Cyber Briefing ~ 02/06/2024

Ransomware Retrospective 2024: Unit 42 Leak Site Analysis

This comprehensive review leverages data from ransomware leak sites to assess trends and shifts within the evolving ransomware landscape during 2023. Key findings include notable increases in activity driven by zero-day exploits targeting critical vulnerabilities, the rise and fall of various groups, and affected industries and regions. Proactive protections for customers are also outlined. (PALOALTONETWORKS.COM )

Clorox Cyberattack Costs Exceed $49 Million

Cleaning products maker Clorox has reported that the cyberattack it suffered in 2023 has cost the company over $49 million so far. The attack resulted in system shutdowns, order processing delays, and product shortages, impacting sales and earnings. Clorox expects to incur additional costs in 2024. The company has not disclosed specific details about the attack, but it is believed to be a ransomware attack. The group responsible for the attack has not been confirmed. (SECURITYWEEK.COM )

Pennsylvania Court Website Down in DDoS Cyber Attack

The website for Pennsylvania's court system has been hit by a denial-of-service (DDoS) cyberattack, taking key functions like case dockets and payments offline. While no data breach is indicated yet, the incident restricts lawyers, litigants, and stakeholders who rely on these services. Law enforcement including the DHS and FBI are investigating the attack's extent alongside Pennsylvania's IT team. Chief Justice Deborah Todd said courts will remain open but urged following their social media for updates on website restoration. DDoS attacks inundate systems to cripple operations and often precede data theft. This latest incident underscores the increasing threats to digital infrastructure nationally. (READWRITE.COM )

China's Hackers Keep Targeting US Water and Electricity Supplies

The FBI warned that China's hackers continually target US critical infrastructure and have positioned themselves to potentially "wreak havoc." The FBI recently removed malware planted by hackers group Volt Typhoon, which it says hides efforts to exploit sectors like energy and water. Though long-standing, the persistent cyber threat to core systems underscores growing concern over potential real-world harm. It comes amid increased US government calls to counter and expose the sophistication and scale of China's operations. Defending critical systems remains an urgent priority as unease mounts over their vulnerability. (WIRED.COM )

Cybersecurity in Numbers: Unpacking the Cybernomics 101 Report

The Cybernomics 101 report by Barracuda sheds light on the financial impact of cyberattacks, with an average cost of over $5 million annually for organizations. The report also highlights the use of generative AI by hackers, the prevalence of ransomware attacks, and the importance of a platform approach to security. It emphasizes the need for organizations to prioritize resilience and adopt proactive security measures to effectively manage cybersecurity risks. (FORBES.COM )

Haugh Takes Over as Leader of Cyber Command, NSA

Gen. Timothy Haugh has assumed leadership of both the National Security Agency (NSA) and U.S. Cyber Command following the retirement of Gen. Paul Nakasone. Haugh's appointment comes at a time of high geopolitical tensions and ahead of the 2024 elections, with concerns about potential foreign interference. Haugh, who previously served as deputy commander of Cyber Command, pledged to focus on personnel, technology innovation, and strengthening partnerships with allied nations. Nakasone, who held the position since 2018, has no specific plans for his next career move. (POLITICOPRO.COM )

US to Deny Visa for Involvement in Spyware Abuses

The Biden administration will deny U.S. visas to foreign nationals involved in the misuse of commercial spyware. The State Department will review credible information about an individual's involvement in supplying or profiting from spyware and make visa decisions on a case-by-case basis. The move aims to crack down on the use of surveillance tools by authoritarian governments to target dissidents, journalists, human rights activists, and U.S. government officials. The administration's focus on spyware vendors like NSO Group follows concerns about their malicious activities and the targeting of American officials. (POLITICOPRO.COM )

