Cybersecurity News of the Week, October 22, 2023

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Top of the News

This week’s Top of the News provides an overview of our new Pilot Program designed to measurably improve security readiness.

• The Unseen Epidemic: How Cybercrime Impacts Small Businesses Every Day in the LA Economy: SecureTheVillage’s Pilot Program Aims to Level the Playing Field for Small Businesses and Nonprofits in a World Where Only Big Business is Prepared. … Jay, a regional beer distributor in Los Angeles, was stunned to uncover a cyber breach within his company’s system. “For six months, they had been watching our emails, copying our files,” Jay recalls. The incident cost him more than $1,000,000. Jay’s experience is one of many illustrating a growing epidemic that is hurting the economy of Los Angeles and communities nationwide. … The repercussions of these cyberattacks extend beyond the affected businesses, leaving a trail of lost jobs, reduced services, and permanently altered lives. When local nonprofits shut their doors, vital community services disappear. … If we fail to act, the crisis will grow.

Small and Midsize Organizations. Take your security to the next level. Don’t leave your fate in the hands of cybercriminals. Cybersecurity education and training for small to midsize businesses, nonprofits, IT/MSPs. Learn by doing. Measurably improve cybersecurity readiness. Get CyberGuardian^TM Certificate. Very affordable. Highly subsidized. As part of our LA Cybersecure initiative, SecureTheVillage has launched a Pilot Program to enable 50 small to midsize organizations to measurably improve their cybersecurity readiness. The LA Cybersecure Pilot Program is funded in part by a grant from the Center for Internet Security (CIS) Alan Paller Laureate Program.  Find out more and register now.

Family Protection Newsletter: Did you know we created the Family Protection Newsletter for non-cyber experts? For your parents, friends, those who need to protect themselves in a digital world. Sign up or share with a friend! Click here to learn more and quickly add to your free subscription! 

How Hackable Are You? Take our test. Find out how hackable you are and download our free updated 13-step guide.

• How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basics. Please take our short test as your answers will help you and guide us to improve community safety.

Upcoming events. Please join us.

• Los Angeles Cybersecurity Workforce Coalition: The monthly meeting of the workforce coalition, Tue, November 7, 1:00 pm – 2:00 pm PT.

Happy Anniversary SecureTheVillage

• SecureTheVillage incorporated, October 19, 2015
• First Weekend Patch Report (Published by Citadel Information Group), October 22, 2010

Cybersecurity Nonprofit of the Week … The Global Anti-Scam Alliance

Our kudos this week to the Global Anti-Scam Alliance. Their mission is to create a world where people worldwide are safe from the financial and emotional trauma caused by online scams. To protect consumers worldwide from scams. GASA realizes its mission by raising awareness, enabling hand-on tools for consumers and law enforcement, facilitating knowledge sharing, organizing research, supporting the development of (legal) best practices, and offering training and education. Like SecureTheVillage, the Global Anti-Scam Alliance is a fellow-member of Nonprofit Cyber.

Live on Cyber with Dr. Stan Stahl – Live on LinkedIn and Your Favorite Podcast Platform

The Hidden Costs of Convenience: Why ‘Easy Access’ Means ‘Easy Target’: (Video) (Podcast): In the name of convenience, are we compromising security? This week on #LiveOnCyber, Dr. Stan reveals how ‘easy access’ WiFi at a hotel exposed a glaring gap in their cybersecurity measures. Don’t let the danger of unmonitored network traffic be the downfall of your digital safety. Learn through this example about access control and why your organization should be patching and implementing other robust #cybersecurity controls (hint – a #breachreport doesn’t make for good PR). … Don’t let convenience be the downfall of your digital safety. Be part of the proactive community by learning more about SecureTheVillage’s LA Cybersecure pilot program for small and mid-sized organizations, nonprofits, and IT MSPs in Los Angeles: https://securethevillage.org/la-cybersecure-pilot/. … Stay updated and secure. Subscribe to Live on Cyber for your weekly 15-min update and be an informed #CyberCitizen.

Section 2 – Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware. 

Another financial scam warning. This is from the FBI’s Phoenix office. Let’s be careful out there.

• “The Phantom Hacker:” FBI Phoenix Warns Public of New Financial Scam: Victims are tricked into thinking their financial accounts have been hacked, and scammers are stealing their life savings. … FBI Phoenix is warning the public of a new scam dubbed “The Phantom Hacker.” Scammers are impersonating technology, banking, and government officials in a complex ruse to convince a typically older victim that foreign hackers have infiltrated their financial account. The scammers then instruct the victim to immediately move their money to an alleged U.S. Government account to “protect” their assets. In reality, there was never any foreign hacker, and the money is now fully controlled by the scammers. Some victims are losing their entire life savings.

Another reason to be careful. Another illustration of malware being distributed through malicious advertising.

