SecureTheVillage

Cybersecurity News of the Week

Cybersecurity News of the Week, May 26, 2024

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Corner

Tomorrow is Memorial Day. It’s a day to reflect on the more than 1,000,000 Americans who gave their last full measure of devotion so we might live free.

We are under attack from cyber criminals and nation states. They steal from us. They attack our water systems and other critical infrastructures. They bombard us with disinformation intended to drive us apart. Our enemies weaken us, individually and collectively. Death by a 1,000 cuts.

When we protect our businesses, our nonprofits, and our families we secure the blessings of liberty for ourselves and our posterity. And we do our small part to earn the sacrifice of those who died for us. It’s a win – win – win – win for everyone except Russia, China, Iran, North Korea, the cybercriminals, and others who want to cause us harm.

  • Memorial Day: ‘Make It Matter’: A yearly ritual helps me reflect on the loss of my comrades and the meaning of their sacrifice. … THE FILM BEGINS WITH AN OLDER MAN walking through a peaceful cemetery. Keeping a few steps ahead of his family, he searches for someone’s grave marker. We see his intense concentration and feel his suppressed anxiety: He knows he is about to face something he has been carrying with him for decades. Finally, he reaches a white cross inscribed with the name he has been looking for. He collapses, overwhelmed. … With a jump-cut that takes us into his memories, the scene shifts to the hell that is war.
  • Under Siege: Business risk in the new age of warfare: Americans have come to view warfare as a distant event occurring on some faraway battlefield. Cyberspace, however, shatters that perception and brings to America’s doorstep the very real effects of wars being fought across the globe. … Attacks are no longer limited to some far-off battlefield but strike when and where they might be least expected. Recent cyberattacks on water utilities in Pennsylvania, Texas and Indiana are examples of how adversarial nations are exploiting technology to bring the battlefield directly to American civilians and private[1] sector organizations. Traditional defense mechanisms are proving to be insufficient as network vulnerabilities across our most critical infrastructure have threatened to prevent infrastructure suppliers from providing fundamental resources necessary to sustain ordinary American daily lifestyles. …  Business leaders must keenly understand how geopolitical drivers directly place their organization at risk.

From SecureTheVillage

  • Smaller business? Nonprofit? Take your security to the next level. Apply Now! If you’re a small business or nonprofit in the greater Los Angeles area, apply NOW for LA Cybersecure. Protect your organization with our innovative team-based learn-by-doing program with coaching and guidance that costs less than two cups of coffee a week.
  • IT Service Provider / MSP? Take your client’s security to the next level. Apply Now!  If you’re an IT service provider in the greater Los Angeles area, apply NOW for LA Cybersecure. With our innovative team-based learn-by-doing program, you’ll have both that “seat at the table” and the peace of mind that you’re providing your clients with the IT security management they need.
  • The LA Cybersecure Program is funded in part by a grant from the Center for Internet Security (CIS) Alan Paller Laureate Program.
  • Family Protection Newsletter: Did you know we created the Family Protection Newsletter for non-cyber experts? For your parents, friends, those who need to protect themselves in a digital world. Sign up or share with a friend! Click here to learn more and quickly add to your free subscription! 
  • How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basic controls and download our free updated 13-step guide.
  • Please Support SecureTheVillage: We need your help if we’re to build a world of CyberGuardians TM. Please donate to SecureTheVillage. Thank you. It takes a village to secure the village. TM

Cybersecurity Nonprofit of the Week … The Institute for Security and Technology.

Kudos this week  to The Institute for Security and Technology and their Ransomware Task Force (RTF). The Task Force aims to equip businesses, organizations, and governments of all sizes to prepare for ransomware attacks, effectively respond, and quickly recover. The Task Force has published the Cyber Incident Reporting Framework and the Blueprint for Ransomware Defense representing a set of foundational and actionable safeguards derived from the Center for Internet Security’s Critical Security Controls. Like SecureTheVillage, the Institute is a member of Nonprofit Cyber, a coalition of implementation-focused cybersecurity nonprofits.

Cyber Humor

Section 2: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware. 