EU Capitals Fear Russian Retaliation and Cyberattacks After Asset Freezes

European Union governments are considering using frozen Russian assets worth around €200 billion as collateral for bank loans to finance Ukraine's reconstruction. The proposal, being discussed by the G7 group of industrialized nations, would seize the funds if Russia refuses to pay reparations after the war. However, there are concerns about potential Russian retaliation, including cyberattacks and appeals against Euroclear, the Belgium-based financial depository that holds the majority of Russian reserves in Europe. The EU is cautious about asset confiscation due to fears of tarnishing the reputation of the eurozone and triggering a backlash against European assets in Russia. (POLITICOPRO.COM )

GPT-4 Itchy to Launch Nuclear War

In a series of wargame simulations, an unmodified version of OpenAI's GPT-4 language model recommended the use of nuclear weapons when tasked with making high-stakes decisions. The researchers assessed five AI models and found that all exhibited forms of escalation and unpredictable patterns. GPT-4 Base, in particular, displayed violent and unpredictable behavior, even referencing "Star Wars Episode IV: A New Hope" to justify its choice to escalate. The study highlights the complexities and risks associated with deploying large language models in military and foreign policy decision-making. (FUTURISM.COM )

Washington Recruited Private Hackers for Help. Far-Right Pressure is Pushing Them Away.

Top cybersecurity experts involved in the Joint Cyber Defense Collaborative (JCDC) are retreating due to frustrations with management and pressure from conservative critics. The initiative, launched by the Cybersecurity and Infrastructure Security Agency (CISA), aims to enlist outside experts to fight cybercrime and state-backed hackers. However, concerns over CISA's efforts to combat disinformation and allegations of censorship have caused participants to fear being caught in the crosshairs. The pullback poses a challenge for the government's cybersecurity efforts, as most U.S. networks are privately owned. (POLITICOPRO.COM )

Deepfakes, Dollars And ‘Deep State’ Fears: Inside The Minds Of Election Officials Heading Into 2024

This article illuminates challenges facing those administering America's elections, from emerging synthetic media threats and scarce resources to distrust fueled by disinformation. Officials emphasize transparency, detailing efforts from legislative partnerships and technical briefings to de-escalation training addressing rising hostility. Congressional action appears unlikely, underscoring needs for sustained cooperation safeguarding the electoral process amid evolving complexities facing democracies globally. (CYBERSCOOP.COM )

DraftKings Hacker Gets 18-Month Sentence Aimed at 'Deterring' Similar Crimes

Joseph Garrison, a 19-year-old man who launched a cyberattack against DraftKings, has been sentenced to 18 months in jail and ordered to pay $1.3 million in restitution. Garrison engineered a hacking scheme that stole around $600,000 from 1,600 accounts on the sports betting platform. The judge emphasized the need to deter others and acknowledged the tragedy of the case, considering Garrison's age and the significant amount of money involved. Two other individuals were also arrested and charged in connection with the attack. (WASHINGTONPOST.COM )

Why Gen Z Is the New Force Reshaping OT Security

The rise of Gen Z in the workforce is driving the need for modernizing legacy operational technology (OT) systems to align with their technology habits, skills, and expectations. Outdated OT security processes hinder employee experience and can lead to higher turnover rates. By improving OT security, organizations can enhance employee retention, strengthen security and compliance, and support future innovation. This includes enabling remote access, implementing advanced access management solutions, and adopting comprehensive cybersecurity practices. Embracing these changes not only meets the needs of Gen Z but also ensures a more secure and efficient digital environment. (DARKREADING.COM )

Iranian Officials Linked to 'Malicious' Cyberattacks Targeting Critical US Infrastructure

The US Treasury Department has imposed sanctions on six Iranian government officials who have been linked to cyber attacks targeting critical infrastructure organizations in the US and abroad. The officials, part of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC), are accused of hacking and posting images on programmable logic controllers manufactured by an Israeli company. The US will use its tools and authorities to hold the perpetrators accountable. (CO.UK )

iPhone Under Attack: U.S. Government Issues 21 Days To Comply Warning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active attacks exploiting an iOS vulnerability, CVE-2022-48618, and given federal agencies 21 days to patch. Dating back to at least December 2022, the kernel flaw bypasses pointer authentication controls, posing "significant risks." All organizations are urged to timely address the issue tracked in CISA's Known Exploited Vulnerabilities catalog. CISA labeled it an active threat that Apple patched in iOS 16.2 and earlier versions. Binding directives require federal agencies to remediate identified vulnerabilities by due dates when added to the high-priority list. (FORBES.COM )

We Need Cybersecurity in Space to Protect Satellites

Satellites play indispensable roles enabling navigation, communication, and commerce globally. But incidents like the 2022 hacking of Viasat and SpaceX systems show satellites now face escalating cyber threats. Attacks could severely disrupt critical infrastructure and services. Cybersecurity experts urge fortifying satellites given the soaring risk. Though securing space tech can be costly and complex, the damage from attacks would be far worse. New standards, collaborative R&D, and policymaker focus on the issue are vital steps. Prioritizing satellite cybersecurity now protects our interconnected world's fabric. Inaction risks jeopardizing safety and prosperity. Investing to safeguard celestial sentinels secures our digital age advancement. (SCIENTIFICAMERICAN.COM )

The Ransomware Business Is Booming, Even as Enforcers Shut Down Some Major Players

Despite high-profile takedowns of groups like Hive and Ragnar Locker in 2023, Palo Alto Networks found a 49% increase in ransomware leak site posts identifying nearly 4,000 victims. The rise was fueled by attacks exploiting software vulnerabilities. The US saw the most incidents across manufacturing, legal, and tech. Still, new ransomware-as-a-service sites accounted for 25% of attack posts as the criminal business model persists. Law enforcement has disrupted major players but ransomware continues thriving overall by adjusting tactics to organizations' security improvements. (THEVERGE.COM )

Ivanti Warns of New Connect Secure Zero-Day Exploited in Attacks

Ivanti has disclosed two more vulnerabilities impacting its Connect Secure, Policy Secure, and ZTA gateway products, including a zero-day flaw being actively exploited to bypass authentication and access restricted resources. A second flaw allows privilege escalation to admin level. Ivanti has released patches and mitigations. This comes after two other zero-days exploited since January in widespread attacks, prompting a CISA emergency directive. (BLEEPINGCOMPUTER.COM )

Supplemental Direction V1: Emergency Directive 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a supplemental directive requiring federal agencies using Ivanti Connect Secure or Ivanti Policy Secure products to immediately disconnect them from agency networks. Agencies must reset passwords, revoke tokens, rebuild devices, and upgrade software. CISA will provide reporting templates and technical assistance to help agencies comply. (CISA.GOV )

Lessons From Israel’s Rise as a Cyber Power

This analysis examines Israel's experience adapting to intensifying cyber threats and cultivating capabilities, finding its whole-of-nation ecosystem approach and cultural diversity foster innovation that aids defense yet cautions against premature doctrines, underscoring lessons for coordinating multi-sector progress amid evolving challenges. (LAWFAREMEDIA.ORG )

Chicago Children’s Hospital Network Down as Experts Warn of Rising Cyber Threats

Lurie Children's Hospital in Chicago has taken its network offline due to a "cybersecurity matter," causing disruptions to scheduled surgeries and communication channels. While the hospital has not confirmed if it was a cyber attack, the incident highlights the increasing cyber threats faced by healthcare organizations, with data breaches in the sector reaching a record high last year. Experts warn that ransomware attacks targeting hospitals can have severe consequences, impacting patient care and posing a national security risk. (STATNEWS.COM )

New Summits Aim to Strengthen Cybersecurity for U.S. Courts

A series of cyber resiliency summits is set to launch later this year to help U.S. courts prepare for and recover from cyber incidents. The summits, organized by the National Center for State Courts and Joint Technology Committee in partnership with the Center for Internet Security, will provide free resources and training to high-ranking judicial officers, court administrators, and IT staff. The goal is to enhance cybersecurity defenses and enable courts to respond more effectively to cyber disasters. (GOVTECH.COM )

Subscribe to our LinkedIn Cyber Briefing .

Subscribe to our Cyber Focus podcast .

Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.

Follow the McCrary Institute on: LinkedIn , Twitter , Threads , Instagram , Facebook , and YouTube .