Cybersecurity News of the Week, November 13, 2022

A weekly aggregation of important cybersecurity and privacy news designed to educate, support, and advocate; helping you meet your data care challenges and responsibilities.

Stan’s Top of the News

One of the deepest challenges of a free people in our use of the Internet is the balance between national security and personal privacy. The “balance question” leads this week’s news with a story of the F.B.I’s exploration of the notorious spyware Pegasus from the Israeli NSO Group.

  • Internal Documents Show How Close the F.B.I. Came to Deploying Spyware: During a closed-door session with lawmakers last December, Christopher A. Wray, the director of the F.B.I., was asked whether the bureau had ever purchased and used Pegasus, the hacking tool that penetrates mobile phones and extracts their contents. … Mr. Wray acknowledged that the F.B.I. had bought a license for Pegasus, but only for research and development. “To be able to figure out how bad guys could use it, for example,” he told Senator Ron Wyden, Democrat of Oregon, according to a transcript of the hearing that was recently declassified. … But dozens of internal F.B.I. documents and court records tell a different story. The documents, produced in response to a Freedom of Information Act lawsuit brought by The New York Times against the bureau, show that F.B.I. officials made a push in late 2020 and the first half of 2021 to deploy the hacking tools — made by the Israeli spyware firm NSO — in its own criminal investigations. The officials developed advanced plans to brief the bureau’s leadership, and drew up guidelines for federal prosecutors about how the F.B.I.’s use of hacking tools would need to be disclosed during criminal proceedings. The New York Times, November 12, 2022

Adding to Musk’s Twitter problems is the security of all of us who use Twitter … and Twitter’s security obligations to us and the Federal Trade Commission.

  • Is it safe to use Twitter? Security fears rise after Elon Musk drives off staff: Cybersecurity experts said layoffs and resignations at Twitter had made the platform more vulnerable to attacks from scammers, organized crime and hostile governments. … Elon Musk’s two-week management of Twitter has made the platform more vulnerable to fraud and privacy violations by driving away key members of its longtime security staff, former Twitter employees and cybersecurity experts said Friday.  NBC News, November 11, 2022
  • FTC tracking developments at Twitter with ‘deep concern’ after CISO resigns: The Federal Trade Commission (FTC) said it is monitoring the recent fracas around Twitter just hours after the company’s chief information security officer announced their resignation. … Twitter was fined $150 million in May after it was caught by the Justice Department and FTC covertly using account security data for targeted advertising. Alongside the fine, the company agreed to a slate of other rules related to its security and advertising practices. The Record, November 10, 2022

Cyber Humor

Security Nonprofit of the Week … Open Cybersecurity Alliance (OCA)

Kudos this week to the Open Cybersecurity Alliance (OCA). The Alliance works with other organizations to make sure cybersecurity tools work effectively with the other technology buried deep inside the Internet. That the Internet is as secure as it is owes a lot to OCA and their commitment to Internet security. We’re happy to spotlight OCA so our readers can better appreciate the work being done by nonprofits like OCA. Like SecureTheVillage, the Open Cybersecurity Alliance is a member of Nonprofit Cyber.

Live on Cyber with Dr. Stan Stahl – Live on LinkedIn

Live on Cyber with Dr. Stan Stahl: Julie and I didn’t record live this week, so please enjoy our discussion of a month ago when we discussed “Reasonable Security” in anticipation of our October 20 webinar. Julie and I riff on the challenges facing business owners and executives as they work to ensure their information security practices are “reasonable.” Join us as we discuss the important subject of “reasonable security.” It’s a phrase that one finds in the law but often with too little specificity. And here’s the link to webinar: What Every Business Leader Needs – A Reasonable Approach to Reasonable Security.

Section 2 – Personal Data Care – Security and Privacy

Important data care stories for protecting yourself and your family.

Be careful out there. I hate having to publish stories like these week after week. They’re incredibly sad stories of cyber-loss. I post them in the hope that they’ll help someone avoid the pain that these victims go through. Please be careful … and remind your family and friends to be careful.

  • Virginia woman taken for $170,000 in phishing scam after meeting doctor on dating website: Cassandra Drummond, from Springfield, Va., thought Andrew Logan was her perfect match. They met on an online dating site in July 2021. … “On the website, he portrayed himself as a doctor. Must have been 48 years old,” said Drummond. … He lives in Michigan but was spending the summer saving lives in Yemen she said. WJLA, November 10, 2022
  • Charity scams for veterans tug at heart strings and grab for wallets: Want to help charities that support servicemembers and veterans? Around Veterans Day, charity scammers seek to take advantage of your generosity. They contact you about fake veteran and military causes, tugging at your heart strings — and grabbing for your wallet. A little research will help you spot these charity scams and make sure your donations count. Consumer Alert, Federal Trade Commission, November 9, 2022

Time to update your computer!!!

