Cybersecurity News of the Week, September 3, 2023

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Top of the News

Big kudos this week to the F.B.I. and their international partners. They brought down a botnet used in cybercrime that had infected 700,000 computers in the past year and that may have been responsible for up to 30% of cybercrime.

“This is the most significant technological and financial operation ever led by the Department of Justice against a botnet,” said Martin Estrada, the U.S. attorney for the Southern District of California, at a press conference this morning in Los Angeles.

Special kudos to the Los Angeles office of the F.B.I. Director Wray specifically called them out for their work in the takedown. Beyond their exemplary work on Qakbot, members of the LA office have supported SecureTheVillage’s educational initiatives since our founding. At our recent webinar co-hosted with the California Department of Financial Protection and Innovation, Supervisory Special Agent Michael Sohn presented a threat briefing to more than 200 financial leaders.

  • U.S. Hacks QakBot, Quietly Removes Botnet Infections: The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing control over the botnet’s online infrastructure, and quietly removing the Qakbot malware from tens of thousands of infected Microsoft Windows computers. (Krebs on Security)
  • International Operation Disrupts ‘Botnet’ Army Behind Damaging Cyberattacks: U.S. officials said the Qakbot malware had enabled hundreds of millions in damages by supporting crime like ransomware. … Qakbot has been under investigation by the FBI since at least 2011, an agency official said…. An international law-enforcement operation has dismantled a network of hundreds of thousands of computers that criminals used to launch cyberattacks against critical industries worldwide, U.S. authorities said Tuesday. (The Wall Street Journal)
  • FBI Director Christopher Wray Announces Major Operation Targeting the Qakbot Botnet (Video)

New. Family Protection Newsletter: Did you know we created the Family Protection Newsletter, for non-cyber experts? For your parents, friends, those who need to protect themselves in a digital world. Click here to learn more and quickly add to your free subscription! 

How Hackable Are You? Take our test. Find out how hackable you are and download our free 8-step guide.

  • How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basics. Please take our short quiz as your answers will help you and guide us to improve community safety.

Upcoming events. Please join us.

  • Los Angeles Cybersecurity Workforce Coalition: The monthly meeting of the workforce coalition, Tue, September 5, 1:00 pm – 2:00 pm PT.
  • What Every Business Leader Needs – A Reasonable Approach to Reasonable Security. Our 4th Annual Reasonable Cybersecurity Webinar, October 12, 11:00 am – 12:30 pm PT. Save the Date.

Cyber Humor

Nonprofit of the Week  …  Nonprofit Cyber

Kudos this week to the 36 nonprofits comprising Nonprofit Cyber. the coalition of nonprofit organizations that focus on raising the bar in cybersecurity. Nonprofit Cyber coalition members collaborate, work together on projects, voluntarily align activities to minimize duplication and increase mutual support, and link the community to key stakeholders with a shared communication channel. Nonprofit Cyber has compiled the Nonprofit Cyber Solutions Index. This is the first comprehensive index of actual cybersecurity capabilities provided by the nonprofit community. In particular, the index identifies a large selection of free or low-cost cybersecurity capabilities for individuals, small businesses, and others left behind in the current environment. SecureTheVillage is a proud member of Nonprofit Cyber.

Live on Cyber with Dr. Stan Stahl – Live on LinkedIn and Your Favorite Podcast Platform

Truth Decay: (Video) (Podcast): In a world grappling with what the RAND Corporation calls ‘Truth Decay,’ the stakes for discerning truth from disinformation have never been higher. … Social media platforms are retreating from their #watchdog roles. … Geopolitical foes like #Russia and #China are intensifying their #AI-driven disinformation campaigns. … As the 2024 elections loom, the burden is increasingly on us – we the people. Are we prepared? … In this episode of #LiveonCyber, Stan and Julie tackle the disconcerting rise of #disinformation and its far-reaching implications on cybersecurity and society. They also offer some advice.

Section 2 – Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware. 

Be careful. And please help educate others.

  • Scammers Are Targeting Cord Cutters. Know How To Keep Yourself Safe: Increasingly, scammers are targeting cord cutters by putting fake customer service phone numbers online. Cord cutters searching for how to call popular services like Netflix, Fubo, and more are not finding the phone number to the service but a scammer’s number. From there, the scammers try to charge them for customer service or get them to sign up for services they don’t need.
  • Imposter scammers are mimicking these top brands: And be leery of emails that talk about current events. … If you’re a Microsoft or Apple user, have a MasterCard, buy things at Amazon, or use AT&T or T-Mobile for your phone service, the next time they come knocking on your email door, don’t answer. … At least be careful, because those companies are just six of the most impersonated brands that internet and cybersecurity company Cloudflare lists in its 2023 Email Threat Report.

