Cybersecurity News of the Week, October 13, 2024

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Corner

As readers of this Newsletter know, large data brokers are being hacked by cybercriminals and who are stealing our personal information. This week’s lead story is an in-depth analysis of data brokers. Who they are. What personal information of ours they collect, buy and sell. The near impossibility of getting a data broker to remove your information; if that’s even possible. The absence of consumer-facing privacy laws and regulations.

Bottom line: The playing field is extremely tilted away from you and me, our families and our friends. I know I must sound like a broken record, but strong privacy laws with opt-in are something that the next Congress must deal with.

For those of us in here in CA, the CPRA may give us some leverage. Data brokers who have lost personal information of CA residents are on the hook for between $100 and $750 to each us unless they can establish that they have “reasonable cybersecurity practices” appropriate to their circumstances. Trust me. They don’t. Probably aren’t even close. Anyone know a class action plaintiff’s attorney?

We’re in this together.

• What internet data brokers have on you — and how you can start to get it back: Data brokers have long operated in the shadows of the internet, quietly amassing unprecedented amounts of personal information on billions of people across the globe, but few realize just how deep this data collection really goes. … In an age where every move you make online — every click, every purchase, every “like” — is meticulously harvested, packaged, and sold for profit, aggregated personal data has become a valuable commodity, and the global data broker industry is proof of that.

From SecureTheVillage

• Upcoming Events
  • Fifth Annual LA IEEE Coastal LA Computer Society Cyber Security Summit 2024 – South Bay, October 19.
  • Join Stan at CyberWyoming: Wyoming Virtual Cybersecurity Conference, October 23. Learn about how we’re helping IT service professionals and MSPs change the narrative to deliver improved cybersecurity and increase revenue.
  • 9th Annual Official Los Angeles Cybersecurity Summit, Fairmont Century Summit, November 21.
  • A Reasonable Approach to Reasonable Security. January 2025.  SecureTheVillage’s 5th Annual Reasonable Security Summit.
• Smaller business? Nonprofit? Take your security to the next level. Apply Now! If you’re a small business or nonprofit in the greater Los Angeles area, apply NOW for LA Cybersecure™. Protect your organization with our innovative team-based learn-by-doing program with coaching and guidance that costs less than two cups of coffee a week.
• IT Service Provider / MSP? Grow revenues. Take your client’s security to the next level. Apply Now!  If you’re an IT service provider in the greater Los Angeles area, apply NOW for LA Cybersecure™. With our innovative team-based learn-by-doing program, you’ll have both that “seat at the table” and the peace of mind that you’re providing your clients with the reasonable IT security management they need. … The LA Cybersecure™ Program is funded in part by a grant from the Center for Internet Security (CIS) Alan Paller Laureate Program.
• SecureTheVillage FREE Newsletters. Sign up or share with a friend!
  • Cybersecurity News of the Week & Weekend Patch Report. Our award winning newsletter. Essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned.
  • Family Protection Newsletter: Our monthly newsletter for non-cyber experts. For your parents, friends, and those who need to protect themselves in a digital world.
• How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basic controls and download our free updated 13-step guide.
• Please Support SecureTheVillage: We need your help if we’re to build a world of CyberGuardians ^TM. Please donate to SecureTheVillage. Thank you. It takes a village to secure the village.^TM. 

Security Nonprofit of the Week … CyberWyoming & CyberWyoming Alliance

Established in 2017, CyberWyoming, a 501(c)6 nonprofit, combats cyber risks for Wyoming businesses. It fosters collaboration among communities, fortifying state and national cybersecurity through tailored economic development and workforce training. Providing consultancy and education services, it integrates cyberpsychology into training for small business stakeholders. The CyberWyoming Alliance, a 501(c)3 nonprofit, headquartered in Laramie, amplifies cybersecurity awareness across local communities. Targeting diverse groups, it secures grants, tailors programs, and establishes information-sharing networks to disseminate crucial cybersecurity updates. This strategic approach reinforces cybersecurity throughout Wyoming, making a significant impact on various demographics and entities. CyberWyoming is a member of Nonprofit Cyber, a coalition of implementation-focused cybersecurity nonprofits including SecureTheVillage. Join Stan at CyberWyoming: Wyoming Virtual Cybersecurity Conference, October 23.

