Weekly Security Sprint EP 60. Cyber news and breaches, security mindfulness, all-hazards and more!

Please enjoy our newest podcast, the Weekly Security Sprint, on Spotify, Apple, as well as other locations accessible via the Spotify for Podcasters link or almost anywhere you listen to your favorite podcasts.

---

In this Week’s Security Sprint, Dave and Andy talked about the topics below. For more of these and other security updates, subscribe to our free daily report, delivered directly to your inbox, the Gate 15 SUN. To subscribe, please email [email protected].

• GridEx VII Report Highlights Further Action to Enhance Grid Resilience
• US electric grid growing more vulnerable to cyberattacks, regulator says
• CISA’s ‘Cyber Storm’ will help it update National Cyber Incident Response Plan

Main Topics

• US Environmental Protection Agency hack exposes data of 8.5 million users. The US federal arm tasked with environmental protection matters, the Environmental Protection Agency (EPA), is allegedly experiencing a data breach affecting over 8.5 million users. The breach, which has reportedly exposed personal and sensitive information belonging to EPA’s customers and contractors, was claimed by a hacker operating under the alias USDoD on Sunday… This isn’t the first time USDoD has sneaked into a federal system. Previously known as “NetSec” on RaidForums, USDoD has gained notoriety since the threat actor’s “#RaidAgainstTheUS” campaign targeting the US Army and Defense contractors. In December 2022, USDoD posted hacked data from InfraGard, a partnership between the FBI and private sector firms, which consisted of personal details about 87000 members of InfraGrad. A subsequent breach included a data leak of 3200 Airbus vendors that USDoD managed to capture using the compromised credentials of a Turkish Airline employee.

• Sophos – Unpatched Vulnerabilities: The Most Brutal Ransomware Attack Vector. While all ransomware attacks have negative outcomes, those that start by exploiting unpatched vulnerabilities are particularly brutal for their victims. Organizations hit by attacks that began in this way report considerably more severe outcomes than those whose attacks started with compromised credentials, including a higher propensity to:
  • Have backups compromised (75% success rate vs. 54% for compromised credentials)
  • Have data encrypted (67% encryption rate vs. 43% for compromised credentials)
  • Pay the ransom (71% payment rate vs. 45% for compromised credentials)
  • Cover the full cost of the ransom in-house (31% funded the full ransom in-house vs. 2% for compromised credentials)

They also reported:

• 4X higher overall attack recovery costs ($3M vs. $750k for compromised credentials)
  • Slower recovery time (45% took more than a month vs. 37% for compromised credentials)

• Bomb threats follow Libs of TikTok’s campaign against Planet Fitness
  • Bomb threats reported at Planet Fitness locations in Northern Va. amid transgender controversy
  • No threat found after several Planet Fitness locations in Jacksonville received bomb threats
  • Alabama Planet Fitness locations receive bomb threats, evacuated by FBI
  • Planet Fitness bomb threats in Connecticut spark concerns
  • Police: Planet Fitness locations evacuated after bomb threats
  • Planet Fitness locations in Daphne, Fairhope, and Mobile receive bomb threats

• Furry hackers spend stolen church funds on inflatable sea lions after pastor calls out Biden. SiegedSec, the hacking group allegedly compromised of “gay furries,” claims to have breached a U.S.-based church and used its funds to purchase at least 100 inflatable sea lions. The hack—which also resulted in the leak of roughly 15,000 user accounts from the ministry’s website, including detailed prayer requests—was aimed at the River Valley Church in Burnsville, Minnesota. In a post on Telegram, SiegedSec said it targeted the church after receiving “a report via email of a church pastor” making anti-transgender remarks. The post specifically cites the church’s lead pastor Rob Ketterling as “causing problems with transgender individuals, as well as publicly posting transphobia.” Screenshots shared by SiegedSec show some of the prayer requests made by the church’s members, as well as a link to access the data. Another screenshot shows what appears to be the church’s Amazon account and 100 inflatable sea lions being sent to its Minnesota address by SiegedSec, totaling $999.00.

• Cyber Safety Review Board Releases Report on Microsoft Online Exchange Incident from Summer 2023. The U.S. Department of Homeland Security released the Cyber Safety Review Board’s (CSRB) findings and recommendations following its independent review of the Summer 2023 Microsoft Exchange Online intrusion. The review detailed operational and strategic decisions that led to the intrusion and recommended specific practices for industry and government to implement to ensure an intrusion of this magnitude does not happen again. This is the third review completed by the CSRB since the Board was established in September 2021.
  • DHS Press Release: The inclusive review process developed actionable findings and recommendations. As a result of the CSRB’s recommendations, CISA plans to convene major CSPs to develop cloud security practices aligned with the CSRB recommendations and a process for CSPs to regularly attest and demonstrate alignment. “DHS is committed to efforts that meaningfully improve cybersecurity resilience and preparedness for our nation, and the work of the CSRB is reflective of our determination and dedication to this cause,” said CISA Director Jen Easterly. “I am confident that the findings and recommendations from the Board’s report will catalyze action to reduce risk to the critical infrastructure Americans rely on every day.” 
  • Cyber Safety Review Board Releases Report on Microsoft Online Exchange Incident from Summer 2023.pdf
  • Cyber board says Chinese hack of US officials was ‘preventable’
  • Microsoft faulted for ‘cascade’ of failures in Chinese hack

• CSU: Forecast for 2024 Hurricane Activity.“We anticipate that the 2024 Atlantic basin hurricane season will be extremely active.” 
  • Colorado State University hurricane researchers are predicting an extremely active Atlantic hurricane season in their initial 2024 forecast. The team cites record warm tropical and eastern subtropical Atlantic Sea surface temperatures as a primary factor for their prediction of 11 hurricanes this year. 
  • The CSU Tropical Weather and Climate team is predicting 23 named storms during the Atlantic hurricane season, which runs from June 1 to Nov. 30. Of those, researchers forecast eleven to become hurricanes and five to reach major hurricane strength (Saffir/Simpson Category 3-4-5) with sustained winds of 111 miles per hour or greater. So far, the 2024 hurricane season is exhibiting characteristics similar to 1878, 1926, 1998, 2010 and 2020… The team predicts that 2024 hurricane activity will be about 170% of the average season from 1991–2020. By comparison, 2023’s hurricane activity was about 120% of the average season. The most significant hurricane of the 2023 Atlantic hurricane season was Hurricane Idalia. Idalia made landfall at Category 3 intensity in the Big Bend region of Florida, causing $3.6 billion dollars in damage and resulting in eight direct fatalities. 
  • Read our forecast summary here
  • Read the full forecast here

• Info Ops: 
  • 🇷🇺 Russian trolls target U.S. support for Ukraine, Kremlin documents show
  • New effort to “inoculate” U.S. voters against AI misinformation
  • AI-generated story that Iran had fired missiles at Tel Aviv were amplified by X’s own systems
  • 🇨🇳 Microsoft: China tests US voter fault lines and ramps AI content to boost its geopolitical interests

Quick Hits

• CISA Publishes New Webpage Dedicated to Providing Resources for High-Risk Communities. CISA published a new dedicated High-Risk Communities webpage comprised of cybersecurity resources to support civil society communities at heighted risk of digital security threats, including cyber hygiene guidance, a repository of local cyber volunteer programs, and free or discounted tools and services. Despite their vulnerability to advanced cyber threats, many civil society organizations operate on lean budgets and cannot significantly invest in cybersecurity. 

• DHS: Mitigating Harm from Violent Visual Content: CP3 Prevention Resource. In the wake of an act of targeted violence or terrorism, individuals and communities may be exposed to violent images, videos, and other disturbing content. This Prevention Resource provides practical, evidence-based guidance to help protect communities, families, and individuals, while also decreasing the likelihood of violence.

• FTC Announces Impersonation Rule Goes into Effect Today (01 Apr)
• FBI Atlanta gate crash: Man tries to breach security by tailing employees
• Suspect arrested after vehicle crashes into gate at Atlanta FBI field office
• The Surprising Intelligence Community Outreach to Russia
• Why Russian intelligence dismissed US warnings of terror threat
• Germany announces military overhaul with eye on cyber threats
• “All your base are belong to us” – A probe into Chinese-connected devices in US networks
• Forescout research finds surge in Chinese-manufactured devices on US networks, including critical infrastructure
• Risky Biz News: Backdoor found in 92k D-Link NAS devices
• Omni Hotels experiencing nationwide IT outage since Friday
• A Quantitative Analysis of the Security Ratings of the S&P 500
• How a steel ball protected Taiwan’s tallest skyscraper in an earthquake
• Rotterdam teen arrested for plotting a terror attack, prosecutors say
• ‘Reverse’ searches: The sneaky ways that police tap tech companies for your private data
• The Unification Church Infiltrated Japan’s Government. Now Its Sights Are Set on the U.S.
• India rescues 250 citizens enslaved by Cambodian cybercrime gang
• Targeted Phishing Linked to ‘The Com’ Surges
• GenAI: The next frontier in AI security threats
• ChatGPT jailbreak prompts proliferate on hacker forums
• Threat Actors Deliver Malware via YouTube Video Game Cracks
• 7 Types of Business Email Compromise (BEC) Attacks
• SEO Poisoning

Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for Podcasters, Apple, Spotify, as well as other locations accessible from the Spotify for Podcasters link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:

• The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment.
• Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
• The Gate 15 Interview, is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.
• Venue Security, The IAVM Podcast Series is our newest podcast as Gate 15’s founder and Managing Director, Andy Jabbour hosts short interviews with venue safety and security experts from the International Association of Venue Managers’ (IAVM) Venue Safety and Security Committee (VSSC) and other special guests from the IAVM community.
• The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests. This is presently a Gate 15 special podcast and occasionally is updated on our Gate 15 podcast channel.
• The Risk Roundtable, was a monthly discussion among our team and occasional guests exploring the all-hazards threats and risks impacting the United States and internationally. This was suspended in September 2023.

We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Threads,  LinkedIn, via email at: [email protected], and also on X, the platform formerly known as Twitter.