Weekly Security Sprint EP 17. More hostile events, ransomware, hurricane predictions, and an end of COVID?

Please enjoy our newest podcast, the Weekly Security Sprint, on Spotify for Podcasters, Spotify, Apple, Google, as well as other locations accessible via the Anchor link or almost anywhere you listen to your favorite podcasts.

---

In this week’s Security Sprint, Dave and Andy talked about a number of topics listed below. You can read more on these and other topics in the Gate 15 SUN. Subscribe to that immediately below!

Subscribe to our daily report, the Gate 15 SUN!

[ctct form=”3911″ show_title=”false”]

Main Topics

Hostile Events

• Mass Killer Kills 8, Wounds 7 at Texas Mall & Gunman Kills 8, Injures 7 in Mass Shooting at Allen Outlets. Selected info follows. Many more links below. 
  • Federal agents have been reviewing social media accounts they believe Mauricio Garcia, 33, used and posts that expressed interest in white supremacist and neo-Nazi views, said the official, who could not discuss details of the investigation publicly and spoke to the AP on condition of anonymity.
  • Garcia also had a patch on his chest when he was killed by police that read “RWDS,” an acronym for the phrase “Right Wing Death Squad,” which is popular among right-wing extremists and white supremacy groups, the official said.
  • Frequently posted pro-white supremacist and neo-Nazi materials on social media, according to an FBI bulletin
  • Hundreds of postings and images to include writings with racially or ethnically motivated violent extremist rhetoric, including neo-Nazi materials and material espousing the supremacy of the white race
  • Alleged shooter was discharged from the military in 2008 amid “mental health concerns.”
  • Investigators believe the shooter was a neo-Nazi and an “incel,”
  • Had 10 rifle magazines and six pistol magazines on his body
  • A hospital says victims being treated range in age from 5 to 61.
• BPD: 7 dead after driver intentionally runs over them in front of migrant shelter
• One dead, 4 taken to hospital after shooting in Midtown Atlanta, police say
  • Suspected Atlanta hospital shooter Deion Patterson in custody after allegedly killing 1 and injuring 4
  • Deion Patterson ID’d as suspected Atlanta hospital shooter — what we know about him. 

Shockingly, Talking Ransomware!

• CISA Jen Easterly: The Attack on Colonial Pipeline: What We’ve Learned & What We’ve Done Over the Past Two Year
  • Victims’ reluctance to report ransomware stymies efforts to curb cyberattacks, say federal officials; Federal officials say they need more victims to report when they’ve been hit by ransomware in order to better defend against the problem. Last week at a meeting of the Ransomware Task Force, representatives acknowledged ongoing challenges in getting victims to report attacks, citing that only roughly 20% of victims are currently reporting. “If we could move that number from 20-30% to up to 70-80% we could make an even bigger impact than we’re already doing,” said Marshall Miller, principal associate deputy attorney general at the Justice Department. “I think the conversation has shifted from should we report this to law enforcement but rather when should we report this to law enforcement,” said David Ring of the FBI’s Cyber Division “Most have recognized there’s more risk in not sharing and not reporting.”
  • As ransomware data remain ‘fuzzy,’ US cyber leaders see reasons for optimism
  • ZeroFox: CyberEdge 2023 Cyberthreat Defense Report. Key Insights & Findings:
    • 85% of organizations suffered at least one successful cyberattack last year.
    • A record 73% of organizations were compromised by ransomware last year.
    • Double and triple extortion ransomware attacks are now the norm.
  • 1 big thing: Colonial Pipeline ransomware attack’s unexpected legacy; Flashback: This weekend marks two years since a Russian ransomware gang targeted Colonial’s pipeline, which provides roughly 45% of the fuel used on the East Coast.
  • Neuberger: Counter Ransomware Initiative focused on ‘expanding the tent,’ with Jordan, Costa Rica, Colombia joining
• Since 2017, our team at Gate 15 has been talking about blended attack and blended threats (read more here). A Blended Threat is a natural, accidental, or purposeful physical or cyber danger that has or indicates the potential to have crossover impacts and harm life, information, operations, the environment, and/or property. Blended threats will continue to be an increasing challenge in our environment and organizations should consider how their plans and structure support cyber-physical risk management. 
  • Royal Ransomware Attack On Dallas Disrupts 911, Court And Water Systems & Dallas cyberattack highlights ransomware’s risks to public safety, health
  • Hacked university warns of campus text alerts sent by ransomware group. Bluefield University is a small, private university in Virginia on the border of West Virginia.
  • U.S.: Cyber Chiefs Forge Partnerships With Physical Security Units As Combined Threats Grow. 
• Meet Akira — A new ransomware operation targeting the enterprise. 
• Risky Biz News: 
  • New Cactus ransomware: Kroll security researchers have spotted a new ransomware group named Cactus that exploits vulnerabilities in Fortinet VPN appliances to gain access and then encrypt corporate networks. 
  • New RA Group ransomware: Security researcher MalwareHunterTeam has discovered a new ransomware gang named RA Group. The malware was coded on top of the leaked Babuk ransomware source code, and the gang also runs a data leak site on the dark web.

Hurricanes!