Cyber Humor

Section 2: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware. 

Another sad story of loss. Please warn those you love.

• Illinois widow loses $1M life savings and is forced to sell her home after brutal ‘pig butchering’ scam — how to spot this scheme and protect your financial future: Erika DeMask thought she’d finally found love again — but instead she lost her entire life savings over a period of several months in a “pig butchering” scam. … These so-called “pig butchering” scams are a type of fraud in which the scammer gains a victims trust over a prolonged period of time — “fattening them up” as it were — before going in for “the kill” by stealing all their money. … Often, the victims are lured into digital relationships in order to build trust — which is exactly what happened to DeMask. … Her husband had passed away decades ago, and she’d recently met a charming man online.

Ashley Madison redux. If they build it. And people use it. The hackers will find it. You have been warned.

• AI girlfriend site breached, user fantasies stolen [updated]: A hacker has stolen a massive database of users’ interactions with their sexual partner chatbots, according to 404 Media. … The breached service, Muah.ai, describes itself as a platform that lets people engage in AI-powered companion NSFW chat, exchange photos, and even have voice chats. … As you can imagine, data like this is very sensitive, so the site assures customers that communications are encrypted and says it doesn’t sell any data to third parties. … The stolen data, however, tells a different story. It includes chatbot prompts that reveal users’ sexual fantasies. These prompts are in turn linked to email addresses, many of which appear to be personal accounts with users’ real names.

Section 3: Cybersecurity and Privacy News for the Cyber-Concerned.

This story brought a smile to my face. That’s why it’s at the top of Section 3.

• For a second day, Ukrainian hackers hit Russian institutions: Hackers attacked Russia’s digital state media hub and courts websites over two days, bringing both down. … Russia suffered major digital outages for a second day Tuesday after hackers targeted Russia’s court information system, taking down court websites and claiming to have wiped court documents and decisions in the system’s database. … The hackers, who called themselves the “BO Team,” posted a message with an obscenity declaring that the attack was made to mark President Vladimir Putin’s 72nd birthday Monday, the same day a massive attack on Russia’s online state media channels occurred.

Something’s going on in national cybersecurity. Big enough to involve the White House. In a story we first reported last week, Salt Typhoon, a hacking group tied to the Chinese intelligence, hacked into several Internet Service Providers, including AT&T and Verizon. Stay tuned as this story unfolds.

• White House forms emergency team to deal with China espionage hack: The serious breach of telecommunications companies has now affected “about 10 or 12” firms, two people familiar with the investigation said. … The Biden administration this week stood up a multi-agency team to confront a growing crisis involving Chinese cyberattacks of U.S. telecommunications companies believed to be for intelligence gathering. … The breach now has affected “about 10 or 12” companies, two people familiar with the investigation said, speaking like others interviewed for this article on the condition of anonymity because of the matter’s sensitivity. The people did not specify if the companies were all American firms or if some were subsidiaries.
• Salt Typhoon Hack Shows There’s No Security Backdoor That’s Only For The “Good Guys”: At EFF we’ve long noted that you cannot build a backdoor that only lets in good guys and not bad guys. Over the weekend, we saw another example of this: The Wall Street Journal reported on a major breach of U.S. telecom systems attributed to a sophisticated Chinese-government backed hacking group dubbed Salt Typhoon.

In other national cybersecurity news.

• National cyber director warns of ransomware, Chinese infrastructure attacks and cyber supply chain concerns: One of the top cybersecurity officials in the U.S. said Wednesday that he was especially concerned with Chinese infiltration of the country’s critical infrastructure, as well as software supply chain risks and the continued expansion of ransomware.

Much of the pig-butchering and other consumer scams come out of the Southeast Asian gangs. These gangs use Telegram to hide their activities from law enforcement.

• Telegram hosts ‘underground markets’ for Southeast Asian crime gangs, UN says : Bangkok, Thailand (Reuters) — Powerful criminal networks in Southeast Asia extensively use the messaging app Telegram which has enabled a fundamental change in the way organised crime can conduct large-scale illicit activity, the United Nations said in a report on Monday. … The report represents the latest allegations to be levied against the controversial encrypted app since France, using a tough new law with no international equivalent, charged its boss Pavel Durov for allowing criminal activity on the platform. … Hacked data including credit card details, passwords and browser history are openly traded on a vast scale on the app which has sprawling channels with little moderation, the report by the United Nations Office for Drugs and Crime (UNODC) said.

