SecureTheVillage

Cybersecurity News of the Week

Cybersecurity News of the Week, September 29, 2024

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Corner

One of the major challenges holding smaller organizations back from implementing reasonable information security practices is the challenge of measuring and managing cyber-risk. Like any economic measure, increasing investments in lowering cyber-risk is subject to diminishing returns. You’re never 100% secure. So how much is enough?

That’s why it’s great to see two stories this week illustrating how the leadership of a smaller business or nonprofit can analyze cyber-risk and integrate it into the organization’s overall risk management strategy.

A small electrical supplier, for example, launching an aggressive growth strategy knows to plan for cash flow risk, risks associated with supplier reliability, inventory risks, and process risks. How would these risks be exacerbated by a cyber-incident? A business email compromise attack, like the City of Tulsa fell victim to, increases cash flow risk. A ransomware attack impacts cash flow, inventory, delivery, and process risks. And a cyber-attack on a key supplier can temporarily knock out the supplier’s reliability.

As the stories illustrate, organizations that are successfully integrating cyber-risk into their risk management strategies are doing it by having IT and information security at the table.  For smaller organizations lacking dedicated IT staff, this means your MSP or IT service provider. Cybersecurity is a team sport.

SecureTheVillage LA Cybersecure™ supports the need of smaller organizations to integrate cyber-risk into their broader risk management strategy in two complementary ways.

  • We provide coaches to smaller organizations to help them connect cyber-risk into their operations.
  • We educate our MSPs and IT service providers in assessing and managing cyber-risk, and, equally importantly, in speaking in ways that the leadership team can relate and connect to.

Good stories. Lots of meat.

  • CFOs Suit Up for Cyber War as Risk Management Evolves : Managing risk effectively is one of the best ways to unlock business growth. … Risks range from financial and macro events to geopolitical and supply chain disruptions, and chief financial officers are tasked with stepping up to keep their organizations secure. … Traditionally focused on financial risks, CFOs are now finding themselves not only managing funds but also protecting the company’s assets from fraud and other threats. Ecosystem dangers like cyber threats, data breaches and more pose risks to organizations’ financial stability and reputation. … Embracing a collaborative approach can involve CFOs working closely with chief information officers and chief information security officers to ensure that cybersecurity measures are not only in place but are also aligned with the overall business strategy. This alignment is important for managing and mitigating risks effectively.
  • Managing Cyber-Risk Is No Different Than Managing Any Business Risk: A sound cyber-risk management strategy analyzes all the business impacts that may stem from an attack and estimates the related costs of mitigation versus the costs of not taking action. … Business risks encompass many overlapping categories, from operational and strategic risks to financial, legal, and compliance risks. Yet every category is affected by cyber-risks in some way. Operational problems such as equipment failures and supply chain disruptions should include the risks of a cyberattack disrupting IT networks. Similarly, the CFO’s office manages credit risks, investment losses, and cash-flow issues. But the finance team should also recognize the ongoing threats of financial losses from ransomware attacks, or the reputational harm when private customer data gets leaked on the Internet.

From SecureTheVillage

  • Upcoming Events
  • Smaller business? Nonprofit? Take your security to the next level. Apply Now! If you’re a small business or nonprofit in the greater Los Angeles area, apply NOW for LA Cybersecure™. Protect your organization with our innovative team-based learn-by-doing program with coaching and guidance that costs less than two cups of coffee a week.
  • IT Service Provider / MSP? Grow revenues. Take your client’s security to the next level. Apply Now!  If you’re an IT service provider in the greater Los Angeles area, apply NOW for LA Cybersecure™. With our innovative team-based learn-by-doing program, you’ll have both that “seat at the table” and the peace of mind that you’re providing your clients with the reasonable IT security management they need. … The LA Cybersecure™ Program is funded in part by a grant from the Center for Internet Security (CIS) Alan Paller Laureate Program.
  • SecureTheVillage FREE Newsletters. Sign up or share with a friend!
    • Cybersecurity News of the Week & Weekend Patch Report. Our award winning newsletter. Essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned.
    • Family Protection Newsletter: Our monthly newsletter for non-cyber experts. For your parents, friends, and those who need to protect themselves in a digital world.
  • How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basic controls and download our free updated 13-step guide.
  • Please Support SecureTheVillage: We need your help if we’re to build a world of CyberGuardians TM. Please donate to SecureTheVillage. Thank you. It takes a village to secure the village.TM

Security Nonprofit of the Week … Global Cyber Alliance (GCA)

Kudos this week to cybersecurity nonprofit Global Cyber Alliance (GCA). GCA builds practical, measurable solutions and  easy to use tools, and they work with partners to accelerate adoption around the world. GCA was one of the founders of Nonprofit Cyber, the first-of-its-kind coalition of global nonprofit organizations to enhance joint action to improve cybersecurity. SecureTheVillage is a proud member of Nonprofit Cyber.