  • How to find hidden cameras in an Airbnb, according to a security expert: Start with plugged-in objects, then activate your phone’s flashlight, a security consultant says. … Over the December holidays, I was house- and pet-sitting on a lavender farm in Sequim, Wash., when I received a message from the owners. “We peeked in on the girls tonight and they look content,” it read. … The text was comforting, a reassurance that the three alpacas were doing well under my care. But it was also alarming. The couple were more than a thousand miles away in Denver.

Section 3: Cybersecurity and Privacy News for the Cyber-Concerned.

National Cybersecurity. Challenges and Solutions.

  • US says cyberattacks against water supplies are rising, and utilities need to do more to stop them: The Environmental Protection Agency warns that cyberattacks against water utilities around the U.S. are becoming more frequent and more severe
  • Hijack of monitoring devices highlights cyber threat to solar power infrastructure: An attack on remote monitoring devices in Japan underscores an emerging cybersecurity threat to the rapidly growing solar component of the power grid. Inverters used with solar panels could pose a more significant risk.  … In what might be the first publicly confirmed cyberattack on the solar power grid infrastructure, Japanese media recently reported that malicious actors hijacked 800 SolarView Compact remote monitoring devices made by industrial control electronics manufacturer Contec at solar power generation facilities to engage in bank account thefts.
  • Chinese hackers compromising military and gov’t entities around South China Sea, report finds: At least eight government and military entities in the South China Sea have been compromised in recent years by a group allegedly aligned with Chinese interests, a new report has found. … For nearly five years, hackers compromised and repeatedly regained access to systems used by the governments, according to researchers from Bitdefender.
  • Amid funding cuts, backlog of unanalyzed vulnerabilities in gov’t database is growing: More than 90% of submissions to the government’s National Vulnerabilities Database have not been analyzed or enriched since the agency announced cutbacks in February, new research shows. … The National Vulnerability Database — a critical information resource for cybersecurity defenders — has been forced to limit its operations due to funding shortages and an influx of vulnerabilities. The process known as CVE enrichment, adding public information following the creation of a vulnerability number, has been severely limited by the slowdown. 
  • Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats: Rockwell Automation is urging its customers to disconnect all industrial control systems (ICSs) not meant to be connected to the public-facing internet to mitigate unauthorized or malicious cyber activity. … The company said it’s issuing the advisory due to “heightened geopolitical tensions and adversarial cyber activity globally.”
  • Current, former government cyber officials tout industry collaboration advancements: Information sharing between the private sector and the federal government is providing a leg up when responding to vulnerabilities. … When Ivanti devices got hacked earlier this year, the company’s participation in an industry-government collaboration gave the Cybersecurity and Infrastructure Security Agency a “head start” toward confronting the vulnerability, the agency’s director said Wednesday.
  • CYBERCOM, DARPA pen agreement to speed up advanced cyberwarfare research: U.S. Cyber Command and the Defense Advanced Research Projects Agency signed a binding memorandum this month that carves out pathways needed to expedite research and development of advanced cyberware technologies in the Department of Defense. … The agreement, announced by the two Pentagon agencies this week, establishes budgets, roles and governance structures needed to swiftly move cyber technologies “from the laboratory to the cyber battlefield,” they said.

Here’s a great story of an FBI success against cybercriminals.

  • How the FBI built its own smartphone company to hack the criminal underworld: Cybersecurity journalist Joseph Cox, author of the new book Dark Wire, tells us the wild, true story behind secure phone startup Anom. … On today’s episode of Decoder, I sat down with Joseph Cox about his new book coming out in June called Dark Wire: The Incredible True Story of the Largest Sting Operation Ever, and I can’t recommend it enough. It’s basically a caper, but with the FBI running a phone network. For real. … Criminals like drug traffickers represent a market for encrypted, secure communications away from the eyes of law enforcement. In the early mobile era, that gave rise to a niche industry of specialized, secured phones criminals used to conduct their business. … Joseph’s done a ton of reporting on this over the years, and the book ends up telling a truly extraordinary story: After breaking into a few of these encrypted smartphone companies, the FBI ended up running one of these secure phone services itself so it could spy on criminals around the world. And that means the FBI had to actually run a company, with all the problems of any other tech startup: cloud services, manufacturing and shipping issues, customer service, expansion, and scale. … The company was called Anom, and for about three years, it gave law enforcement agencies around the world a crystal-clear window into the criminal underworld. In the end, the feds shut it down in large part because it was too successful — again, a truly wild story.