  • Patch Tuesday, November 2022 Election Edition: Let’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we’ve patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November’s patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild. Krebs on Security, November 8, 2022

Section 3 – A Deeper Look for the Cyber-Concerned Citizen

Data Care, cybersecurity, and privacy stories to keep you informed.

This story caught my eye … as if the poor don’t have enough challenges.

  • Lawsuit Seeks Food Benefits Stolen By Skimmers: A nonprofit organization is suing the state of Massachusetts on behalf of thousands of low-income families who were collectively robbed of more than a $1 million in food assistance benefits by card skimming devices secretly installed at cash machines and grocery store checkout lanes across the state. Federal law bars states from replacing these benefits using federal funds, and a recent rash of skimming incidents nationwide has disproportionately affected those receiving food assistance via state-issued prepaid debit cards. Krebs On Security, November 10, 2022

This story may be a dangerous forecast of future cyber attacks. What will happen when, for example, a Planned Parenthood office near Texas gets hacked and the criminals threaten to file Texas lawsuits unless Planned Parenthood pays a ransom.

  • Russian Hackers Are Publishing Stolen Abortion Records on the Dark Web: The cyber gang, the same that targeted a U.S. gas pipeline last year, is demanding a $9.7 million ransom. … Hackers who stole a trove of data from Medibank, one of Australia’s biggest private health insurers, are drip-feeding sensitive details of customers’ medical diagnoses and procedures, including abortions, onto the dark web. … The leaks started flowing on Wednesday, as the hackers—who contacted Medibank in late October to reveal they’d stolen 200 gigabytes of the health insurer’s customer data—followed through on their threat to publish the information unless they were paid a ransom of $9.7 million. The cybercriminals have now revealed that figure was based on a ransom demand of $1 per customer. Vice, November 10, 2022

Apropos the Zelle fraud story above I think it’s great to see Senator Warren trying to get the banks who own Zelle to make it safer to use. That said, all of us who understand cyber-fraud have an opportunity to make sure our family and friends know how to use Zelle safely.

  • Wells Fargo, Zelle slammed by Liz Warren over rampant online banking fraud: Wells Fargo customers who use Zelle to send and request payments suffer more than twice the rate of fraud and other online scams as people using other big banks, according to US Senator Elizabeth Warren (D-MA). … Warren chastised both financial firms in letters to their CEOs this week: she said Wells Fargo had sent her an “evasive and misleading reply,” and Zelle parent company Early Warning Services had made “inaccurate” claims, in response to an investigation she led into banking fraud that stems from Zelle’s payment system. She called on both companies to release all data on Zelle-related fraud and scams. The Register, November 9, 2022

Adding to our cybersecurity challenges is a major shortage of cybersecurity workers. For every 1,000 openings, the nation has only 600 workers. This has led to major national initiatives to grow the workforce with much of the emphasis on the high school-to-first-job pipeline. (SecureTheVillage leads the Los Angeles Cybersecurity Workforce Coalition.)

  • CISA expanding cybersecurity education program nationwide: Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said the agency is planning to expand a K-12 cybersecurity education program nationwide after the initiative’s success in the state of Louisiana. … CISA has been funding the “Range” program from CYBER.ORG in Louisiana through a Cybersecurity Education and Training Assistance Program (CETAP) grant. The program focuses on high school students, but all K-12 teachers are given tools and free resources to teach cybersecurity in classrooms. The Range program can help teachers educate students about “deploying and discovering cyberattacks in a safe and controlled, virtual environment,” according to a press release about the program. The Record, November 8, 2022
  • This Black Hacker is Shaking Up the Tech Industry One Hackathon at a Time: Damilola Awofisayo, 18, is the founder of TecHacks, an all-female and non-binary student virtual hackathon. It is a weekend to weeklong event where groups of people come together with multiple levels of computer science skills to solve problems by creating apps, software, websites, and other programs. … One of the issues in the tech industry that Awofisayo observed was the lack of cultural and female representation. TecHacks was created as a virtual hackathon with over 60 countries represented in the effort to bring women and non-binary students interested in tech together. “I really focus on entrepreneurial, innovative ventures that focus on women’s empowerment and empowerment of marginalized communities, whether that’s Black individuals, low income, people in rural areas, anything like that,” she explains…. Damilola Awofisayo hasn’t always been a fan of STEM. As a matter of fact, she thought it was useless at one point in her life. When she was 7 to 11 years old living in Nigeria, the technology was not dependable. “Nigeria had a society where we didn’t have stable electricity, we didn’t have a lot of computer science exposure, anything like that,” she says. “So I really saw technology as something that was not really needed because I didn’t really see it in my day-to-day life.” … She didn’t find that love for tech until moving to the United States, where she attended Thomas Jefferson High School for Science and Technology in Fairfax County, Virginia. There, computer science classes were mandatory. She learned that technology could be used as a tool to solve problems in society by applying her own unique experiences and background.  Yahoo!Life, November 8, 2022

As the following story illustrates, the cyber-insurance market continues in chaos.

