Weekly Security Sprint EP 52. Geo-political impacts, cyber warnings, BEC, scams, ransomware and more!

Please enjoy our newest podcast, the Weekly Security Sprint, on Spotify, Apple, Google, as well as other locations accessible via the Spotify for Podcasters link or almost anywhere you listen to your favorite podcasts.

---

Gate 15 is on Threads! Give us a follow and join us: @gate_15_resilience!

In this Week’s Security Sprint, Dave and Andy talked about the topics below. For more of these and other security updates, subscribe to our free daily report, delivered directly to your inbox, the Gate 15 SUN. To subscribe, please email [email protected].

In our warm start we address cyber threats from China 🇨🇳 and threats to the Water Sector, see quick hits for links. And we celebrate Pod friend Bridget Johnson on her new role.

Main Topics.

Cyber Warnings: BEC: Deepfake Scam Video Cost Company $26 Million, Hong Kong Police Says. 

• Europcar says someone likely used ChatGPT to promote a fake data breach. On Sunday, a user in a well-known hacking forum advertised what they claimed was a cache of stolen data from the rental car giant Europcar. The user claimed to have stolen the personal information of more than 48 million Europcar customers, and said they were “listening to offers” to sell the hacked data. Except, the data appears to be completely made up — perhaps created with ChatGPT, according to Europcar.
• OpenAI: Building an early warning system for LLM-aided biological threat creation
  • OpenAI Says ChatGPT Probably Won’t Make a Bioweapon
• ChatGPT is leaking passwords from private conversations of its users, Ars reader says
• FBI PSA: Scammers Use Couriers to Retrieve Cash and Precious Metals from Victims of Tech Support and Government Impersonation Scams
• New Hampshire robocall kicks off era of AI-enabled election disinformation

Ransomware:

• Corvus: Q4 Ransomware Report: 2023 Ends as a Record-Breaking Year
• Ransomware Retrospective 2024: Unit 42 Leak Site Analysis. 
• The ransomware business is booming, even as enforcers shut down some major players; Palo Alto Networks’ Unit 42 found a 49 percent bump in victims reported by ransomware leak sites in 2023

Quick Hits

Brothers Charged After Seizure of Homemade Explosives, Ghost Guns in Their Astoria Apartment

• NYC brothers face 130 counts after ‘arsenal’ of ghost guns and homemade explosives found in their apartment, prosecutors say
• Queens bust: 2 brothers kept homemade explosive devices, ‘hit list’ in Astoria apartment, authorities allege. Investigators also recovered notebooks with hit lists that included police officers, politicians and celebrities, along with a scanner radio set to the frequency of the neighboring police precinct…The apartment is located right across from a Con Ed power facility.

🇨🇳 Cyber Threats to Critical Infrastructure and the United States 

• Hearing Notice: The CCP Cyber Threat to the American Homeland and National Security
• Exclusive: US disabled Chinese hacking network targeting critical infrastructure
• Risky Biz News: Volt Typhoon secret takedowns
• FBI director to warn Congress of dangers Chinese hackers pose to American infrastructure, innovation
• Chinese hackers are determined to ‘wreak havoc’ on US critical infrastructure, FBI director warns
• FBI: The CCP Cyber Threats to the American Homeland and National Security
• Director Wray’s Opening Statement to the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party
• Opening Statement by CISA Director Jen Easterly
• CISA: People’s Republic of China Cyber Threat
• US officials deliver warning that Chinese hackers are targeting infrastructure
• Top U.S. officials warn Congress of China’s hacking powers
• FBI: China seeks to ‘wreak havoc’ by targeting US water, electricity
• Chinese hackers ready to ‘wreak havoc’ on critical US infrastructure with 50-to-1 cyber personnel advantage, FBI director warns 
• U.S. Government Disrupts Botnet People’s Republic of China Used to Conceal Hacking of Critical Infrastructure
• FBI says it’s shut down sources of recent Chinese infrastructure hacks
• CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO Routers
• CISA: Vendors must secure SOHO routers against Volt Typhoon attacks
• Why China’s Global Electric Project Has National Security Experts on Alert

Water, Water, Everywhere! 

• Announcement! WaterISAC is excited to announce that this Spring, it will be hosting H2OSecCon as a one-day virtual event on Thursday, May 23 from 11 AM – 5 PM ET! This one-of-a-kind virtual conference is curated for the water and wastewater sector with a focus on IT and OT cybersecurity, physical security, and operational resilience. The event will boast two tracks and feature sessions and panels with water utility and security experts sharing guidance, past experiences, and best practices. Mark your calendars today and make plans to join WaterISAC on Thursday, May 23! A call for presentations will open shortly and registration will open in late February. Sign Up For Updates Here!
• Securing Operational Technology: A Deep Dive into the Water Sector
• Environment, Manufacturing, and Critical Materials Subcommittee Hearing: “Ensuring the Cybersecurity of America’s Drinking Water Systems”
• Chair Rodgers Opening Remarks on the Cybersecurity of America’s Drinking Water System
• Subcommittee Chair Carter Opening Remarks on the Cybersecurity of America’s Drinking Water System
• Water trade groups urge lawmakers to consider cyber training and more funding for their facilities
• Water Sector Cybersecurity Toolkit 
• SAVE THE DATE! CISA Hosts CISA Live! on Boosting Water Sector Cybersecurity – Wednesday, February 7! On Wednesday, February 7, we are hosting a CISA Live! – Boosting Water Sector Cybersecurity event on LinkedIn Live where CISA Deputy Director Nitin Natarajan and Director of Environmental Protection Agency Water Infrastructure and Cyber Resilience Division David Travers will chat about the critical importance of water sector cybersecurity. 
• ‘Elevated’ risk of hackers targeting UK drinking water, says credit agency
• US sanctions Iranian military hackers for attacks on water facilities
• Muscatine Power and Water suffers cybersecurity incident
• Water Sector Leaders Urge Congress to Fund Cyber Mandates
• (PA) Sen. Nick Miller to Introduce Bill Bolstering Cybersecurity Measures for Critical Infrastructure
• City of Griffin’s water tank cracks open, spilling out thousands of gallons of water (video)

• The U.S. economy is booming. So why are tech companies laying off workers?
• Why Is Big Tech Still Cutting Jobs?
• Statement From Secretary of Defense Lloyd J. Austin III on U.S. Strikes in Iraq and Syria
  • Sullivan: Middle East strikes “not the end” of U.S. drone attack response
  • Statement by Secretary of Defense Lloyd J. Austin III on Coalition Strikes in Houthi-Controlled Areas of Yemen
  • Joint Statement from Australia, Bahrain, Denmark, Canada, the Netherlands, New Zealand, United Kingdom, and United States on Additional Strikes Against the Houthis in Yemen
  • Houthis may sabotage western internet cables in Red Sea, Yemen telecoms firms warn
  • Iran Says Yemen Strikes ‘Contradict’ US, UK Policy
• Hostages at Procter & Gamble plant outside Istanbul rescued after 9-hour ordeal
• US Senate Judiciary Committee Hearing: Big Tech and the Online Child Sexual Exploitation Crisis
• Senator to Big Tech: ‘Collectively, your platforms really suck at policing themselves’
• ‘You Have Blood on Your Hands’: Senators Say Tech Platforms Hurt Children
• Mark Zuckerberg apologizes to families for social media’s impact on kids
• Meta: Our Work to Help Provide Young People with Safe, Positive Experiences
• TikTok’s CEO can’t catch a break from xenophobia in Congress
• Singaporeans slam US senator’s grilling of TikTok CEO Chew Shou Zi’s nationality, links to China: ‘pure ignorance’
• Online safety legislation is opposed by many it claims to protect
• Child safety hearing puts key internet law back in Congress’s crosshairs
• Cloudflare: Thanksgiving 2023 security incident
• AnyDesk Incident Response 2-2-2024
• Ivanti Updates: 
  • Supplemental Direction V1: ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities
  • Risky Biz News: Let’s revisit the Ivanti Connect Secure clusterfudge
  • CISA orders Ivanti devices targeted by Chinese hackers be disconnected
  • Third Ivanti Zero-Day Vulnerability (CVE-2024-21893)
  • Mandiant: Cutting Edge, Part 2: Investigating Ivanti Connect Secure VPN Zero-Day Exploitation
  • Updated: New Software Updates and Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways
  • Canadian Centre for Cyber Security – Ivanti security advisory (AV24-058)
  • CERT-NZ: Vulnerabilities in Ivanti gateways actively exploited
  • Ivanti patches two zero-days under attack, but finds another
  • CISA Adds One Known Exploited Vulnerability to Catalog CVE-2024-21893 
  • Ivanti: KB CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways (31 Jan)
  • Ivanti warns of new Connect Secure zero-day exploited in attacks
  • CISA: New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways
  • WaterISAC: Update January 30, 2024: (TLP:CLEAR) WaterISAC Advisory: CISA Issues Emergency Directive on Ivanti Vulnerabilities
• Canadian Centre for Cyber SecurityCyber security at home and in the office: Secure your devices, computers, and networks (ITSAP.00.007)
  • Senate negotiators release sweeping border and military aid bill
  • FACT SHEET: Biden-⁠Harris Administration Calls on Congress to Immediately Pass the Bipartisan National Security Agreement
  • Statement from Vice President Kamala Harris on the Bipartisan Senate National Security Agreement
  • Statement from President Joe Biden on Bipartisan Senate National Security Agreement
  • Statement from Secretary Mayorkas on the Bipartisan National Security Agreement in the U.S. Senate
  • Speaker Johnson: Border bill is ‘even worse than we expected’
  • Senate Border Security Bill Text Explained—Five Key Takeaways
• QAnon-aligned son decapitates federal employee dad, shows off ‘traitor’s’ head in sick YouTube video
• Virtual Event: Preventing Mass Attacks In Our Communities. In this event, researchers from the US Secret Service National Threat Assessment Center discuss their findings on mass attacks perpetrated in public and semi-public spaces, including businesses, restaurants, bars, retail outlets, houses of worship, schools, open spaces and more. Based on these findings, guidance will be provided on how communities may develop or improve existing violence prevention programs using a behavioral threat assessment model. Click Here To Register. Available Training Dates:
  • April 4, 2024 | 12:00 – 2:00 pm EST
  • June 5, 2024 | 12:00 – 2:00 pm EST
  • August 7, 2024 | 12:00 – 2:00 pm EST

Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for Podcasters, Apple, Spotify, Google, as well as other locations accessible from the Spotify for Podcasters link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:

• The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment.
• Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
• The Gate 15 Interview, is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.
• Venue Security, The IAVM Podcast Series is our newest podcast as Gate 15’s founder and Managing Director, Andy Jabbour hosts short interviews with venue safety and security experts from the International Association of Venue Managers’ (IAVM) Venue Safety and Security Committee (VSSC) and other special guests from the IAVM community.
• The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests. This is presently a Gate 15 special podcast and occasionally is updated on our Gate 15 podcast channel.
• The Risk Roundtable, was a monthly discussion among our team and occasional guests exploring the all-hazards threats and risks impacting the United States and internationally. This was suspended in September 2023.

We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Threads,  LinkedIn, via email at: [email protected], and also on X, the platform formerly known as Twitter.