Cyber Humor

Section 2: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware. 

Kaspersky has discovered a novel way for cyber-criminals to hack legitimate Android applications. They break into the part of the application’s algorithm that gets the ads. They then push malware through the advertising connection. Sneaky … and another reason to keep in mind … always be suspicious.

  • Android malware ‘Necro’ infects 11 million devices via Google Play: A new version of the Necro malware loader for Android was installed on 11 million devices through Google Play in malicious SDK supply chain attacks. … This new version of the Necro Trojan was installed through malicious advertising software development kits (SDK) used by legitimate apps, Android game mods, and modified versions of popular software, such as Spotify, WhatsApp, and Minecraft.

And one more example of how deep the cyber-rot is. A car thief sees your car in a parking garage. He accesses the dealer network through a flaw in the portal, enters your license plate and ten minutes later drives away with your car.

  • Kia dealer portal flaw could let attackers hack millions of cars: A group of security researchers discovered critical flaws in Kia’s dealer portal that could let hackers locate and steal millions of Kia cars made after 2013 using just the targeted vehicle’s license plate. …  The Kia web portal vulnerabilities could be exploited to control any Kia vehicle equipped with remote hardware in under 30 seconds, “regardless of whether it had an active Kia Connect subscription.” … The flaws also exposed car owners’ sensitive personal information, including their name, phone number, email address, and physical address, and could have enabled attackers to add themselves as a second user on the targeted vehicles without the owners’ knowledge. … To further demonstrate the issue, the team built a tool showing how an attacker could enter a vehicle’s license plate and, within 30 seconds, remotely lock or unlock the car, start or stop it, honk the horn, or locate the vehicle.

Section 3: Cybersecurity and Privacy News for the Cyber-Concerned.

In national cybersecurity news.

  • Iranian hackers charged with hacking Trump campaign to ‘stoke discord’: The U.S. Department of Justice announced criminal charges against three hackers working for Iran’s Islamic Revolutionary Guard Corps (IRGC), accusing the trio of a four-year-long hacking campaign that included this year’s hack of Donald Trump’s presidential campaign. … On Friday, U.S. prosecutors published an indictment accusing Masoud Jalili, Seyyed Ali Aghamiri, and Yasar (Yaser) Balaghi of targeting the Trump campaign, former White House and senior government officials, and members of Congress, as part of a hack-and-leak operation. … According to the indictment, the operation was launched in part in retaliation for the killing of Iranian General Qasem Soleimani by the Trump administration in 2020, for which the Iranian government vowed revenge. U.S. officials have since charged at least one individual with the attempted assassination of John Bolton, a former National Security Advisor, as part of the wider Iranian effort to target former members of the Trump administration.
  • China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack: It is latest intrusion into core U.S. infrastructure by entities tied to Beijing. … Hackers linked to the Chinese government have broken into a handful of U.S. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter. … The hacking campaign, called Salt Typhoon by investigators, hasn’t previously been publicly disclosed and is the latest in a series of incursions that U.S. investigators have linked to China in recent years. The intrusion is a sign of the stealthy success Beijing’s massive digital army of cyberspies has had breaking into valuable computer networks in the U.S. and around the globe.
  • US charges two Russians accused of running billion-dollar money laundering schemes: US federal prosecutors have filed criminal charges against two Russian men accused of operating billion-dollar money-laundering services and seized websites associated with illicit crypto exchanges as part of a major US crackdown on Russian cybercrime. … One of the men, Sergey Ivanov, has operated for nearly two decades as one of the longest-running professional cyber money-launderers known to US law enforcement, according to Justice Department officials. The other man, Timur Shakhmametov, is accused of running a notorious cybercriminal marketplace called Joker’s Stash that US authorities said made hundreds of millions of dollars in profits from selling stolen payment card information. … Neither Russian man is in US custody, and the State Department is offering $10 million for information leading to their arrest or conviction.

Critical infrastucture

  • Fears of Weakness in Water Cybersecurity Grow After Kansas Attack: White House plans a new push to boost cybersecurity in water sector after an aborted attempt last year. … A cyber event at the water plant serving Arkansas City, Kan., adds to growing concerns about the security of U.S. water facilities, as the White House mulls a second attempt at cyber regulations for the sector. … The Arkansas City facility switched to manual operations out of caution after detecting a “cybersecurity issue” Sunday. City manager Randy Frazer said the incident didn’t disrupt service and that the water supply remains unaffected. The city had a population of about 12,000 residents, according to the 2020 U.S. Census.

