Please enjoy our newest podcast, the Weekly Security Sprint, on Spotify for Podcasters, Spotify, Apple, Google, as well as other locations accessible via the Anchor link or almost anywhere you listen to your favorite podcasts.
In this week’s Security Sprint, Dave and Andy talked about a number of topics listed below. They also note the new Gate 15 SUN. Subscribe to that immediately below!
[ctct form=”3911″ show_title=”false”]
Main Topics
DHS!
- Department of Homeland Security Issues QHSR Detailing Strategy to Stay Ahead of Evolving Threat Environment. “‘Twenty years after its formation, the Department of Homeland Security is more fit for purpose than ever before to meet the challenges we face now and will face in the future,’ said Secretary of Homeland Security Alejandro N. Mayorkas. ‘The QHSR helps Congress and the American public understand the evolving threats we face and our approach to addressing them. That approach includes leveraging emerging technologies, such as artificial intelligence, and modernizing the Department to ensure our personnel have the tools they need to deliver on our vital mission.’ In this QHSR, the Department reaffirms the five enduring missions set forth in the first and second QHSRs, while also adding a new —and sixth— homeland security mission. The five enduring missions are: 1) Counter Terrorism and Prevent Threats; 2) Secure and Manage Our Borders; 3) Administer the Nation’s Immigration System; 4) Secure Cyberspace and Critical Infrastructure; and 5) Build a Resilient Nation and Respond to Incidents. This QHSR also, and for the first time, adds a new homeland security mission: 6) Combat Crimes of Exploitation and Protect Victims.” Read more -> 2023 Quadrennial Homeland Security Review (QHSR). Released in 2023, the Third Quadrennial Homeland Security Review (QHSR) assesses the threats and challenges the Department faces today and into the future and lays out the approaches DHS and the homeland security enterprise are adopting to carry out its missions. The QHSR reaffirms the five enduring homeland security missions — and adds a new sixth mission: Combat Crimes of Exploitation and Protect Victims. Overall, this strategic guidance and updated mission framework will inform existing Departmental processes for translating priorities into resources, including the DHS Strategic Plan and the annual budget development process.
- 2023 State of Homeland Security Remarks: Tackling an Evolving Threat Landscape – Homeland Security in 2023
- MEDIA ADVISORY: Garbarino Announces Subcommittee Hearing With CISA Director Jen Easterly, “CISA 2025: The State of American Cybersecurity from CISA’s Perspective.” (27 Apr)
See Something, Say Something – Possible Faith-Based Attack Averted & FB-ISAO Turns Five!
- Man Arrested at Church Service After Members Believe he was Testing Security of Church. Tuesday morning, April 18th, the police department received a phone call from a member of the security team at Faith Assembly of God…in reference to a man who had been acting suspiciously while attending revival services. Police were informed of several incidents on different nights that made church members believe the man was testing the security of the church while also asking personal questions about the members and staff. At the request of the church, officers arrived at the beginning of last night’s service to make the church members feel safer. The man arrived at 7:00 p.m. and entered the church. Officers on scene walked by the man’s vehicle and observed in plain view an AR-style rifle, multiple 30 round magazines, a shotgun, a belt loaded with shotgun shells, knives, tourniquets, and other survival gear. Officers shared this information with church staff and they requested the man be removed from the property… (The suspect) was transported to the Miller County Jail and charged with obstructing governmental operations, resisting arrest, fleeing on foot, and possession of a controlled substance-marijuana.
- FB-ISAO: Five Years Strong. “Happy Anniversary to the Faith-Based Information Sharing and Analysis Organization. 18 April 2023, marks five years of serving the community of faith with information, analysis, and capabilities to help reduce risk while enhancing preparedness, security, and resilience across all-faiths and all-hazards. Our members include Houses of Worship, Charities, Faith-Based Schools, and their affiliated organizations. We are five years strong!”
