations of privacy. To understand what’s happening, we can learn from an unlikely source: fish.
As EU elections start, here’s a look at what we in America can expect.
- Pro-Russia group claims responsibility for cyber-attacks on first day of EU elections: The websites of at least three political parties in the Netherlands were targeted on Thursday as Dutch voters cast their ballots in the European elections. … A pro-Kremlin hacker group has claimed responsibility for what seems to be a coordinated attack on the websites of Dutch political parties and EU institutions on the first day of the European elections.
A Wall Street Journal alert on how hiring managers have to navigate the new world of deepfakes and fraudsters.
- Deepfakes, Fraudsters and Hackers Are Coming for Cybersecurity Jobs: Cyber leaders are defending against bad actors armed with artificial intelligence who are applying for openings. … Companies in the market for cybersecurity professionals could face a new method of attack, made harder to spot because of artificial intelligence: Hackers posing as job applicants. … As cyber threats targeting U.S. companies multiply, some security leaders have increased scrutiny during hiring to weed out bad actors—or simply applicants with over-embellished résumés. … Globally, the cyber sector faces a shortfall of roughly four million professionals, an increase of 12.6% from 2022, according to ISC2, a professional and certification group in cybersecurity. Fraudsters are seizing on the demand.
An excellent look at what’s yet to come from the UnitedHealthcare breach.
- What If The Scathing UnitedHealth Cyber Rebuke Was Yours?: UnitedHealth Group’s cyber breach disrupted hospitals, compromised nearly 150 million patient records, halted medical payments and already cost over $1 billion in remediation. CEO Andrew Witty was whisked to Congress for rare bi-partisan outrage. Yet, the worst may await.
Ticketmaster. Satandar Bank. Lending Tree. Advanced Auto Parts. How many others? Is Snowflake to be the next Cybersecurity Poster Child for not requiring its customers to use MFA? Are their customers the Poster Children for not using MFA? How about both!
- Snowflake data breach claims spark war of words over culpability: Snowflake CISO Brad Jones hit back at claims the Ticketmaster and Santander data breaches were caused by platform vulnerabilities. … Snowflake has pinned the blame for a series of high-profile data breaches in recent days on customers failing to adequately secure production environments by using two-factor authentication.
A new Mandiant report says cybercriminals made more than $1 billion from victim ransom payments last year.
- Ransomware saw a resurgence in 2023, Mandiant reports: The cybersecurity firm said it saw an increase in activity from ransomware gangs last year after a “slight dip” in activity in 2022. … As law enforcement agencies conduct global operations against ransomware gangs, the number of incidents continue to rise unabated, per a new report from the cybersecurity firm Mandiant. … Researchers with the Google-owned firm said on Monday that they saw 50 new ransomware variants in 2023, with about a third branching off of existing malware. The report highlights the pervasiveness of the problem and the difficulties in slowing down cyber extortion. Even with the attention of the White House, a call-out in the national cybersecurity plan and increasingly aggressive law enforcement operations against them, cybercriminals made more than $1 billion from victim ransom payments last year.
This week in cybercrime
- Loopring suffers $5 million hack after ‘Guardian’ two-factor authentication service is compromised: Loopring, the ZK-rollup based protocol built on Ethereum, had its two-factor authentication based Guardian wallet recovery service compromised in a hack, the company recently disclosed.
- How scammers used ‘social engineering’ to steal over $1 million from an Idaho town of less than 4,000 people: An Idaho town lost more than $1 million to scammers. … Scammers tricked Gooding, Idaho employees into sending over $1 million to fake contractors. … The payment was intended for a wastewater project but was diverted into the criminal’s account.
- Christie’s Hit With Class-Action Lawsuit Over Client Data After Cyberattack Shuts Down Website: If there’s one thing wealthy people have access to, it’s lawyers. As a result, a client of Christie’s recently filed an class-action lawsuit against the auction house after it experienced a cyberattack in May.
- ‘Russian criminals’ behind hospitals cyber attack: Russian hackers are behind the cyber attack on a number of major London hospitals, according to the former chief executive of the National Cyber Security Centre.
- Arlington loses $446k through wire fraud scheme, town manager says: The Town of Arlington, MA lost nearly $446,000 as a result of an elaborate wire fraud scheme by an organization overseas, according to Arlington Town Manager Jim Feeney.
Section 4: Securing the Technology.
If you’re a victim of a LockBit ransomware attack, contact the FBI. They may have your decryption key.
- FBI Kicks Hackers In The Teeth With Free 7,000 Ransomware Key Giveaway: The FBI is encouraging anyone who has been a victim of the LockBit ransomware group and its many affiliates to contact them for a free decryption key that could help restore their data. Bryan Vorndran, FBI Cyber Division assistant director, has urged potential victims to contact the Bureau after confirming that it is in possession of more than 7,000 decryption keys from the ransomware hackers.
Patch now.
- SolarWinds Patches High-Severity Vulnerabilities: SolarWinds has released patches for high-severity vulnerabilities in Serv-U and the SolarWinds Platform. … Rolling out as version 2024.2, the latest SolarWinds Platform iteration includes patches for three new security defects, as well as fixes for multiple bugs in third-party components.