More privacy losses. Can’t wait for the next session of Congress. It’s beyond time to act on comprehensive privacy legislation including a private right of action.

  • One-third of the US population’s background info is now public: Cybernews exclusive research has revealed that a massive data leak at MC2 Data, a background check firm, affects a staggering amount of US citizens. … MC2 Data and similar companies run public records and background check services. These services gather, compile, and analyze data from a wide range of public sources, including criminal records, employment history, family data, and contact details. … They use this information to create comprehensive profiles that employers, landlords, and others rely on for decision-making and risk management.

This week’s mélange of cybercrime stories.

  • Ransomware incidents hit 117 countries in 2023, task force says: More than 6,500 ransomware attacks were recorded in 2023, touching a record number of 117 countries across the globe after a brief dip in 2022. … There was a 73% year-over-year increase in attacks to 6,670 ransomware incidents, with notable spikes in June and July due to the exploitation of a popular file transfer tool.  … The numbers were compiled by the Ransomware Task Force, which was organized in 2021 by the nonprofit Institute for Security and Technology and is a public/private consortium made up of cybersecurity experts, government officials and more. 
  • UK national hacked public companies for stock trading intel, DOJ says: A U.K. national is facing charges for allegedly hacking into five public companies and stealing information about corporate earnings that helped him net about $3.75 million from stock trades. … Robert Westbrook, 39, was arrested in the U.K. this week, according to the Justice Department. The U.S. is seeking his extradition on charges of wire fraud, securities fraud and computer fraud. … He is accused of breaking into the companies’ systems between January 2019 and August 2020 and stealing information ahead of 14 different earnings announcements. 
  • Cybercriminals target transportation companies in North America with info-stealing malware: Researchers have observed a new campaign targeting shipping companies in North America, delivering a variety of malware strains. … Cybersecurity firm Proofpoint has been tracking the activity since late May, and said they could not attribute it to a specific threat actor but determined the group is likely financially motivated. To gain access to their victims, the hackers use compromised legitimate email accounts belonging to transportation and shipping companies, sending malicious links and attachments within existing email conversations.
  • Dallas suburb working with FBI to address attempted ransomware attack: A large Dallas suburb is dealing with a ransomware attack that has required help from the FBI to resolve. … Richardson — home to about 120,000 people — released a statement saying hackers gained access to government servers on Wednesday morning and attempted to encrypt files on the network. 
  • Hacked email costs city of Tulsa nearly $200,000: TULSA, Okla. (KTUL) — The Tulsa Tourism District, or TID, was created six years ago to fund marketing services that would help increase occupancy and room rates at area hotels. But in April of this year, the payment process between the city and TID had an unauthorized visitor to the tune of nearly $200,000.
  • MoneyGram services restored but questions remain about cyber incident: Financial payment giant MoneyGram restored its website and several of its services following widespread outages that limited the ability of millions to send money to families around the world. … MoneyGram has not responded to questions about the type of issue it is dealing with. Its initial statement said the incident forced the company to “take systems offline” and call in law enforcement for assistance. 

Section 4: Helping Executives Understand Why and Know How.

See Stan’s Corner

Section 5:  Securing the Technology.

  • Top 6 Ransomware Attack Vectors Targeting Enterprises and How to Defend Against Them: Ransomware attacks are increasingly sophisticated, with the 2024 Verizon Data Breach Investigations Report showing a 180% increase in exploitation of vulnerabilities, particularly zero-day threats. Phishing remains the top vector, while compromised credentials and software vulnerabilities also pose major risks. Understanding these threats is key to preventing them. … This article explores the key attack vectors, including phishing, RDP exploits, social engineering, and web applications, and provides strategies for defending against them.
  • NIST Drops Password Complexity, Mandatory Reset Rules: The latest draft version of NIST’s password guidelines simplifies password management best practices and eliminates those that did not promote stronger security. … The National Institute of Standards and Technology (NIST) is no longer recommending using a mixture of character types in passwords or regularly changing passwords. … NIST’s second public draft version of its password guidelines (SP 800-63-4) outlines technical requirements as well as recommended best practices for password management and authentication. The latest guidelines instruct credential service providers (CSP) to stop requiring users to set passwords that use specific types or characters or mandating periodic password changes (commonly every 60 or 90 days). Also, CSPs were instructed to stop using knowledge-based authentication or security questions when selecting passwords.

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge

SUPPORT US

SecureTheVillage is a community-based response to the cybersecurity and privacy crisis. We are a 501c(3) nonprofit with a vision of a cybersecure global village. We invite you to join with us as together we make the vision a reality. It takes the village.

Be a CyberPartnerDonate