Weekly Security Sprint EP 15. A few of our favorite things: insiders, ransomware, hurricanes! Plus FB-ISAO turns 5, Space as Critical Infrastructure and Quick Hits!

Please enjoy our newest podcast, the Weekly Security Sprint, on Spotify for Podcasters, Spotify, Apple, Google, as well as other locations accessible via the Anchor link or almost anywhere you listen to your favorite podcasts.

---

In this week’s Security Sprint, Dave and Andy talked about the following topics:

Insiders, hostile events, and data loss:

• Louisville bank employee livestreamed attack that killed 5 
• Pentagon document leak: Here are the biggest takeaways after U.S. military secrets leaked

Ransomware:

• Major cybersecurity flaws led to Suffolk County ransomware attack: 
  • “There were plenty of things we could’ve been doing…If we had a Chief Information Security Officer in place with security authority then that could’ve changed the outcome.“- Suffolk County Executive Steve Bellone.
  • The report “described in great detail the eight months that the criminal actors spent in the Clerk’s office installing bitcoin mining software, creating fake accounts…”
  • “the County was able to maintain its backup data and didn’t pay any ransom. Now, more than 95 percent of county services are back online.”
• As discussed during the podcast, there are lots of links below, some of what we shared just this last week, to show how much there is.

Hurricane Season 2023!

• CSU released its first forecast for the 2023 Atlantic hurricane season on Thursday, April 13. We anticipate that the 2023 Atlantic basin hurricane season will have slightly below-average activity. 

Space as Critical Infrastructure:

• FDD: Time to Designate Space Systems as Critical Infrastructure & Opinion: Time to designate space systems as critical infrastructure, and reported here: Cyberspace Solarium Commission says space systems should be considered critical infrastructure

Others:

• Faith-Based Security: FB-ISAO Newsletter, v5, Issue 4. FB-ISAO is Five Years Strong, Mass Shooting at Covenant School, SPOTLIGHT: Resources, Upcoming Events.
  • FB-ISAO: Faith-Based Organizations Continue to Be Targets of Hostile Events.
  • A Proclamation on Days Of Remembrance Of Victims Of The Holocaust, 2023
  • Statement from President Joe Biden on Orthodox Easter
• What it will look like if China launches cyberattacks in the U.S. “If Xi Jinping moves on Taiwan, we should assume he’ll launch cyberattacks against the United States as part of the operation,” Rep. Mike Gallagher (R-Wis.), chair of the House Select Committee on China, said in an emailed statement. 
• Did someone really hack into the Oldsmar, Florida, water treatment plant? New details suggest maybe not. ’But even if the event turns out not to be the work of an outside malicious hacker, the threat to water treatment facilities is still very real, said Jennifer Lyn Walker, director of infrastructure cyber defense at the Water Information Sharing and Analysis Center. Furthermore, she said, the incident helped give the attention needed to kickstart a larger conversation about securing the water and wastewater systems, particularly for smaller utilities. 
• A cyber attack hit the water controllers for irrigating fields in the Jordan Valley; A cyber attack paralyzed the water controllers for irrigating fields in the Jordan Valley that are operated by the Galil Sewage Corporation.
• MDM:
  • THE CYBERSECURITY 202: Russians boasted of undetected bots, leaked documents show. 
  • Risky Biz News: Misinformation superspreaders: A report found that Twitter Blue accounts are some of the platform’s biggest spreaders of misinformation.
  • Unleash the Twitter Bots

So Much More Ransomware:

• The LockBit ransomware (kinda) comes for macOS; Analyzing an arm64 mach-O version of LockBit & LockBit ransomware gang appears to be targeting Macs for the first time
• Risky Biz News: NCR gets ransomwared: NCR, the world’s largest banking and payments software maker, has confirmed that a recent data center outage was caused by a ransomware attack. And see NCR suffers Aloha POS outage after BlackCat ransomware attack
• Karakurt returns: Chinese security firm QiAnXin has a report on the return of Karakurt, the data extortion division of the old Conti gang.
• Technical Analysis of Trigona Ransomware & Trigona Ransomware Attacking MS-SQL Servers
• Vice Society ransomware uses new PowerShell data theft tool in attacks
• Risky Biz News: Kadavro ransomware: Fortinet has an analysis of the new Kadavro ransomware they’ve been seeing distributed in the wild disguised as a Tor Browser installer.
• Risky Biz News: LockBit ransomware: French security firm Glimps has published a technical analysis of Lockbit’s new version, known as LockBit Green.
• Risky Biz News: RTM Locker: Trellix researchers have discovered a new RaaS platform named Read The Manual, or RTM Locker.
• Ransomware Roundup – Kadavro Vector Ransomware
• Abuse victims warned over ‘dodgy emails’ following ransomware attack. Four organisations that support survivors of rape and sexual abuse have been affected by a ransomware attack, targeting the company that stores their data in Northern Ireland.
• Darktrace: Investigation found no evidence of LockBit breach
• The Week in Ransomware – April 14th 2023 – A Focus on Stolen Data
• Money Ransomware: The Latest Double Extortion Group
• More DDoS, More Leaks: Where Ransomware is Headed in 2023
• Crawford’s striking example of a cyberattack; “We discovered a ransomware note on our system”
• Insider Threat and Ransomware: A Growing Issue
• Kansas health care company hit by ransomware attack
• Hackers claim vast access to Western Digital systems; One of the hackers claimed to have stolen customer data and said they are asking for a ‘minim 8 figures’ as a ransom
• A series of mistakes has led to a serious blow in reputation for LockBit
• Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land
• Ransomware review: April 2023
• Ransomware in France, April 2022–March 2023
• Nokoyawa ransomware attacks with Windows zero-day & Ransomware gangs increasingly deploy zero-days to maximize attacks; Microsoft issued a patch for a zero-day that researchers at Kaspersky said was used to deliver Nokoyawa ransomware.
• Latitude Financial refuses to bow to ransomware demands
• German Superyacht Maker Targeted by Ransomware Cyberattack
• Major Hack Hits South Korean Exchange GDAC, $13.9M Stolen
• Ransomware and Crypto: the Growing Compliance Challenge
• Ransomware Victims and Network Access Sales in Q1 2023 & KELA reports manufacturing, industrial sectors most targeted by ransomware, data leak actors during Q1 2023
• SannLocker Ransomware.
• KFC, Pizza Hut owner discloses data breach after ransomware attack. ”
• NJ Police Agency Hit by Ransomware, Delaying Investigations
• Clop ransomware leaks Tasmania’s student data
• A Myth or Reality? Debunking (Mis)Conceptions Surrounding Cloud Ransomware
• Threat Actor Spotlight: Ragnarlocker Ransomware

Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Anchor, Apple, Spotify, Google, as well as other locations accessible from the Anchor link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:

• The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment. 
• The Risk Roundtable is a recurring monthly discussion among our team and occasional guests as we explore the all-hazards threats and risks impacting the United States and internationally.
• The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests.
• Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
• The Gate 15 Interview is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.

We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Twitter, LinkedIn or via email at: podcast@gate15.global.