• Malicious Notepad++ Google ads evade detection for months: A new Google Search malvertizing campaign targets users looking to download the popular Notepad++ text editor, employing advanced techniques to evade detection and analysis.

Health data is under attack with more patients compromised in the 3rd Quarter of 2023 than all of 2022!

• One in four Americans have had their health data compromised this year: Cyber attacks in the healthcare industry are only getting more common. … More than a quarter of the US population has had their health data exposed in security breaches this year, with a rise in ransomware attacks and other hacking efforts affecting nearly 87 million patients, according to internet security firm Atlas VPN. Data of more than 45 million patients was compromised in the third quarter of 2023 alone, up from the 37 million patients affected in all of 2022.

More 23andMe genetic data has been leaked. And while the Electronic Frontier Foundation has excellent advice on protecting your genetic data, it’s limited by the lack of privacy laws.

• Hacker leaks millions more 23andMe user records on cybercrime forum: The same hacker who leaked a trove of user data stolen from the genetic testing company 23andMe two weeks ago has now leaked millions of new user records.
• What to Do If You’re Concerned About the 23andMe Breach: In early October, a bad actor claimed they were selling account details from the genetic testing service, 23andMe, which included alleged data of one million users of Ashkenazi Jewish descent and another 100,000 users of Chinese descent. By mid-October this expanded out to another four million more general accounts. The data includes display name, birth year, sex, and some details about genetic ancestry results, but no genetic data. There’s nothing you can do if your data was already accessed, but it’s a good time to reconsider how you’re using the service to begin with. 

Section 3 – Cybersecurity and Privacy News for the Cyber-Concerned.

Several stories this week on cyber in war zones. Misinformation. The impact of crypto. Pro-Hamas hackers. And a joint US – Ukraine mission at the beginning of the Russian invasion.

• 7 influential accounts are warping Israel-Hamas news on X, researchers find: The University of Washington’s Center for an Informed Public said that the most popular posts about the crisis revealed how news on the platform is “faster, more disorienting, and potentially more shaped by Musk himself.”  … A handful of influential but unreliable accounts, some of which have been promoted by Elon Musk, are dominating the flow of news on X around the Israel-Hamas war and easily outpacing established mainstream news outlets, according to research published Friday by the University of Washington’s Center for an Informed Public.
• Hamas Crypto Funding Likely ‘Overstated’ – Chainalysis: Reports of many millions going to Hamas and other groups are based on faulty analysis, the forensics firm said. … Reports of tens of millions of dollars in crypto going to fund Palestinian operations in Israel are likely “overstated,” Chainalysis said. The forensics outfit published a blog post arguing that flows of crypto financing to Hamas and affiliated groups have become inflated far beyond reality. While acknowledging that it was crucial to stop any financing of terror through crypto, Chainalysis said it was also important to understand how such funding actually works, lest it lead to misconceptions.
• Cryptocurrency Feeds Hamas’s Terrorism: ‘Decentralized finance’ companies should be subject to the same anti-money-laundering rules as banks. … Last week the Journal reported that crypto wallets linked to Hamas and Palestinian Islamic Jihad collectively received more than $130 million in digital assets in the two years before the attack, including millions in the months leading up to it. Crypto has become a crucial pipeline for financing terrorist organizations, and researchers agree that the publicly reported numbers are likely a small percentage of the actual total. … This revenue stream demonstrates the dangerous gaps in our oversight of international money flows. Terrorists, rogue nations, drug traffickers and other criminals are using cryptocurrency to endanger our allies and U.S. national security. It’s past time to apply the same anti-money-laundering rules to crypto that already apply to banks, brokers, check cashers and even precious-metal dealers before these loopholes allow terrorists to finance more attacks.
• Hamas likely cooperates with hackers to stay online: Researchers have discovered possible signs of cooperation between the Palestinian militant organization Hamas and one of the longest-running groups of Arabic-speaking hackers. … According to a report published Thursday by researchers at Recorded Future, Hamas has allegedly turned to operators outside Gaza and “third parties” to keep a news website linked to its military wing, Al-Qassam Brigades, online during the war with Israel.
• Exclusive: Ukraine says joint mission with US derailed Moscow’s cyberattacks: On a Wednesday afternoon in late September, the head of the cyber division of Ukraine’s intelligence service, Illia Vitiuk, sat down to discuss something that Ukraine had previously kept close to the vest — specifically how much a joint hunt forward operation with the U.S. military helped hobble Russian cyberattacks at the outset of the war.

In a run-up to the 2024 election, Russia has been outed for election interference. Why am I not surprised?

• US intelligence report alleging Russia election interference shared with 100 countries: The United States on Friday released a U.S. intelligence assessment sent to more than 100 countries that found Moscow is using spies, social media and Russian state-run media to erode public faith in the integrity of democratic elections worldwide. … “This is a global phenomenon,” said the assessment. “Our information indicates that senior Russian government officials, including the Kremlin, see value in this type of influence operation and perceive it to be effective.”