Law enforcement shuts down dark web marketplace. Finland becoming haven for setting up cybercriminal shop.

• Suspected Bohemia dark web marketplace admins arrested by Dutch, Irish police: Two alleged administrators of the dark web marketplace Bohemia are now in custody, Dutch National Police said Tuesday. … A 20-year-old British man appeared in court in Rotterdam this week following his arrest in June at Schiphol Airport in Amsterdam. Another suspect, identified as 23-year-old Irishman Kevin Daniel Andrei, was arrested in August after an investigation by that country’s Garda National Cyber Crime Bureau (GNCCB). … More than €8 million ($8.75 million) in virtual assets were seized during the arrests, police said. 
• Some of the Web’s Sketchiest Sites Share an Address in Iceland: The modern office building near the harbor in Iceland’s capital, Reykjavik, is best known as the home of the Icelandic Phallological Museum, which displays 320 specimens of mammal penises. … To those who track cyber mischief, however, the building also has a reputation as a virtual offshore haven for some of the world’s worst perpetrators of identity theft, ransomware, disinformation, fraud and other wrongdoing. … That’s because the museum’s street address, Kalkofnsvegur 2, is also the registered address for Withheld for Privacy, a company that is part of a booming and largely unregulated industry in Iceland and elsewhere that allows people who operate online domains to shield their identities.

A new ransomware report shows a spike in severity and average losses.

• Cyber insurer says ransomware attacks drove a spike in claim sizes: A report published Thursday by cyber insurance provider Coalition found that although its customers made fewer claims in the first half of 2024 than the same period a year earlier, the size of those claims increased 14% — to an average loss of $122,000.  … The jump in losses was “driven by a spike in ransomware severity,” the company said. … The average loss for ransomware claims was $353,000 — a 68% spike compared to the same period during the previous year, Coalition said.

This week in cybercrime. Large water company. Wayback hacked. Stolen personal data. And ADT – who apparently never learned that there’s no education in the second kick of a mule.

• American Water shuts down online services after cyberattack: American Water, the largest publicly traded U.S. water and wastewater utility company, was forced to shut down some of its systems after a Thursday cyberattack.
• Internet History Hacked, Wayback Machine Down—31 Million Passwords Stolen: Hackers have compromised the Internet’s past. … Hackers have compromised the Internet’s past, the Internet Archive’s Wayback Machine, stealing 31 million passwords and launching a massive Distributed Denial of Service attack in the process. It is unclear if the two security incidents, the compromise of the Internet Archive’s authentication database containing registered member details, including hashed passwords, and the denial of service attack, are related. However, the evidence does seem to be pointing in the direction of this being a targeted attack by the same threat actor.
• MoneyGram hack – includes SSNs and photo ID for some customers; Comcast too: A MoneyGram hack has seen an attacker obtain the personal data of an unknown number of the company’s 50 million money transfer users. … A separate hack of a debt collection company has seen personal data obtained for more than 200,000 Comcast customers, despite previous assurances that this was not the case …
• Fidelity says data breach exposed personal data of 77,000 customers: Fidelity Investments, one of the world’s largest asset managers, has confirmed that over 77,000 customers had personal information compromised during an August data breach, including Social Security numbers and driver’s licenses.
• ADT discloses second breach in 2 months, hacked via stolen credentials: Home and small business security company ADT disclosed it suffered a breach after threat actors gained access to its systems using stolen credentials and exfiltrated employee account data.

Section 4: Securing the Organization

Here’s a good story about the importance of telling the right stories in communicating with executive leadership. The story reflects our work at SecureTheVillage training MSPs and IT service providers to tell stories that resonate with the business implications of cyber risk. I’ll be speaking on how we’re changing the narrative at the Wyoming Virtual Cybersecurity Conference on October 23. Please join me.

• Chief risk storyteller: How CISOs are developing yet another skill: Cybersecurity risks are critical to communicate, but CISOs are finding crafting a narrative that resonates requires more than technical expertise.

Section 5:  Securing the Technology.

• CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.