Cybersecurity News of the Week, March 19, 2023

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Top of the News

Our top story this week is Meta’s important work to help it manage the expected deluge of mis/dis-information as nations around the world gear up for elections.

  • As major elections loom, Meta unveils its internal Online Operations Kill Chain: Next year will feature some of the most geopolitically significant elections of our times. Voters will be heading to the ballot boxes in not only the United Kingdom, United States and European Union, but also India, Turkey and Taiwan. … Anticipating an even greater need for “investigative teams across industry, civil society, and government” to collaborate against online interference in these elections, Meta published on Thursday a new Online Operations Kill Chain framework for analyzing and responding to these threats. … The framework is a tool used internally at Meta to formally “analyze individual operations and identify the earliest moments at which they can be detected and disrupted.” The parent company of Facebook and Instagram hopes it will help other defenders detect and disrupt operations when they see them on their networks, too, and help everybody share their findings. The Record, March 16, 2023

How Hackable Are You? Take our test. Find out how hackable you are and download our free 8-step guide.

  • How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basics. Please take our short quiz as your answers will help you and guide us to improve community safety.

Cyber Humor

Cybersecurity Nonprofit of the Week  …  The Center for Internet Security

Our kudos this week to the Center for Internet Security (CIS®). Whether you buy IT services or provide them, you need to know about the Center for Internet Security and the great work they do to make the connected world a safer place for people, businesses, and governments.  Strong proponents of collaboration and innovation, CIS® is a community-driven nonprofit responsible for the CIS Controls®, CIS Benchmarks™, and CIS Hardened Images®. CIS is also home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®). The Center for Internet Security is one of the founders of Nonprofit Cyber, a coalition of implementation-focused cybersecurity nonprofits including SecureTheVillage.

Live on Cyber with Dr. Stan Stahl – Live on LinkedIn and Your Favorite Podcast Platform

Live on Cyber with Dr. Stan Stahl: (Video) (Podcast): The FBI Internet Crime Complaint Center (IC3) released its annual Internet crime report last week. Not surprisingly the report continued to show continued growth in cybercrime . Join Stan and Julie as they riff on the IC3 report. What it says. What it means … both to the nation’s economy and to its victims. And how cybercrime is an inevitable unintended consequence of the cyber-incunabula, just like the increases in fraud and misinformation resulting from the invention of the printing press. As always, Stan and Julie provide actionable tips and thoughtful wisdom in a fun conversation on the complexities of cybersecurity and privacy. 

Cybersecurity Quote of the Week

Section 2 – Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware. 

Self-Defense. Update Now.

  • Microsoft Patch Tuesday, March 2023 Edition: Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. KrebsOnSecurity, March 15, 2023

Privacy at Risk

  • PayPal Data Breach Exposes Personal Information of 35,000 Users: PayPal, one of the world’s largest online payment platforms, has admitted that a data breach in December 2022 compromised the personal and financial information of nearly 35,000 users. LegalScoops, March 16, 2023
  • Cerebral disclosure shows vulnerability of online mental health data, risk of tracking tools: Mental health providers have come under scrutiny for the data that they send to third-party firms. … A company that provides online therapy services acknowledged last week that its customers’ sensitive health information had been sent to third-party firms, illustrating the risks for mental health data and calling attention to a problematic privacy practice. … The telehealth provider, Cerebral, sent letters to more than 3 million users on March 6 about the incident, then followed that with a notice to the Department of Health and Human Services. The company had been sharing user data with Google, Facebook parent Meta, TikTok and others via tracking “pixels.” March 13, 2023
  • Texas abortion lawsuit revives calls for encrypted messaging: A recent lawsuit in Texas against women who helped a friend access abortion medication is renewing calls for tech giants to make end-to-end encryption the default on their messaging services. … Driving the news: A Texas man recently filed a civil lawsuit against three women who he alleges helped his ex-wife obtain abortion-inducing medication and terminate her pregnancy, according to the Texas Tribune. … The plaintiff’s complaint is based on text messages among the women — making real a long-held fear that people’s digital communications will be weaponized after the overturn of Roe v. Wade. Axios, March 14, 2023i

