Weekly Security Sprint EP 75. North Korea mischief, and physical security matters

Please enjoy our newest podcast, the weekly Security Sprint, on Spotify, Apple, as well as other locations accessible via the Spotify for Podcasters link or almost anywhere you listen to your favorite podcasts.

Join the new Gate 15 Resilience and Intelligence Portal – the GRIP! and get our daily report, the SUN, TARGET reports, our ransomware digest, partner reports, and more – including our new Generative AI version of the SUN! Join the GRIP! Share the Gen AI SUN! Our new TLP:GREEN Gen AI version of the SUN highlights a few notable items from the complete SUN in a 3-4 minute video that can be easily shared and digested across your organization! An easy security win, you can share the Gen AI SUN as a daily security awareness update with your security teams and even across your entire team. Take the easy win!

---

On this week’s Security Sprint, Dave and Andy covered the following topics:

Main Topics

North Korea Cyber Threats to U.S. Businesses:

• FBI, CISA, and Partners Release Advisory Highlighting North Korean Cyber Espionage Activity.  CISA—in partnership with the Federal Bureau of Investigation (FBI)—released a joint Cybersecurity Advisory,North Korea State-Sponsored Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs. This advisory was crafted to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju. Related:
• NSA Joins FBI and Others to Warn of North Korea Cyber Espionage Campaign
• DOJ: North Korean Government Hacker Charged for Involvement in Ransomware Attacks Targeting U.S. Hospitals and Health Care Providers
• Microsoft: Onyx Sleet uses array of malware to gather intelligence for North Korea
• Google: APT45: North Korea’s Digital Military Machine. 
• FBI, Mandiant designate advanced North Korean hackers stealing US defense secrets
• North Korean hacking group targeted weapons blueprints, nuclear facilities in cyber campaigns
• KnowBe4: How a North Korean Fake IT Worker Tried to Infiltrate Us

CISA: Resources for Onboarding and Employment Screening Fact Sheet. The Resources for Onboarding and Employment Screening Fact Sheet is designed for critical infrastructure leaders, human resources (HR) personnel, and managers of any level. This fact sheet provides actionable recommendations and resources for the vetting and employment screening of individuals, prior to their hiring into an organization. Determining the suitability of individuals to hold a sensitive position is one of the first steps in mitigating against potential insider threats. We encourage hiring personnel to incorporate the relevant resources listed within this fact sheet into their background screening and onboarding processes. Resource Materials: Resources for Onboarding and Employment Screening Fact Sheet

Physical Incidents:

• Understand the Hostile Events Attack Cycle!
• Two children killed and nine injured in knife attack at dance class in northern England
• DOJ: Man Pleads Guilty to Making Threats to Arizona Election Office
• Michigan man kills himself after running over 80-year-old Trump supporter
• Defendants with Ties to White Supremacy Sentenced in Connection with Plot to Destroy Energy Facilities
• Army review finds ‘series of failures’ in lead-up to mass shooting in Lewiston, Maine

Quick Hits

• 7 people killed in stampede at a music concert in Congo’s capital, authorities report
• NCTC: First Responders Toolbox – Emerging Technologies and Possible Malign Uses by Terrorists
• NCSC and Partners Warn U.S. Emerging Technology Startups About Investment by Foreign Threat Actors & Safeguarding Our Innovation Protecting U.S. Emerging Technology Companies From Investment by Foreign Threat Actors (PDF)

Olympics: 

• Man arrested over suspected French railway vandalism
• French rail lines disrupted by ‘coordinated sabotage’ ahead of Paris Olympics opening ceremony
• Russian chef arrested in Paris over alleged ‘large scale’ Olympic Games plot
• ISIS? Russian sabotage? The biggest security threats at these Olympics.
• ISIS-K’s online recruitment poses security threat to West ahead of Olympic Games
• Unique Olympics opening ceremony keeps Paris on high alert over security
• Terrorism, Drone Use Among the Security Risks at 2024 Paris Olympics
• France launches large-scale operation to fight cyber spying ahead of Olympics
• DHS: Protecting the 2024 U.S. Olympic Track and Field Trials in Eugene, OR from CBRN Threats
• Police search 14 houses in Brussels as part of terrorism investigation
• Seven arrested in Belgium over ‘terrorist attack’ plan
• 2024 Paris Olympics Misinformation Tracking Center
• France suspects leftists in rail attacks as telecoms networks hit
• France trains remain affected by sabotage acts
• Who could have attacked France’s high-speed rail?
• Kremlin Dismisses Claims of Russian ‘Sabotage Campaign’ Against Olympics

CrowdStrike: Remediation And Guidance Hub:
Falcon Content Update For Windows Hosts. Using a week-over-week comparison, greater than 97% of Windows sensors are online as of July 24 at 5pm PT, compared to before the content update.