Section 3 – Cybersecurity and Privacy News for the Cyber-Concerned.

We start this section with three big-picture stories. These include a new UN report on how several hundred people in south-east Asia have been enslaved, coerced into online scamming operations.

  • China behind ‘largest ever’ digital influence operation: Groups linked with China’s law enforcement peppered more than 50 social media platforms with pro-Beijing messages, Meta says. … People with ties to China’s law enforcement agencies conducted the largest known covert digital influence operation aimed at discrediting the West and promoting Beijing’s agenda across more than 50 social media and online platforms, according to a report published Tuesday by Meta. … On Facebook, clandestine users with ties to the authoritarian government racked up more than 550,000 followers by spouting lies about the United States’ alleged role in creating the COVID-19 pandemic and criticizing Washington’s support of Taiwan. … On Reddit, other China-linked keyboard warriors falsely implicated former British Prime Minister Liz Truss in the death of Queen Elizabeth II. … And in multiple online forums and social media sites — including Medium, YouTube, Twitter and Quora — even more users targeted Chinese dissidents and promoted Beijing’s talking points. … The China campaign “is the largest covert influence operation that’s currently active in the world today,” Ben Nimmo, Meta’s global threat intelligence lead, told POLITICO.
  • Russia Attempts to Commandeer the U.N. Cybercrime Treaty: The last international agreement on digital crime was in 2001. Why are experts so worried about this one? … Negotiations over a U.N. cybercrime treaty have evolved into a diplomatic proxy war between democracies and their authoritarian rivals over competing future visions of the internet, technology, and human rights in the digital age, pitting the United States and its allies yet again against Russia and China at the United Nations. … Over the past 10 days, delegates from around the world have convened at the United Nations headquarters in New York for a sixth round of negotiations on the draft text of a first-ever U.N. convention combating cybercrime. … The aim of the treaty, at least on paper, is to make it easier for countries to share information on the astronomical rise of digital criminal activities like ransomware, denial-of-service attacks, and the exploitation of children online. A bulk of countries involved in the negotiations are hard at work in marathon closed-door negotiating sessions to do just that, according to diplomats and experts tracking the negotiations. … But a group of authoritarian governments is seeking to advance its own agenda through the U.N. treaty—and the consequences could be dire if it is successful.
  • Gangs forcing hundreds of thousands of people into cybercrime in south-east Asia, says UN: Organised criminals use threats, torture and sexual violence to coerce victims to work in international scamming operations. … Hundreds of thousands of people have been trafficked and forced to work for online scamming operations in south-east Asia run by criminal gangs, according to a UN report. … Billions of dollars are being generated each year by gangs who coerce victims into cybercrime, where they are subject to threats, torture and sometimes sexual violence, said the report, published by the UN human rights office on Tuesday. … The UN estimated about 120,000 victims are in Myanmar and 100,000 in Cambodia, while tens of thousands more people are being forced to work in Laos, the Philippines and Thailand.

Looking for a career? Know someone who is? Consider a career in cybersecurity.

  • What do you really need for a career in cybersecurity? It’s probably not what you think.: You don’t need to be a programmer, developer, hacker, technocrat, legal expert or even have a college degree to get a job in cybersecurity. … It’s no surprise to anyone reading this that cybersecurity jobs are more important now than ever. The White House made that abundantly clear on July 31 by releasing its plan to accelerate the number of people working across the information security field and giving the public the skills necessary to better defend themselves online. Additionally, many federal agencies, foundations, and tech companies have committed to spending tens of millions of dollars and launched new training programs to help close the cyber skills gap. … But one aspect that is often overlooked in the conversation about filling cybersecurity roles today and in the future — and potentially not well understood among some of the most qualified candidates — is that you don’t need to be a skilled cyber specialist, programmer, developer, hacker, technocrat, legal expert or necessarily even have a college degree to get a job in cybersecurity. 

The cybersecurity industry is working to close the gap between what insureds wants and what the industry can profitably deliver.

  • The Reality of Cyberinsurance in 2023: The cyberinsurance industry is maturing. In its early days, it simply accepted cyber risk with few questions asked. It lost money. Insurers are asking more questions and have increased premiums, exclusions, and refusals. … This has created a gap between insurers and insureds – a gap between insurance wishes and insurance reality, and a gap between policy requests and policy delivery. A survey of more than 300 US organizations, conducted by Censuswide for Delinea, seeks to understand the nature and effect of this cyberinsurance gap, and how it may be closed.

This week in cybercrime

  • Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Research: Report unmasks recent cybersecurity challenges for governments, healthcare, financial services, and vital infrastructure. … Government and public service organizations experienced a 40% increase in cyberattacks during Q2 2023 compared with Q1, according to the latest “BlackBerry Global Threat Intelligence Report.” These include public transit, utilities, schools, and other government services people rely on daily.
  • US food delivery service PurFoods discloses data breach: PurFoods, a U.S. producer of medically-tailored home-delivered meals, has disclosed a data breach affecting over 1.2 million people. … According to a report filed to regulators last week, hackers might have accessed customers’ personal, financial and medical information, including names, financial account and payment card numbers, Social Security numbers, health insurance member identification numbers, as well as account security codes and passwords.
  • Hackers access personal data of 600,000 Houston-area mental health patients: In June a Russian hacking group gained access to private patient information from the Harris Center, Harris County’s public mental health provider.
  • Medical Records from Prospect Ransomware Attack Appear on Dark Web: Medical records and social security numbers of at least 500,00 people extracted during the recent Prospect Medical Holdings ransomware attack are being allegedly offered for sale on the dark web according to social media sources. The notification of the sale has been interpreted as a signal to Prospect Medical Holdings to quickly respond to the hackers’ ransom demands.

The MOVEit breach continues in the news, including an excellent interview about the buying and selling of zero-days.

  • How did Clop get its hands on the MOVEit zero day?: When the Russian-speaking cyber gang Clop began extorting companies en masse this summer, the headlines focused on impact: hundreds of companies breached, millions of peoples’ personal data stolen, terabytes of identifying information uploaded to the dark web. … What’s raised eyebrows in the cybersecurity community is not just the scale of Clop’s campaign, but the manner in which they compromised MOVEit in the first place. The group used a zero-day bug, an unknown vulnerability in the software that was either discovered by the gang or, more likely, purchased in a dark web forum. Dustin Childs, the head of threat awareness for Trend Micro’s Zero Day Initiative, says criminals wielding zero-day bugs in extortion and ransomware campaigns is rare but not unheard of. … Childs would know. His team is constantly finding bugs and buying them from security researchers around the world. And in a conversation with the Click Here podcast, he talks about the zero-day market, Clop’s remarkable strategy, and whether other ransomware gangs will follow their lead. … This conversation has been edited for length and clarity.
  • Schwab, TD sued for failing to protect customer data from MOVEit hack: The class-action complaint alleges the hack exposed personal information of 61,000 TD customers.
  • IBM Hit With Class Action Over MOVEit File-Transfer Data Breach: International Business Machines Corp. failed to protect the personal information of millions of people that was exposed in a data breach connected to a cyberattack on Progress Software Corp.‘s MOVEit file-transfer app, a proposed federal class action said.

Here’s a feel-good story of an anonymous group who hacked a spyware company and liberated its victims.

  • A Brazilian phone spyware was hacked and victims’ devices ‘deleted’ from server: The Portuguese-language app WebDetetive was used to compromise over 76,000 phones to date. … A Portuguese-language spywarecalled WebDetetive has been used to compromise more than 76,000 Android phones in recent years across South America, largely in Brazil. WebDetetive is also the latest phone spyware company in recent months to have been hacked.

Section 4 – Managing  Information Security and Privacy in Your Organization.

The SEC is making life difficult for the Chief Information Security Officer.

And we wind up this week’s cybersecurity news with a reminder story on the importance of cybersecurity awareness.

  • Cyber-awareness education is a change-management initiative: As cyber adversaries continue advancing their tactics, organizations around the globe are at greater risk than ever of being breached. … A comprehensive strategy is required to detect and prevent cyber incidents, and your employees play a crucial role in this effort. While more than 80% of organizations surveyed indicate they have existing security awareness training programs, the majority (56%) still believe that their employees lack critical knowledge about cybersecurity best practices. These concerns are warranted, considering that 74% of last year’s breaches involved the human element.

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge