Weekly Security Sprint EP 36. Cybersecurity Awareness Month, Physical Security issues, Ransomware and much more!

Please enjoy our newest podcast, the Weekly Security Sprint, on Spotify for Podcasters, Spotify, Apple, Google, as well as other locations accessible via the Spotify for Podcasters link or almost anywhere you listen to your favorite podcasts.

---

Gate 15 is on Threads! Give us a follow and join us: @gate_15_resilience

In this week’s Security Sprint, Dave and Andy talk about the topics below. For more of these and other security updates, subscribe to our free daily report, delivered directly to your inbox, the Gate 15 SUN. To subscribe, please email [email protected].

Cybersecurity Awareness Month!

• A Proclamation on Cybersecurity Awareness Month, 2023. “Our world — including our digital world — stands at an inflection point, where the decisions we make today will determine the direction of our world for decades to come.  This is particularly true as we develop and enforce norms for conduct in cyberspace.  We must ensure the Internet remains open, free, global, interoperable, reliable, and secure — anchored in universal values that respect human rights and fundamental freedoms.  And, we must ensure that digital connectivity is a tool that uplifts and empowers, not one used for repression and coercion.  Today, and every day, the United States commits to advancing this vision from a position of strength — leading in lockstep with our allies and partners everywhere who share our aspiration for a brighter digital future.”
  • CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month with New Public Awareness Campaign to Secure Our World
  • Transforming Vulnerability Management: CISA Adds OASIS CSAF 2.0 Standard to ICS Advisories
  • NSA Releases Guidance on Acceptance Testing for Supply Chain Risk Management
  • Procurement and Acceptance Testing Guide for Servers, Laptops, and Desktop Computers 
  • CISA: Cyber Training Bulletin
  • Transforming Vulnerability Management: CISA Adds OASIS CSAF 2.0 Standard to ICS Advisories
  • NSA Launches 10th Annual Codebreaker Challenge for 2023

• Check out NSA Cyber Director Rob Joyce’s social media meme-fest! Here, on Threads.

• Gate 15, along with many ISACs, ISAOs and other great organizations, is Cybersecurity Awareness Month Champion!

• CISA Launches National Public Service Announcement Campaign Encouraging Americans to Take Steps to Keep Themselves and Their Families Safe Online. Secure Our World Cybersecurity Awareness Program Provides Resources and Tools to Keep Individuals, Businesses and Organizations Safe from Cyber Attacks. The Cybersecurity and Infrastructure Security Agency (CISA) today announced the launch of “Secure Our World,” a nationwide cybersecurity public awareness campaign to educate all Americans on how to stay safe online. The campaign includes a public service announcement (PSA) that will air on stations around the country, as well as digital content, a toolkit, and other resources. Recognizing that technology is an integral part of our modern lives, Congress tasked CISA with creating this program to provide small businesses, communities, and individuals with the guidance and tools they need to protect themselves online.   

“I’m incredibly excited to launch our nationwide Public Service Announcement campaign, which includes resources and tools every individual and organization can use to stay safe online by practicing good cyber hygiene…As cyber threats continue to evolve, we encourage everyone to do their part to stay cyber-safe.” 

CISA Director Jen Easterly.

• The Secure Our World program is focused on four simple steps everyone can take to stay safe online:  
  • Strong passwords: Use passwords that are long, random, and unique to each account, and use a password manager to generate them and to save them.  
  • Multifactor authentication: Use MFA for all accounts that offer it. We need more than a password to protect our most important data, including email, financial accounts, and social media.   
  • Recognize and report phishing: Think before you click! Be cautious of unsolicited emails, texts, or calls asking you for personal information. Resist the urge to click on these links and don’t click on links or open attachments from unknown sources.  
  • Update software. Enable automatic updates on software so the latest security patches keep our devices continuously protected.  

• Everyone can take steps today to Secure Our World. Follow us throughout October during Cybersecurity Awareness Month for extended coverage of the program. Visit cisa.gov/SecureOurWorld to access our free cybersecurity resources and tips. Together we can build a more secure digital world.  