Family Offices Under Attack.

  • Family offices become prime targets for cyber hacks and ransomware: Family offices, which manage significant amounts of money for wealthy families, often with small staffs, have become lucrative targets for hackers. … But a growing fear of cyberattacks has not translated into better defenses. … A recent survey shows less than a third of family offices say their cyber risk management processes are well-developed.

A look at vulnerabilities in our technology.

  • Two students find security bug that could let millions do laundry for free: Who could have seen a free laundry exploit for internet-connected laundry machines coming? ,,, A security lapse could let millions of college students do free laundry, thanks to one company. That’s because of a vulnerability that two University of California, Santa Cruz students found in internet-connected washing machines in commercial use in several countries, according to TechCrunch. … The two students, Alexander Sherbrooke and Iakov Taranenko, apparently exploited an API for the machines’ app to do things like remotely command them to work without payment and update a laundry account to show it had millions of dollars in it. The company that owns the machines, CSC ServiceWorks, claims to have more than a million laundry and vending machines in service at colleges, multi-housing communities, laundromats, and more in the US, Canada, and Europe.
  • Crooks plant backdoor in software used by courtrooms around the world: It’s unclear how the malicious version of JAVS Viewer came to be. … A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. … The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8, an application package courtrooms use to record, play back, and manage audio and video from proceedings. Its maker, Louisville, Kentucky-based Justice AV Solutions, says its products are used in more than 10,000 courtrooms throughout the US and 11 other countries. The company has been in business for 35 years.
  • Spyware found on US hotel check-in computers: The check-in computers at several hotels around the US are running a remote access app, which is leaking screenshots of guest information to the internet. … A consumer-grade spyware app has been found running on the check-in systems of at least three Wyndham hotels across the United States, TechCrunch has learned.

Cyber Crime.

  • The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors of fuel in the United States: Atlas is one of the largest national fuel distributors to 49 continental US States with over 1 billion gallons per year. … The Blackbasta extortion group added the company to the list of victims on its Tor leak site. … The gang claims to have stolen 730GB of data from ATLAS, including Corporate data: Accounts, HR, Finance, Executive, department data, and users and employees’ data. … The gang published a series of documents as proof of the hack, including people’s ID cards, data sheets, payroll payment requesters and a picture of the folder exfiltrated from the victim’s systems. … The oil company has yet to disclose the alleged incident.

Section 4: Helping Executives Understand Why and Know How.

Be careful in your use of phishing emails. Blaming people is a poor way to train them.

  • Google: Stop Trying to Trick Employees With Fake Phishing Emails: According to a Google security manager, simulated phishing tests are outdated and more likely to cause resentment among employees than improve their security practices. … Did your company recently send you a phishing email? Employers will sometimes simulate phishing messages to train workers on how to spot the hacking threat. But one Google security manager argues the IT industry needs to drop the practice, calling it counterproductive. … “PSA for Cybersecurity folk: Our co-workers are tired of being ‘tricked’ by phishing exercises y’all, and it is making them hate us for no benefit,” tweeted Matt Linton, a security incident manager at Google.

Section 5:  Securing the Technology.

Another story illustrating how danger is everywhere.

  • GitCaught: Threat Actor Leverages GitHub Repository for Malicious Infrastructure: In recent research, Recorded Future’s Insikt Group uncovered a sophisticated cybercriminal campaign led by Russian-speaking threat actors from the Commonwealth of Independent States (CIS). These threat actors leveraged a GitHub profile to impersonate legitimate software applications like 1Password, Bartender 5, and Pixelmator Pro to distribute various malware types, such as Atomic macOS Stealer (AMOS) and Vidar. This malicious activity highlights the abuse of trusted internet services to orchestrate cyberattacks that steal personal information.

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge

SUPPORT US

SecureTheVillage is a community-based response to the cybersecurity and privacy crisis. We are a 501c(3) nonprofit with a vision of a cybersecure global village. We invite you to join with us as together we make the vision a reality. It takes the village.

Be a CyberPartnerDonate