4-20! Cannabis ISAO Shares Cybersecurity Best Practices for the Cannabis Industry
- 4-20 2023! On Cannabis ISAO’s blog and on LinkedIn: Cybersecurity Best Practices for the Cannabis Industry. To celebrate 420 Cannabis ISAO Executive Director Ben Taylor worked with four cybersecurity professionals to compile a list of 20 cyber best practices for the cannabis industry. This blog expands on their tips and includes additional insights and resources.
Quick Hits:
Water-palooza!
- The Gate 15 Interview: April is Water-palooza! Chuck Egli and Jen Walker talk WaterISAC!
- Nerd Out Security Panel Discussion: EP 36. Making your way into the security profession
- AWWA in favor of petition challenging cybersecurity rule & Legal challenge to EPA rule poses obstacle to Biden’s cyber agenda
- Attorney General Brenna Bird Sues Biden Administration over New Cybersecurity Regulations for Public Water Systems – PDF, and discussion, Legal challenge to EPA rule poses obstacle to Biden’s cyber agenda. A trio of Republican state attorneys general asked a federal court this week to block an Environmental Protection Agency rule intended to strengthen the cybersecurity of the water sector. The GOP officials argue that it’s an “unlawful” mandate on states. It amounts to the most direct challenge to date of the Biden administration’s bid to impose more cyber mandates on critical infrastructure. The administration contends that voluntary measures have not been adequate. Missouri, Arkansas and Iowa filed their petition for review on Monday in the U.S. Court of Appeals for the 8th Circuit. Beyond their objections to what they consider a federal intrusion on states, they also argue that it will be costly to small and rural public water systems. Related: House fails to overturn Biden’s veto of GOP bid to undo administration water rule.
- Save the Date for H2OSecCon 2023! WaterISAC is excited to announce they will be hosting H2OSecCon again this year! Kicking off its inaugural event in 2022, this year’s event will be held virtually from October 19 – 20. The virtual event will feature panel discussions and presentations from water utility and security experts sharing their experiences and recommendations on physical security, IT and OT cybersecurity, and resilience. Along with presentations, the event will host both cyber and physical tabletop exercises on the last day. Additional details will be forthcoming on the website – www.H2OSecCon.org. In the meantime, mark your calendars and be ready to level up your company’s physical security, IT and OT cybersecurity, and resilience.
Ransomware – March Was a Record Setting Month & Dragos Ransomware Report
- March 2023 broke ransomware attack records with 459 incidents. March 2023 was the most prolific month recorded by cybersecurity analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022. According to NCC Group, which compiled a report based on statistics derived from its observations, the reason last month broke all ransomware attack records was CVE-2023-0669. This is a vulnerability in Fortra’s GoAnywhere MFT secure file transfer tool that the Clop ransomware gang exploited as a zero-day to steal data from 130 companies within ten days.
- Ransomware is a major threat to smaller utilities, manufacturers and health care providers: report. Read the blog from ThreatConnect and access the complete report.
- We’ve been talking a lot about ransomware and certainly will be doing so for a long time to come. Thales has released the 2023 Thales Data Threat Report which “Reveals Increase In Ransomware Attacks And Human Error As Main Cause Of Cloud Data Breaches.” Among the report’s findings:
- 48% of IT professionals reported an increase in ransomware attacks with 22% of organisations experienced a ransomware attack in past 12 months
- 51% of enterprises do not have a formal ransomware plan (just to be clear, that’s more than half…)
- Of those recently suffered a cloud data breach, 55% of respondents identified human error as the primary cause
- Dave and Andy opine on ransomware and a failure to prepare in the most recent Gate 15 Security Sprint: Weekly Security Sprint EP 15. A few of our favorite things: insiders, ransomware, hurricanes! Plus FB-ISAO turns 5, Space as Critical Infrastructure and Quick Hits!
- Dragos Industrial Ransomware Attack Analysis: Q1 2023. In the first quarter of 2023, Dragos observed two new and significant trends, the use of zero-day vulnerabilities and the exploitation of recently discovered vulnerabilities. For example, the Clop ransomware group claimed use of the GoAnywhere zero-day vulnerability (CVE-2023-0669) to impact 130 organizations in February 2023. Dragos is aware of 14 industrial organizations that the Clop ransomware group impacted in the past quarter. It is unclear if the group used the GoAnywhere vulnerability to impact these organizations. Other ransomware groups, such as Cuba and Play, used a zero-day exploit dubbed OWASSRF to target CVE-2022-41080 and compromise unpatched Microsoft Exchange servers in January 2023. Dragos detected 214 ransomware incidents in the first quarter of 2023, a 13 percent increase from the previous quarter.