Spotlight: WHO Director Says COVID No Longer Global Health Emergency

• WHO says Covid-19 is no longer a global health emergency. Covid-19 is no longer a global health emergency, the World Health Organization said on Friday. WHO’s International Health Regulations Emergency Committee discussed the pandemic on Thursday at its 15th meeting on Covid-19, and WHO Director-General Tedros Adhanom Ghebreyesus concurred that the public health emergency of international concern, or PHEIC, declaration should end. “For more than a year the pandemic has been on a downward trend,” Tedros said at a news conference Friday.
  • CDC: COVID caused 6% of deaths in 2022, down from 12% in 2021

Quick Hits:

Critical Infrastructure Cybersecurity:

• Water x And x Ransomware! Italian water supplier serving 500,000 people hit with ransomware attack. An Italian company that provides drinking water to nearly half a million people is experiencing some technical disruptions following a ransomware attack. Alto Calore Servizi SpA runs the collection, supply and distribution of drinking water for 125 municipalities Avellino and Benevento — two provinces in southern Italy. The government-run company also manages sewage and purification services for both provinces. The company manages 58 million cubic meters of water a year. But on Friday, the company said a recent hack rendered all of their IT systems unusable. “It will not be possible to carry out any operations or provide information that requires querying the database,” the company said.
• USG Starting to Take Space Cybersecurity Seriously. Peters & Cornyn Reintroduce Bipartisan Bill To Protect Commercial Satellites From Cybersecurity Threats & article: U.S. Senators Reintroduce Legislation on Commercial Satellite Cybersecurity. “We’ve already seen the impacts of attacks on satellite systems by our adversaries abroad, and the potential effects on our lives and livelihoods could be catastrophic if American systems were similarly attacked,” said Senator Peters. “This bipartisan bill will ensure that commercial satellite owners and operators have the tools and resources they need to strengthen their cybersecurity defenses.” “Nearly every industry uses commercial satellite networks to provide essential services, but the destruction or disruption of these networks could be used against our national security interests,” said Senator Cornyn. “This bipartisan piece of legislation directs CISA to publish voluntary cybersecurity best practices for companies that own these satellites and ensure our most critical infrastructure is secure against foreign cyber threats.”

SkyNet Watch – As DOD Invests in AI, CISA Warns AI May be the ‘Most Powerful Weapon of Our Time.’ 

• Top US cyber official warns AI may be the ‘most powerful weapon of our time;’ CISA Director Jen Easterly said the rapid advances in technologies such as ChatGPT could be used by adversaries to carry out cyberattacks.
  • ChatGPT and the new AI are wreaking havoc on cybersecurity in exciting and frightening ways; Unrestrained by ethics or law, cybercriminals are racing to use AI to find innovative new hacks, says Recorded Future CEO Christopher Ahlberg.
  • DoD Co-funds Institute to Research the Neural, Biological, and Cognitive Foundations of Artificial Intelligence
• Background Press Call on New Artificial Intelligence Announcements
  • Readout of White House Meeting with CEOs on Advancing Responsible Artificial Intelligence Innovation  
  • Statement from Vice President Harris After Meeting with CEOs on Advancing Responsible Artificial Intelligence Innovation
  • Intelligence community working with private sector to understand impacts of generative AI; The United States’ intelligence community is looking to engage with the private sector to help them assess the technology, U.S. Director of National Intelligence Avril Haines told lawmakers Thursday.
• The NSA’s research chief on emerging tech — including ‘beyond belief’ leaps in AI

TikTok – ‘We Respect Your Privacy, Except When We Don’t’

• Risky Biz News: TikTok tracked FT journalist: TikTok has confirmed it tracked the movements of Financial Times reporter Cristina Criddle in order to discover if she was meeting with TikTok employees and identify her sources. Criddle didn’t have an account in her name and says TikTok tracked the account she made for her cat. She is the fourth known reporter that TikTok admitted to having spied on. Previously, the company confirmed it tracked Emily Baker-White, Katharine Schwab, and Richard Nieva, three Forbes journalists that were working at the time for BuzzFeed News. The four incidents were discovered as part of an internal TikTok security audit. More FT coverage / non-paywall.
  • TikTok Tracked Users Who Watched Gay Content, Prompting Employee Complaints

MDM Threats as Newbots Proliferate

• Rise of the Newsbots: AI-Generated News Websites Proliferating Online; NewsGuard has identified 49 news and information sites that appear to be almost entirely written by artificial intelligence software. A new generation of content farms is on the way. Artificial intelligence tools are now being used to populate so-called content farms, referring to low-quality websites around the world that churn out vast amounts of clickbait articles to optimize advertising revenue, NewsGuard found. In April 2023, NewsGuard identified 49 websites spanning seven languages — Chinese, Czech, English, French, Portuguese, Tagalog, and Thai — that appear to be entirely or mostly generated by artificial intelligence language models designed to mimic human communication — here in the form of what appear to be typical news websites. The websites, which often fail to disclose ownership or control, produce a high volume of content related to a variety of topics, including politics, health, entertainment, finance, and technology. Some publish hundreds of articles a day. Some of the content advances false narratives. Nearly all of the content features bland language and repetitive phrases, hallmarks of artificial intelligence.

Compromised DVR System

• TBK DVR Authentication Bypass Attack; DVR camera system vulnerability actively exploited in the wild. TBK Vision is a video surveillance company which provides network CCTV devices and other related equipment such as DVRs for the protection of critical infrastructure facilities. According to the vendor website, they have over 600,000 Cameras and 50,000 Recorders installed all over the world in multiple sectors.
  • WaterISAC: Vulnerability Awareness – Spike in Attacks against CCTV Products with Critical Five-Year-Old Vulnerability
  • Security Week: Exploitation of 5-Year-Old TBK DVR Vulnerability Spikes

Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for Podcasters, Apple, Spotify, Google, as well as other locations accessible from the Anchor link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:

• The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment. 
• The Risk Roundtable is a recurring monthly discussion among our team and occasional guests as we explore the all-hazards threats and risks impacting the United States and internationally.
• The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests.
• Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
• The Gate 15 Interview is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.

We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Twitter, LinkedIn or via email at: [email protected].