International law enforcement has taken down a major ransomware operation. Kudos!!!

• Authorities confirm RagnarLocker ransomware taken down during international sting: An international group of law enforcement agencies have disrupted the notorious RagnarLocker ransomware operation. … TechCrunch reported Thursday that an international law enforcement operation involving agencies from the U.S., European Union and Japan had seized the RagnarLocker group’s dark web portal. The portal, which the gang used to extort its victims by publishing their stolen data, now reads: “This service has been seized by a part of a coordinated international law enforcement action against the RagnarLocker group.”

US Treasury has signed a cooperative cybersecurity agreement with the Emirates.

• US Treasury inks cybersecurity agreement with United Arab Emirates: The United States and United Arab Emirates have finalized an agreement that sets out how the two countries will cooperate on cybersecurity and digital resilience. … The memorandum of understanding signed by the Treasury Department and the UAE’s Cyber Security Council calls for increased information sharing about digital threats to the financial sector; more staff training and visits; and “competency-building activities” like joint online exercises, according to the Treasury.

Lloyd’s estimates that a major cyber attack could cost the world economy $3.5 Trillion.

• Major Cyber Attack Could Cost Global Economy $3.5 Trillion: Lloyd’s: A cyber attack on a major financial services payments system could result in widespread business disruptions, potentially costing the global economy $3.5 trillion over a five-year period, according to research from Lloyd’s and the Cambridge Centre for Risk Studies.

Two stories this week on career opportunities in cybersecurity.

• New CyberSeek data demystifies career opportunities in cybersecurity: Demand confirms pathways approach to preparing a skilled and diverse cybersecurity workforce … Cybersecurity employment opportunities numbering in the hundreds of thousands and at all career stages are available across the country, according to the latest update from CyberSeek^™, the most comprehensive source of information on the U.S. cybersecurity workforce.
• Here’s your guide to landing a job in cybersecurity: As the number of cyberattacks skyrockets, the demand for cybersecurity professionals is also increasing.

This week in cybercrime.

• Ransomware Comes Back in Vogue for Cybercriminals: Insurers say ransom-related claims rose sharply in the first half of 2023. … Insurance claims related to ransomware have increased this year, as has the total amount paid to attackers. … Ransomware came back into fashion for cybercriminals in the first half of 2023, insurers say, after a brief lull in early 2022. … Cyber insurer Coalition said ransomware claims frequency rose by 27% across its policyholders in the first half of the year, from the second half of 2022. 
• Okta shares fall 11% after company says client files were accessed by hackers via its support system: Cybersecurity firm Okta said an unidentified hacker had accessed the company’s support system and viewed client files. … Shares fell 11.5% on the news. … The breach did not impact Okta’s product offerings, according to the company, which are used by some of the largest corporations in the world.
• D-Link confirms data breach after employee phishing attack: Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month. … The attacker claims to have stolen source code for D-Link’s D-View network management software, along with millions of entries containing personal information of customers and employees, including details on the company’s CEO. … The stolen data allegedly includes names, emails, addresses, phone numbers, account registration dates, and the users’ last sign-in dates.
• Saint Louis University confirms months-long data breach: Saint Louis University officials confirmed a recent data breach in which someone gained “unauthorized access” to personal information. … The university is working to determine how many students and employees the data breach affected. The breach lasted nearly eight full months between Dec. 2022 and July 2023.
• Ambulances diverted as 3 New York hospitals grapple with cyberattacks: All affected hospitals are part of Westchester Medical Center Health Network.

Section 4 – Managing  Information Security and Privacy in Your Organization.

Lots of work this week for IT Departments, IT service providers, and MSPs.

• CISA, NSA, FBI, and MS-ISAC Release Update to #StopRansomware Guide: Today, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released an updated version of the joint #StopRansomware Guide. The update includes new prevention tips such as hardening SMB protocols, revised response steps, and added threat hunting insights.
• Cisco Finds New Zero Day Bug, Pledges Patches in Days: Cisco said a patch for two actively exploited zero-day flaws in its IOS XE devices is scheduled to drop on Oct. 22. … A patch for the max severity zero-day bug tracked as CVE-2023-20198 is coming soon, but the bug has already led to the compromise of tens of thousands of Cisco devices. And now, there’s a new unpatched threat.
• CISA Adds Two Known Exploited Vulnerabilities to Catalog: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. … CVE-2023-4966 Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability … CVE-2021-1435 Cisco IOS XE Web UI Command Injection Vulnerability.
• CISA, FBI urge admins to patch Atlassian Confluence immediately: CISA, FBI, and MS-ISAC warned network admins today to immediately patch their Atlassian Confluence servers against a maximum severity flaw actively exploited in attacks. … Tracked as CVE-2023-22515, this critical privilege escalation flaw affects Confluence Data Center and Server 8.0.0 and later and is remotely exploitable in low-complexity attacks that don’t require user interaction.