• House Homeland Security aims for CrowdStrike hearing in September
• Poll: CISOs stick with CrowdStrike, share lessons learned
• CrowdStrike to Cost Fortune 500 $5.4 billion
• CrowdStrike’s Impact on the Fortune 500 (PDF)
• Cyber Insurance Won’t Cover Billions in CrowdStrike Losses
• Preliminary Post Incident Review (PIR): Content Configuration Update Impacting the Falcon Sensor and the Windows Operating System (BSOD)
• CrowdStrike: Remediation and Guidance Hub: Falcon Content Update for Windows Hosts
• CrowdStrike says bug in quality control process led to botched update
• Inside the 78 minutes that took down millions of Windows machines
• How IT Departments Scrambled to Address the CrowdStrike Chaos
• Most Airlines Except One Are Recovering From the CrowdStrike Tech Outage. The Feds Have Noticed
• Elon Musk: CrowdStrike outage caused ‘seizure’ for auto supply chain
• Microsoft says EU rules made CrowdStrike outage possible
• Threat Actor Distributes Python-Based Information Stealer Using a Fake Falcon Sensor Update Lure
• Cyberattacks may follow CrowdStrike outage, warns MS-ISAC

Donald Trump Assassination Attempt: Takeaways from FBI testimony: Trump shooter searched details of JFK assassination and flew drone near rally site

• Shooter looked up information on JFK assassination
• Shooter flew drone just 2 hours before Trump took the stage
• Gun had a collapsable stock and was purchased from shooter’s father
• Climbed up to the roof
• Shooter was searching for news stories
• Wray expects more threats from Iran
• FBI: Would-be assassin was fixated on Trump, studied earlier high-profile killing
• Trump Shooter Used Drone Like a ‘Rearview Mirror’ Before Assassination Attempt
• FBI director reveals new details about how Trump shooter carried out attack
• Director Wray’s Opening Statement to the House Judiciary Committee
• Statement Before the House Judiciary Committee: Oversight of the Federal Bureau of Investigation

Other items that may be of interest:

• U.S. Department of Justice Office of the Inspector General: DOJ OIG Releases Report Examining DOJ Efforts to Coordinate Information Sharing About Foreign Malign Influence Threats to U.S. Elections
• TikTok Collected U.S. Users’ Views on Gun Control, Abortion and Religion, U.S. Says
• Dragos: Intelligence Brief: Impact of FrostyGoop ICS Malware on Connected OT Systems
• Hackers shut down heating in Ukrainian city with malware, researchers say
• Novel ICS Malware Sabotaged Water-Heating Services in Ukraine
• Senators to FTC: Car companies’ data privacy practices must be investigated
• Wyden Investigation Reveals New Details About Automakers’ Sharing of Driver Information with Data Brokers; Wyden and Markey Urge FTC to Crack Down on Disclosures of Americans’ Data Without Drivers’ Consent
  Cyber Vulnerabilities Make Buildings’ Systems Ticking Time Bombs. 
• Russian ransomware gangs account for 69% of all ransom proceeds
• Phishing Landscape 2024: An Annual Study of the Scope and Distribution of Phishing
• Surge of AI Deepfakes Promoting ‘Miracle Cures’ on Social Media
• Ransomware ecosystem fragmenting under law enforcement pressure and distrust
• CDC Confirms Three Human Cases of H5 Bird Flu Among Colorado Poultry Workers
• ODNI: Iran’s Nuclear Weapons Capability and Terrorism Monitoring Act of 2022—Assessment Regarding the Regional and Global Terrorism of the Islamic Republic of Iran

Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for Podcasters, Apple, Spotify, as well as other locations accessible from the Spotify for Podcasters link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:

• The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment.
• Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
• The Gate 15 Interview, is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.
• Venue Security, The IAVM Podcast Series is our newest podcast as Gate 15’s founder and Managing Director, Andy Jabbour hosts short interviews with venue safety and security experts from the International Association of Venue Managers’ (IAVM) Venue Safety and Security Committee (VSSC) and other special guests from the IAVM community. 
• The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests. This is presently a Gate 15 special podcast and occasionally is updated on our Gate 15 podcast channel.
• The Risk Roundtable, was a monthly discussion among our team and occasional guests exploring the all-hazards threats and risks impacting the United States and internationally. This was suspended in September 2023.

We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Threads,  LinkedIn, via email at [email protected].