Blended Threats – Critical Infrastructure Space Asset Disruption Impacts Farming Operations
- Farmers ‘crippled’ by satellite failure as GPS-guided tractors grind to a halt. Tractors have ground to a halt in paddocks across Australia and New Zealand because of a signal failure in the satellite farmers use to guide their GPS-enabled machinery, stopping them from planting their winter crop. The satellite failure on Monday was a bolt from the blue for farmers in NSW and Victoria, who were busy taking advantage of optimal planting conditions for crops including wheat, canola, oats, barley and legumes.
New FBI Elder Fraud Report
- Elder fraud costs Maine victims millions of dollars, report finds; Losses from elder fraud are spiking across the country at an alarming rate. FBI IC3 website/elder fraud. FBI: Elder Fraud Report 2022 (PDF)
3CX – Attack x Within x Attack
- Mandiant: 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible. In March 2023, Mandiant Consulting responded to a supply chain compromise that affected 3CX Desktop App software. During this response, Mandiant identified that the initial compromise vector of 3CX’s network was via malicious software downloaded from Trading Technologies website. This is the first time Mandiant has seen a software supply chain attack lead to another software supply chain attack.
- Software Maker 3CX Was Compromised in First-of-its-Kind Threaded Supply-Chain Hack: “This is the first time that we’ve ever found concrete evidence of a software supply-chain attack leading to another software supply-chain attack,” Charles Carmakal, CTO of Mandiant’s consulting group, said in a call with reporters yesterday before publicly announcing the news this morning. “This is very big and very significant to us.”
- The 3CX cyberattack was the result of two supply-chain hacks, Mandiant says
SBOM, SBOM, You’re my SBOM!
- CISA Releases Two SBOM Documents. On Friday, CISA released two community-drafted documents around Software Bill of Materials (SBOM): Types of SBOM documents and Minimum Requirements for Vulnerability Exploitability eXchange (VEX).
- The Types of SBOM document summarizes common types of SBOMs that tools may create in the industry today, along with the data typically presented for each type of SBOM. As software goes from planning to source to build to deployed and used, tools may be able to detect subtle differences in the underlying components. These types will allow for better differentiation of tools and in the broader marketplace.
- The Minimum Requirements for VEX document specifies the minimum elements to create a VEX document. This will allow interoperability between different implementations and data formats of VEX. It will also help promote integration of VEX into novel and existing security tools. This document also specifies some optional VEX elements.
- Led by CISA, both publications were debated and drafted by a community of industry and government experts with the goal to offer some common guidance and structure for the large and growing global SBOM community.
Chinese Police Outposts
- US Brings Charges Over Secret Chinese Police Outpost. The FBI on Monday arrested two New York City residents for allegedly operating a secret, illegal police station for China’s Ministry of Public Security in the city’s Chinatown neighborhood. The station, one of more than 100 China operates around the world ostensibly to help its citizens renew documents such as driver’s licenses, allegedly had a more sinister purpose: to monitor and harass Chinese activists and dissidents in the United States as part of what U.S. prosecutors call China’s “transnational repression” campaign.
- DOJ: Two Arrested for Operating Illegal Overseas Police Station of the Chinese Government; Defendants Are New York City Residents Who Allegedly Operated the Police Station in Lower Manhattan and Destroyed Evidence When Confronted by the FBI
Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for Podcasters, Apple, Spotify, Google, as well as other locations accessible from the Anchor link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:
- The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment.
- The Risk Roundtable is a recurring monthly discussion among our team and occasional guests as we explore the all-hazards threats and risks impacting the United States and internationally.
- The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests.
- Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
- The Gate 15 Interview is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.
We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Twitter, LinkedIn or via email at: [email protected].