Please enjoy this month’s episode of The Gate 15 podcast on on Spotify for Podcasters, Spotify, Apple, Google, as well as other locations accessible via the Anchor link or almost anywhere you listen to your favorite podcasts.
In this May Day episode of the Risk Roundtable, Dave, Jen and Andy return to talk on very real and maybe somewhat less real threats across the all-hazards environment. Jen kicks things off sharing her thoughts on the recent FBI Advisory on jUIcE JaCKiNg!! Dave continues the focus on the FBI, sharing his heartfelt thoughts relating to the new Active Shooter report. Quick hits touch on Hurricane Preparedness, Patching (always patching!) and a new COVID report. The team then talks a little US-Russian history, and some musical history, as they dive into love it, hate it, or don’t care.
Subscribe to our daily report, the Gate 15 SUN!
Some of the references in the pod include:
- Brian Krebs: Why is ‘Juice Jacking’ Suddenly Back in the News?
- Those scary warnings of juice jacking in airports and hotels? They’re mostly nonsense
FBI: New Active Shooter Update: Active Shooter Incidents in the United States in 2022
- The US in 2022 saw highest number of ‘active shooter’ casualties – deaths or injuries – of the past 5 years, FBI report finds
- FBI: Active Shooter Incidents Fell in 2022 But Remained Relatively High
NOAA: National Hurricane Preparedness. National Hurricane Preparedness Week is April 30-May 6, 2023. Be ready for hurricane season. Take action TODAY to be better prepared for when the worst happens. Understand your risk from hurricanes, and begin pre-season preparations now. Make sure you understand how to interpret forecasts and alerts, and know what to do before, during, and after a storm. If you live in hurricane-prone areas, you are encouraged to prepare before hurricane season begins on June 1. Hurricane Preparedness Themes:
- WaterISAC: Joint Cybersecurity Advisory Highlights Continued Risk Posed by Devices Left Unpatched
- APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers
- Sophos: Everything Everywhere All At Once: The 2023 Active Adversary Report for Business Leaders
- COVID Crisis Group Report: How America Lost the COVID-19 War
Some additional topics we didn’t get into but that were highlighted in this last week’s SUNs include the following.
- FB-ISAO Partners with Patrick Henry College’s Strategic Intelligence Program; Focuses on Analytical Reporting on Hostile Events, Related to the Dobbs Ruling, that Targeted Faith-Based Organizations. In late 2022, the FB-ISAO partnered with the Patrick Henry College’s (PHC) Strategic Intelligence Program to develop more in-depth analytic reports based on data sets of the hostile events that multiple interested organizations have released as open-source data sets. Some of the more robust data sets that were analyzed by the student-led team at PHC, were published by the Family Research Council and the CatholicVote.org. Other open-source data was also included in the analysis. The reports offer no opinion on the hostile events nor their perpetrators. They are solely meant to inform faith-based organizations, houses of worship, and charities of the incidents and law enforcement actions and are intended to assist the community with the development of preparedness initiatives in response to the hostile events. The collaborative reports include an executive summary and information related to:
- Attack Timeline on Pro-Life Institutions
- Distribution of Attacks on Pro-Life Institutions
- Attacks by Organizations
- Attack Types & Watchwords Associated with Attacks on Pro-Life Institutions
- Attacks on Pro-Choice Clinics
- Two new ransomware reports worth checking out, a couple links here and more below!
- Ransomware report: Coveware says that ransomware gangs are back at attacking large corporations like in the old days after attacks and average ransom demands took a dive throughout 2021 and 2022 following a series of high-profile attacks that triggered several law enforcement actions.
- BakerHostetler IR report: American law firm BakerHostetler has published its 9th annual security incident response report, based on data from over 1,160 security incidents from the prior year. One of the report‘s more interesting findings was that ransomware-related incidents were scarce throughout the start of the year before ransomware gangs ramped up attacks toward the end.
- Breach Notifications Increasing Lack Actionable Information on Breach Cause. The Identity Theft Resource Center (ITRC) has published its report on data compromises in Q1, 2023, which shows a 13% reduction in data breaches and a 64% decrease in victims from the previous quarter. In Q1 there were 445 publicly reported data compromises and 89,140,686 confirmed victims. While a fall in data breaches and victim count is good news, both figures typically fall in the first quarter of the year. The 13% reduction is far less of a fall from the corresponding period last year when there was a 28.6% quarterly reduction in data breaches. The Q1, 2023 figures show a 10% increase in data compromises compared to 2022, and a 25.7% increase from Q1, 2021.