Know The Enemy

  • Dish customers kept in the dark as ransomware fallout continues: Dish customers are still looking for answers two weeks after the U.S. satellite television giant was hit by a ransomware attack. … In a public filing published on February 28, Dish confirmed that ransomware was to blame for an ongoing outage and warned that hackers exfiltrated data, which “may” include customers’ personal information, from its systems. … Dish hasn’t provided a substantive update since, despite customers continuing to experience issues — or know if their personal data is at risk. … TechCrunch has heard from customers that still have no access to Dish, or services through its subsidiaries like Boost Mobile. Others say they have been unable to contact Dish customer services since the incident began two weeks ago. We have heard from others who say they have been affected by email and voice phishing attacks exploiting the uncertainty around the Dish incident, and TechCrunch has also heard of customers saying their Dish services were disconnected due to ongoing issues at the company, meaning the customers were unable to pay their bill. Tech Crunch, March 15, 2023
  • UK Crypto Firm Loses $200m in Cyber-Attack: UK crypto startup Euler Labs has suffered a devastating cyber-attack, in which threat actors managed to steal close to $200m from its DeFi lending protocol. Infosecurity, march 14, 2023
  • Ransomware Gang Threatens Amazon’s Ring With Data Leak: A ransomware gang is threatening the largest system of doorbell cameras in the US, claiming that it has some amount of stolen data. The group claims to have broken into Amazon’s Ring system, though Amazon has yet to confirm the incident and details are mostly coming from anonymous sources speaking to the media. CPO Magazine, March 17, 2023
  • Cybercriminals exploit SVB collapse to steal money and data: The collapse of the Silicon Valley Bank (SVB) on March 10, 2023, has sent ripples of turbulence throughout the global financial system, but for hackers, scammers, and phishing campaigns, it’s becoming an excellent opportunity. … As multiple security researchers report, threat actors are already registering suspicious domains, conducting phishing pages, and gearing up for business email compromise (BEC) attacks. … These campaigns aim to steal money, steal account data, or infect targets with malware. Bleeping Computer, March 14, 2023
  • Hackers Lure Cybersecurity Researchers With Fake LinkedIn Recruiter Profiles: North Korean advanced persistent threat (APT) group Lazarus (aka UNC290) has been targeting security researchers with a phishing campaign via LinkedIn since last June. … Mandiant reported that the phishing attacks started against a US-based tech company … Posing as recruiters on LinkedIn, the group works to earn a victim’s trust, and it then convinces them engage on WhatsApp or by email, where they can send a malware dropper, Mandiant explained.
  • Ransomware attacks have entered a heinous new phase: Cybercriminal gangs now releasing stolen photos of cancer patients, student records. ars technica, March 14, 2023

Section 3 – Cybersecurity News for the Cyber-Concerned.

National and International Cyber

  • Russia’s Spring Offensive in Ukraine Could Include Cyberattacks, Microsoft Says: Moscow also appears to be stepping up influence operations to weaken European and U.S. support for sending more aid to the Ukrainian government. The New York Times, March 15, 2023
  • Wave of Stealthy China Cyberattacks Hits U.S., Private Networks, Google Says: State-sponsored hackers from China have developed techniques that evade common cybersecurity tools and enable them to burrow into government and business networks and spy on victims for years without detection, researchers with Alphabet Inc.’s Google found. … The method of cyberattack “is a lot harder for us to investigate, and it is certainly exponentially harder for victims to discover these intrusions on their own. … Even with our hunting techniques, it’s hard for them to find it.” … The findings shared Thursday come amid heightened concerns about the breadth of Chinese espionage against the West following last month’s discovery of an alleged Chinese surveillance balloon that invaded U.S. airspace and a bipartisan push in Washington to ban the social-media app TikTok due to data security fears. … Defense contractors, government agencies, and technology and telecommunications firms appeared to be bearing the brunt of the newly discovered Beijing-linked attacks, Mr. Carmakal said. While the relative quantity of identified victims may be small—perhaps in the dozens—the impact is significant because of the importance of what is being stolen, he said. The Wall Street Journal, March 16, 2023
  • CISA: Federal civilian agency hacked by nation-state and criminal hacking groups: The vulnerability used in the attack against the federal agency is well-known and among the top exploits in 2021. … A nation-state hacking group and a criminal gang best known for card skimming had access to a federal civilian agency from August to January 2023, according to a Wednesday joint alert released by the Cybersecurity and Infrastructure Security Agency, the FBI and the Multi-State Information Sharing and Analysis Center. Cyberscoop, March 15, 2023

Taking the Cyber-Battle to the Enemy

  • Feds Charge NY Man as BreachForums Boss “Pompompurin”: The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums, a popular English-language cybercrime forum where some of the world biggest hacked databases routinely show up for sale. The forum’s administrator “Pompompurin” has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForums, a remarkably similar crime forum that the FBI infiltrated and dismantled in 2022. Krebs on Security, March 17, 2023
  • One of the darkweb’s largest cryptocurrency laundromats washed out: Europol supports Germany and the US in taking down the infrastructure of ChipMixer: as much as EUR 40 million seized. … German and US authorities, supported by Europol, have targeted ChipMixer, a cryptocurrency mixer well-known in the cybercriminal underworld. The investigation was also supported by Belgium, Poland and Switzerland. On 15 March, national authorities took down the infrastructure of the platform for its alleged involvement in money laundering activities and seized four servers, about 1909.4 Bitcoins in 55 transactions (approx. EUR 44.2 million) and 7 TB of data. Europol, March 15, 2023

National Cyber-Defense

  • CISA Creates New Ransomware Vulnerability Warning Program: The US Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday the creation of a new Ransomware Vulnerability Warning Pilot (RVWP) program. … Stemming from the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) and coordinated by the Joint Ransomware Task Force (JRTF), the RVWP will see CISA assess flaws commonly associated with known ransomware exploitation. Infosecurity, March 14, 2023

Regulating Cyber

  • SEC proposes new cyber incident reporting rules for financial orgs: The Securities and Exchange Commission (SEC) proposed new cybersecurity rules for a range of financial organizations that would force them to report incidents within 48 hours of detection and implement certain security policies. … The new rules would also make it mandatory for some financial institutions to annually test and review the effectiveness of their cybersecurity policies and procedures. … “The nature, scale, and impact of cybersecurity risks have grown significantly in recent decades,” said SEC Chair Gary Gensler. “Investors, issuers, and market participants alike would benefit from knowing that these entities have in place protections fit for a digital age. This proposal would help promote every part of our mission, particularly regarding investor protection and orderly markets.” The Record, March 16, 2023
  • The FCC is cracking down on scammy robotexts. What that means for you: On Thursday, the Federal Communications Commission adopted a rule that requires mobile phone companies to block texts that are “highly likely to be illegal.” That includes texts from spoofed or non-working numbers, which spammers frequently rely on for their bulk messages. The Los Angeles Times, March 16, 2023

AI – The Impact

  • How AI Could Write Our Laws: Nearly 90% of the multibillion-dollar federal lobbying apparatus in the United States serves corporate interests. In some cases, the objective of that money is obvious. Google pours millions into lobbying on bills related to antitrust regulation. Big energy companies expect action whenever there is a move to end drilling leases for federal lands, in exchange for the tens of millions they contribute to congressional reelection campaigns. Schneier on Security, March 14, 2023

Section 4 – Managing  Information Security and Privacy in Your Organization.

I asked ChatGPT  for the 7 most important things a business with 100 – 150 employees to minimize the risk of being hacked? This is GPT’s response. It’s good advice for all organizations.

As an AI language model, I cannot provide a definitive list of the 7 most important things a business with 100-150 employees can do to minimize the risk of being hacked, as each business has unique needs and vulnerabilities that may require different approaches. However, based on current industry best practices, here are some general steps that businesses can take to strengthen their cybersecurity posture and reduce the likelihood of a successful hack:

  1. Conduct regular security assessments: It’s important to regularly assess your business’s security measures to identify potential vulnerabilities and address them before hackers can exploit them. Consider hiring an outside security firm to conduct a thorough assessment.
  2. Develop and enforce strong password policies: Passwords should be complex, unique, and changed regularly. Employees should not reuse passwords across multiple accounts, and two-factor authentication should be used whenever possible.
  3. Implement access controls: Ensure that employees only have access to the information and systems they need to do their jobs. Limit administrative access to a small number of trusted employees.
  4. Keep software and systems up to date: Regularly apply security patches and updates to all software and systems to address known vulnerabilities. Outdated software and systems can be easily exploited by hackers.
  5. Train employees on cybersecurity best practices: Human error is a leading cause of security breaches. Provide regular training to employees on how to identify and avoid common threats like phishing emails and social engineering tactics.
  6. Use firewalls and antivirus software: Install firewalls to block unauthorized access to your network and antivirus software to detect and remove malware.
  7. Back up data regularly: In the event of a successful hack, having up-to-date backups of critical data can help minimize the damage and allow you to quickly restore systems and operations.

Remember, cybersecurity is an ongoing process, and it’s important to stay vigilant and adapt your security measures as threats evolve. From <>

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge