Weekly Security Sprint EP 42: Ransomware, Resilience, MDM and more.

Please enjoy our newest podcast, the Weekly Security Sprint, on Spotify, Apple, Google, as well as other locations accessible via the Spotify for Podcasters link or almost anywhere you listen to your favorite podcasts.

---

Gate 15 is on Threads! Give us a follow and join us: @gate_15_resilience

In this week’s Security Sprint, Dave and Andy talk about the topics below. For more of these and other security updates, subscribe to our free daily report, delivered directly to your inbox, the Gate 15 SUN. To subscribe, please email Gate15@Gate15.global.

Announcement! Venue Security, The IAVM Podcast Series! A new monthly podcast starting in 2024. Venue Security, The IAVM Podcast Series is our newest podcast as Gate 15’s founder and Managing Director, Andy Jabbour hosts short interviews with venue safety and security experts from the International Association of Venue Managers’ (IAVM) Venue Safety and Security Committee (VSSC) and other special guests from the IAVM community. 

Main Topics

Ransomware Updates

• Ransomware Actors Continue to Gain Access through Third Parties and Legitimate System Tools
  • As of July 2023, the FBI noted several trends emerging continuing across the ransomware environment and is releasing this notification for industry awareness. New trends included ransomware actors exploiting vulnerabilities in vendor-controlled remote access to casino servers, and companies victimized through legitimate system management tools to elevate network permissions.
  • The FBI continues to track reporting of third-party vendors and services as an attack vector for ransomware incidents. Between 2022 and 2023, the FBI noted ransomware attacks compromising casinos through third-party gaming vendors. The attacks frequently targeted small and tribal casinos, encrypting servers and the personally identifying information (PII) of employees and patrons.
• CYBERSECURITY ADVISORY – #StopRansomware: Royal Ransomware, November 13, 2023 update
• Security Affairs: DOLLY.COM PAYS RANSOM, ATTACKERS RELEASE DATA ANYWAY
• Brazen ransomware attack on US unit of Chinese banking giant has financial sector on alert
• Risky Biz News: Clop is coming after your SysAid servers
• Basically all of Maine had data stolen by a ransomware gang; Maine’s state agencies are the latest victims in the far-reaching MOVEit file transfer tool hack.
• Boeing data published by Lockbit hacking gang
• Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
• Same threats, different ransomware; A threat cluster’s switch from Vice Society to Rhysida
• Hive Ransomware’s Offspring: Hunters International Takes the Stage
• Ransomed[.]vc Sunsets Operations, Auctions Off Infrastructure
• Critical Vulnerability: SysAid CVE2023-47246

SHIELDS READY. The Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Emergency Management Agency (FEMA) launched the new Shields Ready campaign to encourage the critical infrastructure community to focus on strengthening resilience. Resilience is the ability to prepare for, adapt to, withstand, and rapidly recover from disruptions caused by changing conditions. The new campaign was unveiled during a joint press conference at the Port of Long Beach alongside speakers from the Long Beach, California community and members of the U.S. Coast Guard. Shields Ready complements CISA’s successful “Shields Up” campaign, which encourages critical infrastructure stakeholders to take specific, time-sensitive actions that reduce risk in response to specific threat intelligence during cyberattacks physical security threats, or natural disasters in response to specific threat intelligence. Shields Ready focuses more broadly and strategically on how to prepare critical infrastructure for a potential disruption and how to build more resilience into systems, facilities and processes by taking action before a crisis or incident even occurs. It also aligns with and complements FEMA’s Ready campaign. Each campaign webpage will feature and link to the other for easy reference and use. ICYMI: CISA Launches Critical Infrastructure Security and Resilience Month 2023

“with sales come scams”

Dave Pounder

UK NCSC: Black Friday bargain hunters warned of enhanced online scams after millions lost last year; Latest Cyber Aware campaign aims to help shoppers protect themselves online in the run up to the festive period.

Info Ops

• The Truth Crisis | The Rising Threat of Online Misinformation and Disinformation
• The Gate 15 Interview: Malicious Info Operations & MDM, the Space Sector, supply chain resilience, the City of Light, and nudging the world in a better direction.
• Nerd Out: EP 41. Dave Clark joins to talk about MDM and other nerd topics.

Quick Hits.

• Critical infrastructure Updates: Major Australian Ports Affected By Cyber Incident
• Operations at DP World Australia resume, though ‘doesn’t mean the incident has concluded’
• Washington state transportation services partially restored after cyberattack
• The NSA Seems Pretty Stressed About the Threat of Chinese Hackers in US Critical Infrastructure
• Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology
• International Terrorism: Five right-wing terrorists arrested throughout Europe with the support of Eurojust and Europol
• Israel: Mossad foils Hezbollah terror plot against Jews in Brazil
• FEMA and CISA Release Joint Guidance on Planning Considerations for Cyber Incidents
• Faith-Based and Israel-Gaza Related Updates: OpenAI blames DDoS attack for ongoing ChatGPT outage. In a series of Telegram messages seen by TechCrunch, hacktivist group Anonymous Sudan took credit for the alleged attack. In the messages, Anonymous Sudan said the reason it targeted OpenAI is due to the company’s “general biasness towards Israel and against Palestine”.
• Earthquake Preparedness. FEMA’s Earthquake & Wind Programs Branch, along with the National Earthquake and Hazard Reduction Program (NEHRP), is excited to announce the updated Earthquake Safety Checklist (FEMA B-526). The checklist acts as a reference guide that helps individuals and families prepare for an earthquake event and prevent earthquake-related damage. FEMA B-526 lists several steps to take in the event of an earthquake to mitigate damage and risk to people and property. 
• Emergency Services Sector COVID-19 After Action Review. The Emergency Services Sector (ESS) represents the Nation’s first line of defense in the prevention and mitigation of risk from both intentional and unintentional manmade incidents, as well as from natural disasters. The ESS was critically involved in the response to the COVID-19 pandemic, with each sector discipline contributing essential services. As the intensity of the pandemic lessened in 2022, the Cybersecurity and Infrastructure Security Agency (CISA) Emergency Services Sector Management Team (ES SMT) established a working group of ESS government and private sector partners to examine the sector’s response to the pandemic and develop lessons learned from its experiences. The recently released Emergency Services Sector COVID-19 After Action Review provides a summary of the working group discussions, contributions from participants, and key references of associated research.
• CISA, NSA, and Partners Release New Guidance on Securing the Software Supply Chain
• FEMA’s National Business Emergency Operations Center (NBEOC) – YouTube

Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for Podcasters, Apple, Spotify, Google, as well as other locations accessible from the Spotify for Podcasters link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:

• The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment.
• Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
• The Gate 15 Interview, is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.
• Venue Security, The IAVM Podcast Series is our newest podcast as Gate 15’s founder and Managing Director, Andy Jabbour hosts short interviews with venue safety and security experts from the International Association of Venue Managers’ (IAVM) Venue Safety and Security Committee (VSSC) and other special guests from the IAVM community. Starts in January 2024.
• The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests. This is presently a Gate 15 special podcast and occasionally is updated on our Gate 15 podcast channel.
• The Risk Roundtable, was a monthly discussion among our team and occasional guests exploring the all-hazards threats and risks impacting the United States and internationally. This was suspended in September 2023.

We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Threads,  LinkedIn, via email at: podcast@gate15.global, and also on X, the platform formerly known as Twitter.