- 94% of victims of data compromises in Q1, 2023, came from data breaches in just 4 sectors – Manufacturing & Utilities, Technology, Healthcare, and Transportation. Healthcare was the worst affected sector for the third consecutive quarter…
- 84.9% of the data compromises were due to cyberattacks (378 incidents) and 19.1% were due to system and human errors (58 incidents)…
- There is a growing trend of withholding important information from data breach notifications to the point where some breach notifications have no actionable information about the root cause of the breach, which makes it hard for individuals to determine the level of risk that they face. The lack of information also makes it difficult to obtain meaningful statistics on the causes of data breaches.
- Food and Ag Cybersecurity: A Guide for Small & Medium Enterprises. “This new guide was curated with the Food and Agriculture sector in mind. We know this sector faces both common and distinctive cybersecurity challenges, as the industry leverages information technology in the same way other industries do for core business and administrative functions. While also using technology in unique ways, such as in processing plants, farm equipment, precision agriculture, and product storage and transfer. We hope that this resource will help guide and protect smaller and medium size companies through the critical security practices outlined within.”
- Abuse of the Service Location Protocol May Lead to DoS Attacks. The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated remote attacker to register arbitrary services. This could allow an attacker to use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor. Researchers from Bitsight and Curesec have discovered a way to abuse SLP—identified as CVE-2023-29552—to conduct high amplification factor DoS attacks using spoofed source addresses. As noted by Bitsight, many SLP services visible on the internet appear to be older and likely abandoned systems. Administrators should consider disabling or restricting network access to SLP servers. Some organizations such as VMware have evaluated CVE-2023-29552 and have provided a response, see VMware Response to CVE-2023-29552 – reflective Denial-of-Service (DoS) amplification vulnerability in SLP for more information. CISA urges organizations to review Bitsight’s blog post for more details and see CISA’s article on Understanding and Responding to Distributed Denial-of-Service Attacks for guidance on reducing the likelihood and impact of DoS attacks.
- Risky Biz News: More than 70,000 servers are currently exposing their SLP ports (427 on both UDP and TCP) on the internet. This includes devices such as VMware ESXi hypervisors, Konica Minolta printers, Planex routers, Supermicro IPMI servers, and a ton of IBM gear.
- What Exactly Are the Dangers Posed by A.I.? A recent letter calling for a moratorium on A.I development blends real threats with speculation. But concern is growing among experts.
- ‘The Godfather of A.I.’ Leaves Google and Warns of Danger Ahead; For half a century, Geoffrey Hinton nurtured the technology at the heart of chatbots like ChatGPT. Now he worries it will cause serious harm.
- CISA 2025: The State of American Cybersecurity from CISA’s Perspective
- Federal Bureau of Investigation Budget Request for Fiscal Year 2024.
- Director’s Opening Statement to the House Committee on Appropriations Subcommittee on Commerce, Justice, Science, and Related Agencies.
Get all these updates and more in our free daily paper, The Gate 15 SUN! The SUN is in transition and has moved to email distribution via Constant Contact. Let us know if you’d like to be added to the new distribution process (and check your junk mail!)
The Risk Roundtable podcast is a recurring monthly discussion among our team and occasional guests as we explore the all-hazards threats and risks impacting the United States and internationally. As we seek to help apply a threat-informed, risk-based approach to analysis, preparedness and operations, we hope these podcasts are informative and maybe even a little entertaining. Read more about Gate 15’s full podcast menu at our Podcast page. We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Twitter, LinkedIn or via email at: firstname.lastname@example.org.
Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for Podcasters, Apple, Spotify, Google, as well as other locations accessible from the Anchor link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:
- The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment.
- The Risk Roundtable is a recurring monthly discussion among our team and occasional guests as we explore the all-hazards threats and risks impacting the United States and internationally.
- The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests.
- Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
- The Gate 15 Interview is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.
We hope you’ll subscribe, listen and share your ideas and other feedback!