Main Topics

Ransomware

• Beware of Floor Plans.
• FBI PIN: Two or More Ransomware Variants Impacting the Same Victims and Data Destruction Trends
• Most dual ransomware attacks occur within 48 hours. Dual ransomware attacks are when attacks against the same victim occurr within 10 days (or less) of each other. According to the FBI, most of these occurred within 48 hours of each other. “During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal. Variants were deployed in various combinations,” the FBI’s Private Industry Notification revealed.
• Exclusive: DHS investigating whether floor plans and other security information were exposed in ransomware attack on contractor
• Ransomware attack on Johnson Controls may have exposed sensitive DHS data
• Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang
• The Week in Ransomware – September 29th 2023 – Dark Angels
• A Closer Look at the Snatch Data Ransom Group
• CL0P Seeds ^_- Gotta Catch Em All!
• Ransomware group demands $51 million from Johnson Controls after cyber attack
• The kids aren’t alright: How DOJ is reckoning with malicious teenage hackers
• MGM/Caesars Post-Mortem And Attribution
• Retail Ransomware: 26% of ransomware attacks caused data loss, a quarter of companies paid ransom, but few test or update recovery plans
• Ransomed.vc, the new comet in the extortion landscape: the interview
• Kettering logistics firm enters administration with 730 jobs lost
• CommonSpirit Health Increases Ransomware Attack Cost Estimate to $160 Million
• Why the public sector is an easy target for ransomware
• The Rhysida Ransomware Group Hit The Kuwait Ministry Of Finance

Faith-Based Security – FB-ISAO: September 2023 Threat Level Statement Update – Threat Levels Remain at GUARDED. We have reviewed the September 2023 Department of Homeland Security Homeland Threat Assessment and considered it alongside our continued observance of a broad array of general threats and hostility to people and places of faith. These include widespread acts of faith-based hostilities and open threats to faith-based organizations based on their religious and political beliefs – (including antisemitism, islamophobia, anti-Christian and anti-Sikh sentiment, etc.), regularly occurring acts of violence such as arson, vandalism, and low-level attacks including Swatting and bomb threats, as well as commodity cyberattacks seen in all communities including Business Email Compromise (BEC) and ransomware. Additionally, the TIG is closely monitoring the COVID-19 threat, events and rhetoric relating to the 2024 U.S. election season, along with other considerations that may pose direct or indirect risks to organizations. Based on this review, we have determined to maintain threat levels at GUARDED, meaning that FB-ISAO is aware that a general risk of incidents exists, but there are no target or time specific threats requiring an escalation in our overall preparedness at this time.

• The U.S. National Strategy to Counter Antisemitism: Key Actions by Pillar | The White House
• Fact Sheet: Biden-Harris Administration Takes Landmark Step to Counter Antisemitism | The White House
• Secretary Mayorkas Delivers Remarks at the Protecting Places of Worship Roundtable. FB-ISAO participated in this event.
• Peruvian National Arrested In Peru For Sending Over 150 Hoax Bomb Threats To Schools And Other Institutions In The United States And Soliciting Child Pornography. Damian Williams, the United States Attorney for the Southern District of New York, and James Smith, the Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), announced today the unsealing of a Complaint charging EDDIE MANUEL NUNEZ SANTOS, a/k/a “Lucas,” with making hoax bomb threats to more than 150 school districts, synagogues, airports, hospitals, and a shopping mall between September 15 and September 21, 2023.  The threats spanned multiple states, including New York, Pennsylvania, Connecticut, Arizona, and Alaska, and resulted in massive disruptions to the targeted communities, including evacuations of thousands of schoolchildren, a lockdown of a hospital, and flight delays.  NUNEZ SANTOS is also charged with attempting to induce a 15-year-old girl to take and send him nude and sexually explicit photographs, and he allegedly sent the bomb threats in retaliation against her and other minors after they refused his requests for child pornography.  NUNEZ SANTOS, a Peruvian national, was arrested on September 26, 2023, by Peruvian authorities in Lima, Peru, based on the charges in the Complaint.
• VA man who made threats against church arrested after showing up to Sunday service armed with gun, knives
  • Armed suspect arrested at Haymarket church, while service in progress Sept. 24 – Bull Run, VA (maybe note some good observations shared by a member in Slack)
  • Pastor says ‘miracle of God’ led to peaceful arrest of armed man at Va. church
• For more, see the FB-ISAO blog.

ORC – Target Press Release: Target Closes Select Stores to Prioritize Team Member and Guest Safety

US GAO – Critical Infrastructure Protection: National Cybersecurity Strategy Needs to Address Information Sharing Performance Measures and Methods. This report examines, among other things, (1) how federal agencies and critical infrastructure owners and operators share cyber threat information and (2) challenges to cyber threat information sharing and the extent to which federal agencies have taken action to address them. To do so, GAO reviewed documentation from 14 federal agencies, including CISA, and seven nonfederal entities with responsibility for sharing cyber threat information. In addition, GAO interviewed relevant officials from these federal agencies and nonfederal entities regarding challenges to sharing cyber threat information. Using information compiled from interviews, GAO then presented the cyber threat information challenges frequently identified by the relevant entities to the 14 federal agencies and ONCD. GAO also asked for and reviewed documentation on actions the 14 agencies and ONCD have taken or plan to take to address the challenges.

• Highlights
• Full Report

Quick Hits.

FCC Net Neutrality.

Apple updates.

Prepare for the unlikely.

FBI PSA: “Phantom Hacker” Scams Target Senior Citizens and Result in Victims Losing their Life Savings

FEMA and FCC Plan Nationwide Emergency Alert Test for Oct. 4, 2023. Test Messages Will be Sent to All TVs, Radios and Cell Phones

Massive emergency alert test scheduled to hit your phone on Wednesday. Here’s what to know.

Bridging the gender gap in the public sector. Jennifer Lyn Walker, director of cyber defense for Gate 15, said she remembers well what it was like to be in the minority in her past roles both working in local government positions and dealing with government agencies while in other roles. But now, in her work with Gate 15 as a provider or cyber defense support and analysis capabilities to WaterISAC (Water Information Sharing and Analysis Center) and Tribal-ISAC, she sees things changing. “CISA is putting more of a push on hiring women and I see it. I am dealing with more women at CISA and in other government agencies, like the EPA,” she said. Walker thinks sending the message that many jobs in cybersecurity don’t actually require deep technical skills can help attract candidates who may not traditionally apply for cybersecurity roles, including women. “Whether it’s a policy person, or a security awareness role, there are many opportunities in the career that go beyond technical skills,” she said.

🇨🇳 🇺🇸

• Bipartisan Senate Intelligence Committee Report Warns of New Threats from China and Russia (PDF report)
• CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber. People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices and visit China Cyber Threat Overview and Advisories. 
• Global Engagement Center Special Report: How the People’s Republic of China Seeks to Reshape the Global Information Environment. 

Progress warns of maximum severity WS_FTP Server vulnerability. Progress, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS_FTP Server software.

Critical vulnerabilities in Exim threaten over 250k email servers worldwide.

• Risky Biz News: Disclosure snafu delays critical Exim patch more than a year. A critical vulnerability impacting more than 3.5 million Exim email servers has remained unpatched for more than 15 months in one of the most egregious instances of vulnerability disclosure snafus in recent history. Tracked as CVE-2023-42115, the vulnerability is a no-authentication remote code execution with a severity rating of 9.8/10. It is one of six vulnerabilities that were disclosed by Trend Micro’s Zero-Day Initiative (ZDI) to the Exim project in June 2022…With Exim accounting for 56% of email servers, this leaves more than half of the internet’s email infrastructure exposed to dangerous attacks if threat actors manage to identify the root cause of the bug.

CISA releases Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management

Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for Podcasters, Apple, Spotify, Google, as well as other locations accessible from the Spotify for Podcasters link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:

• The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment.
• Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
• The Gate 15 Interview, is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.
• The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests. This is presently a Gate 15 special podcast and occasionally is updated on our Gate 15 podcast channel.
• The Risk Roundtable, was a monthly discussion among our team and occasional guests exploring the all-hazards threats and risks impacting the United States and internationally. This was suspended in September 2023.

We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Threads,  LinkedIn, via email at: [email protected], and also on X, the platform formerly known as Twitter.