Law enforcement had a busy week. Good for our side!!!

  • LockBit ransomware suspect nabbed in Canada, faces charges in the US: Federal prosecutors on Thursday charged a dual Russian and Canadian national for his alleged participation in a global campaign to spread ransomware known as LockBit. … Mikhail Vasiliev, 33, of Bradford, Ontario, Canada, was taken into custody in late October by authorities in Ontario, officials at Interpol said. He is now in custody in Canada awaiting extradition to the US. … Federal prosecutors alleged Vasiliev helped infect networks around the world with LockBit. Officials with Europol said he is among the law enforcement group’s highest-value targets because of the large number of high-profile ransomware attacks he was involved in. ars technica, November 11, 2022
  • Justice Department Announces Seizure of Bitcoin Once Valued at $3.36 Billion: The Justice Department said Monday it had seized cryptocurrency once valued at $3.36 billion from a Georgia man who pleaded guilty to stealing bitcoin from the Silk Road online marketplace. … The cryptocurrency seizure, which took place in November 2021 and hadn’t been publicly announced, is the second largest in Justice Department history. The government is seeking the forfeiture of the seized bitcoin, which has declined significantly in value since the seizure and is now worth about $1 billion. The Wall Street Journal, November 7, 2022

But then so did the cybercriminals. The first story illustrates the risk to organizations coming from their IT vendors and the rest of the IT supply chain.

  •  Over thirty Arkansas counties impacted by cyber attack: LITTLE ROCK, Ark. — A cyber-attack over the weekend is causing county offices across the state to go offline or temporarily close. Each affected county is using the company Apprentice Information Systems for its online servers. … The Rodgers based business would not say how many counties they serve, but several affected county offices said they believe it could easily be up to half the state with at least one office offline. KARK, November 7, 2022
  • Canadian food retail giant Sobeys hit by Black Basta ransomware: Grocery stores and pharmacies belonging to Canadian food retail giant Sobeys have been experiencing IT systems issues since last weekend. … Sobeys is one of two national grocery retailers in Canada, with 134,000 employees servicing a network of 1,500 stores in all ten provinces under multiple retail banners, including Sobeys, Safeway, IGA, Foodland, FreshCo, Thrifty Foods, and Lawtons Drugs. Bleeping Computer, November 11, 2022
  • Popular UK motor racing circuit investigating ransomware attack: One of the most popular motor racing circuits in the United Kingdom is investigating a ransomware attack after a gang added it to its list of victims this week. … “We are aware of this posting and are investigating this matter,” a spokesperson for Silverstone Circuit told The Record on Thursday. … The circuit – home of the British Grand Prix since 1950 – was allegedly attacked by the Royal ransomware gang, which took credit for the alleged incident on Tuesday. The Record, November 10, 2022

Our last story about “phishing-as-a-service” company Robin Banks illustrates the cybercrime industry.  A cyber-criminal wanting to install ransomware on victim computers will license a ransomware exploit from a “ransomware as a service” company. The cyber-criminal will then use Robin Banks’ service to email the ransomware exploit to potential victims. When American company Cloudflare dropped Robin Banks, a Russian hosting service that serves the Russian cybercrime market picked them up. This is what we’re up against.

  • Robin Banks Phishing Service for Cybercriminals Returns with Russian Server: A phishing-as-a-service (PhaaS) platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. … The switch comes after “Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations,” according to a report from cybersecurity company IronNet. The Hacker News, November 7, 2022

Section 4 – Information Security and Privacy Management in the Organization

Stories to support executives and top management in securing their organizations and protecting privacy.

The role of the CISO is changing and getting more challenging. What had once been perceived as primarily technical, the role has evolved considerably. Stress levels are high and, as the last story illustrates, the worker shortage we discussed above weighs heavily.

  • The Shifting Role of the CISO: My year as a venture capital CISO-in-residence. … The CISO role has evolved dramatically over the past decade, maturing from security officer to impactful business leader who, increasingly, is a part of their organization’s C-suite. In light of the considerable impact security risks have on business objectives, this is a welcome transformation. Encouraging employees to go beyond their day-to-day and view security as a priority, making allies of users and business managers and providing the organization with tangible value, is extremely rewarding. DARK Reading, November 8, 2022
  • Cybersecurity leaders want to quit. Here’s what is pushing them to leave: Cybersecurity might just be the most stressful job in tech right now. But there might be a (tiny) glimmer of light at the end of the tunnel. … Almost a third of chief information security officers (CISOs) and IT security managers in the UK and US are considering leaving their current organization, according to new research. … Not only that, but a third are planning to quit their jobs within the next six months. ZD Net, November 9, 2022
  • Cybersecurity: These are the new things to worry about in 2023: Today’s security problems are still to be fixed. But evolving technologies and a fast-changing world mean there are new challenges, too. ZD Net, November 9, 2022

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge