Cybersecurity News of the Week, September 8, 2024

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Corner

With 57 days until the election, America’s enemies are ramping up their influence operations. Even as we can be grateful for the work of the Justice Department shutting down 32 domains, the following stories are sober reminders of the need to always be suspicious. Don’t believe anything you read, particularly if you read it on social media. And be sensitive to your own biases: we are all biased towards believing stories that support what we already believe. Be skeptical. Doubt. Don’t trust. Verify.

  • In latest check-in, spy agencies describe ‘ramp up’ in election influence: U.S. intelligence agencies on Friday said they are observing foreign actors “ramp up” their efforts to influence the 2024 presidential election. … “As you can imagine, the closer we get to Election Day, we see more activity by foreign actors,” an official with the Office of the Director of National Intelligence said during a press briefing, the third the clandestine community had held this election cycle. … “These activities, we anticipate … will continue to occur as we get closer to the election,” the official said during the call, the third such session the clandestine community has held this election cycle. It coincided with the release of an updated election security assessment.
  • DOJ seizes dozens of domains used in Russian influence campaigns targeting swing states: The U.S. Justice Department announced on Wednesday it has taken action against a Russian government influence operation trying to spread disinformation and undermine confidence in the upcoming U.S. elections. … Attorney General Merrick Garland and FBI Director Christopher Wray said 32 internet domains were seized after investigators found that they were used by Russian companies as part of an operation known as “Doppelganger.”
  • China is pushing divisive political messages online using fake U.S. voters: Researchers have uncovered more accounts tied to a Chinese influence operation known as “Spamoflauge” which includes an account on TikTok with one video that managed to get 1.5 million views before being taken down. … A long-running Chinese influence operation is posing as American voters on social media in an attempt to exacerbate social divisions ahead of the 2024 presidential election, according to a new report from the research company Graphika.
  • Iranian-linked websites set up targeting US minority, veteran voters: A network of almost two dozen websites with links to Tehran are the latest pro-Iranian effort aimed at swaying specific groups of U.S. voters. … A network of fake news websites with pro-Iranian leanings is spreading disinformation linked to the upcoming U.S. elections, targeting minority and veteran voters among other groups, according to findings from a hawkish think tank made public Friday.

From SecureTheVillage

  • Upcoming Events
    • A Reasonable Approach to Reasonable Security. Save the Date. October 22, 2024. SecureTheVillage’s 5th Annual Reasonable Security Summit.
  • Smaller business? Nonprofit? Take your security to the next level. Apply Now! If you’re a small business or nonprofit in the greater Los Angeles area, apply NOW for LA Cybersecure™. Protect your organization with our innovative team-based learn-by-doing program with coaching and guidance that costs less than two cups of coffee a week.
  • IT Service Provider / MSP? Grow revenues. Take your client’s security to the next level. Apply Now!  If you’re an IT service provider in the greater Los Angeles area, apply NOW for LA Cybersecure™. With our innovative team-based learn-by-doing program, you’ll have both that “seat at the table” and the peace of mind that you’re providing your clients with the reasonable IT security management they need. … The LA Cybersecure™ Program is funded in part by a grant from the Center for Internet Security (CIS) Alan Paller Laureate Program.
  • SecureTheVillage FREE Newsletters. Sign up or share with a friend!
    • Cybersecurity News of the Week & Weekend Patch Report. Our award winning newsletter. Essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned.
    • Family Protection Newsletter: Our monthly newsletter for non-cyber experts. For your parents, friends, and those who need to protect themselves in a digital world.
  • How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basic controls and download our free updated 13-step guide.
  • Please Support SecureTheVillage: We need your help if we’re to build a world of CyberGuardians TM. Please donate to SecureTheVillage. Thank you. It takes a village to secure the village. TM

Cybersecurity Nonprofit of the Week  … Open Cybersecurity Alliance

Kudos this week to the Open Cybersecurity Alliance (OCA). The Alliance works with other organizations to make sure cybersecurity tools work effectively with the other technology buried deep inside the Internet. That the Internet is as secure as it is owes a lot to OCA and their commitment to Internet security. We’re happy to spotlight OCA so our readers can better appreciate the work being done by nonprofits like OCA. Like SecureTheVillage, the Open Cybersecurity Alliance is a member of Nonprofit Cyber.

Cyber Humor

Section 2: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware. 

More reasons to always be suspicious, to be skeptical, to doubt.

  • Google searches are becoming a bigger target of cybercriminals with the rise of ‘malvertising’: Malvertising, or hackers using online ads for malicious purposes, is on the rise. … These rogue ads can appear as sponsored content during a search engine query, or even hidden in ads that appear on mainstream websites and target big companies, from Lowe’s to Slack. … Experts suggest you avoid clicking on sponsored links that come up during an internet search, and to keep your browser and operating system updated.
  • Lombard woman loses nearly $1 million life savings in ‘pig butchering’ scamCHICAGO (WLS) — A west suburban woman lost almost $1 million over several months to a scammer using the “pig butchering” technique. … Just as a farmer fattens up a pig for slaughter, in the scheme a scammer gains a victim’s trust over a long period of time, fattening them up, then goes in for the kill by stealing their life savings. … The FBI estimates the scams cost Americans nearly $4 billion in 2023 alone. … Erika DeMask had saved nearly $1 million in investment accounts; she is now in financial ruin.

For elderly residents in CA, some help in the struggle against romance scams, pig butchering and the like may be on the way.

  • California Elderly Financial Fraud Bill Passes, Placing Banks on Hook for Losses: State lawmakers in California approved a bill Thursday that will require banks and credit unions to begin monitoring large, suspicious transfers from the accounts of older clients in real time, potentially setting a template for other U.S. states to combat fraud and theft against the elderly. … Pursuant to the “Emergency Financial Contact Program,” which passed the Senate 32-1 after unanimously passing the Assembly, banks and credit unions in California must ask clients 65 or older to name a “trusted person” to notify of suspected fraud-induced transfers or withdrawals of $5,000 or more out of their accounts, and halt such transactions for three business days.

Section 3: Cybersecurity and Privacy News for the Cyber-Concerned.

Report Cybercrime: This is the first study I’ve seen that puts a number on the percent of cybercrimes that ever get reported. It’s a shockingly low 5%. We must do better.

  • You or someone you know was or is about to be a victim of cybercrime. When it happens — report it!: A recent study estimated that only 5% of victims report cybercrime. If true, this means that around 1/3 of Americans were victims of cybercrime last year! Reporting cybercrime is important! … A recent Pew Research Study looking at mass-market consumer fraud (this covers a variety of fraud schemes, including investment schemes, computer repair schemes, etc.) determined that less than 5% of victims reported to a government agency. … Based on the FTC 2023 Sentinel Report, the FTC received 5.5M reports in 2023. If the 5% rate holds, this means ~100M Americans were victims of cybercrime in 2023. … For me, the shocking imbalance is in how these crimes are resourced. Imagine if 100 million Americans experienced break-ins into their houses. We would see outsized resourcing at all levels of law enforcement to address this occurrence. Unfortunately, we do not see the equivalent resourcing of local, state, and federal law enforcement to address the fact that probably 30% of Americans are victims of cybercrime on an annual basis. … This is why we have to report cybercrime! By reporting, we can gather data to galvanize action and resources to fight back!

From The Wall Street Journal a must-read exposé of how Telegram supports the worst of who we are.

  • How Telegram Became Criminals’ Favorite Marketplace: Arrest of founder Pavel Durov has drawn fresh attention to how pedophile rings, identity thieves and drug traffickers use the app as a shop window to sell their wares. … Elisabet Balk didn’t think twice when she uploaded a selfie and a photo of her national ID card to verify a new social-media account. So it terrified her when she discovered the images were for sale on Telegram, the messaging app. … The Finnish beautician’s private data was part of a torrent of illegally obtained materials on criminals’ new marketplace of choice. … Telegram, whose chief executive Pavel Durov was detained in France last month, has become the premier internet platform to buy everything from hacked data and weapons to illicit drugs and child sexual abuse material, according to current and former law-enforcement officials and cybercrime researchers.

Reports from Iran that the recent attack on its banks have cost the country millions in ransom.

  • Iran pays millions in ransom to end massive cyberattack on banks, officials say: A massive cyberattack that hit Iran last month threatened the stability of its banking system and forced the country’s regime to agree to a ransom deal of millions of dollars, people familiar with the case say. … An Iranian firm paid at least $3 million in ransom last month to stop an anonymous group of hackers from releasing individual account data from as many as 20 domestic banks in what appears to be the worst cyberattack the country has seen, according to industry analysts and western officials briefed on the matter. … IRLeaks, a group with a history of hacking Iranian companies, was said to be responsible.

Kudos to the Justice Department for taking down two brothers whose sextortion scheme claimed more than 100 victims and resulted in the death of a high school student.

  • 2 Brothers Sentenced to More Than 17 Years in Prison in Sextortion Scheme: The brothers from Nigeria helped run an operation that solicits nude photographs and holds them as ransom. Prosecutors said it resulted in the death of a high school student. … A federal judge in Michigan on Thursday sentenced two brothers from Nigeria to 17 and a half years in prison for their roles in a social media sextortion scheme that claimed more than 100 victims across the United States and resulted in the death of a high school student.

Kudos as well to Microsoft for partnering w StopNCII (Stop Non-Consensual Intimate Image Abuse) to help victims remove deepfakes and other non-consensual intimate images.

Here are two stories that shouldn’t be. An online dataset should never be left unprotected. Never! And an organization that fails to protect a large online dataset needs to be sued for failing to implement reasonable security practices. Nor should Columbus, Ohio keep sensitive records online for 18 years. There is no earthly reason to leave sensitive information online when it’s no longer needed. None.

  • Data Broker At Center of Data Leak Involving 170 Million Records: Data broker People Data Labs (PDL) appears to be at the center of a massive data breach, one that has exposed at least 170 million records. … Cybernews reports that its research team found a dataset online that contained more than 170 million records. The dataset was exposed via an unprotected Elasticsearch server, although it was not directly connected to PDL. As a result, the leak could be the result of a mishandled server from one of PDL’s partner companies.
  • Columbus kept years of the public’s driver’s license data. Now it’s been stolen: Every time central Ohioans visit Columbus City Hall and most other municipal government buildings, they scan their driver’s license to enter — and all of that information dating back to early 2006 may now be available on the dark web.

This week in cybercrime

  • Business services giant CBIZ discloses customer data breach: CBIZ Benefits & Insurance Services (CBIZ) has disclosed a data breach that involves unauthorized access of client information stored in specific databases. … The company informs that a threat actor exploited a vulnerability in one of its web pages and was able to steal customer data between June 2 and June 21.
  • Oil titan Halliburton confirms data was stolen in cyberattack: The oil and gas giant Halliburton confirmed to regulators Tuesday that it believes data was stolen from its systems in a recent cyberattack. … In a filing with the Securities and Exchange Commission, Halliburton said an “unauthorized third party accessed and exfiltrated information from the Company’s systems.” The incident, which was first disclosed on August 21, “caused disruptions and limitation of access” to certain applications, hampering its operations and “corporate functions.” … The company said the cyberattack is unlikely to have a “material impact” on its bottom line, although it has incurred expenses related to incident response and business disruptions. 
  • Planned Parenthood confirms cyberattack as RansomHub claims breach: Planned Parenthood has confirmed it suffered a cyberattack affecting its IT systems, forcing it to take parts of its infrastructure offline to contain the damage. … Martha Fuller, CEO and President of Planned Parenthood of Montana, told BleepingComputer that the cybersecurity incident occurred in late August and the organization is currently investigating its exact scope and impact.

Section 4: Helping Executives Understand Why and Know How.

When Cyber Security Breaches Are Inevitable, It’s Time To Call For A New Approach: According to research from Proofpoint, 94% of cloud customers were targeted at some point during every month of 2023. Of those targeted companies, 62% were successfully compromised. … “We need to start with the assumption that the system is already compromised,” says Ajay Waghray, CIO of PG&E Corporation, a California-based utility. “But my fear is most CISOs remain too narrowly focused on stopping breaches alone.” … resilience requires the ability to not just recover from a setback, but to bounce forward—to engage in a way that leaves us stronger than before. This mindset aligned with Waghray’s view of cyber resilience. He believes we need to do more than deflect cyberattacks: we need to build the capacity to sustain business operations during and after a cyberattack. He believes we do this by adding business continuity and organizational resilience strategies to more traditional information systems security.

Section 5:  Securing the Technology.

The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025: The 2024 State of the vCISO Report continues Cynomi’s tradition of examining the growing popularity of virtual Chief Information Security Officer (vCISO) services. According to the independent survey, the demand for these services is increasing, with both providers and clients reaping the rewards. The upward trend is set to continue, with even faster growth expected in the future. However, service providers looking to enter the vCISO market must address challenges like technological limitations and a lack of security and compliance expertise. … If you’re an MSP in the greater LA metropolitan region considering offering vCISO services, please contact us about our unique LA Cybersecure™ Program.

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge