DeepSeek, Smaller Organization GDP v. Cyber Coverage, and Scam Stories: Cybersecurity News of the Week & Patch Report, February 23, 2005

Stan's Corner

Based on reasonable estimates:

• The Federal Government directly manages only about 15% of the nation’s IT infrastructure.
• Large private-sector companies manage about 70% - the vast majority - of the infrastructure.

We expect these organizations to provide the needed management, resources, and budgets to manager their 85% of the total.

The remaining 15% of the nation's IT infrastructure is managed by smaller organizations.

Managing only a small fraction of our IT infrastructure (15%), smaller organizations contribute mightily to our economic success, employing about 45% of the workforce and contributing about 45% to our GDP.

These smaller businesses - small manufacturers, the post-production industry here in Southern California, restaurants, the local dry cleaner, your accountant and lawyer, perhaps your water district - are sadly unprepared for cyber-disruption. Too often they lack the management expertise and the resources to secure their vital 15%.

This is why these smaller businesses and nonprofits are victimized in approximately 70% of all cybercrimes.

In response, organizations like SecureTheVillage, CyberWyoming , the Cyber Readiness Institute , Sightline Security , and others have built special programs to help these smaller organizations. SecureTheVillage, for example, built our SoCal Cybersecure? program to specifically address the needs of smaller organizations to prepare for cyber-disruptions and effectively manage the continuity of their business operations during the inevitable disruptions.

If every smaller business and nonprofit managed their cybersecurity to basic reasonable standards, America's overall security would be significantly improved.

So when you think national security, remember the importance of our smaller businesses and nonprofits to national security.

Our headline story:

• Former NSA, Cyber Command chief Paul Nakasone says U.S. falling behind its enemies in cyberspace: In a wide-ranging speech and interview, Nakasone also talked about Trump administration moves and the shape of cyber offensive operations. ?… The United States is falling “increasingly behind” its adversaries in cyberspace, a former Cyber Command and National Security Agency boss said Saturday. … Speaking at the DistrictCon cybersecurity conference in Washington, D.C., retired Gen. Paul Nakasone said that “our adversaries are continuing to be able to broaden the spectrum of what they’re able to do to us.” … Nakasone said incidents like Chinese government-backed breaches of U.S. telecommunications companies and other critical infrastructure — as well as a steady drumbeat of ransomware attacks against U.S. targets — illustrate “the fact that we’re unable to secure our networks, the fact that we’re unable to leverage the software that’s being provided today, the fact that we have adversaries that continue to maintain this capability.”

From SecureTheVillage

We're ready to partner with:

• 10 IT Service Providers / MSPs wanting to up their security game and grow their business.
• 20 smaller business owners and nonprofit leaders committed to improving their cybersecurity.
• 10 law firms and banks who seek competitive advantage by partnering with us.
• 3 large corporations who want to join us in bringing cybersecurity to an under served Los Angeles.
• 3 new governing board members skilled in fundraising and community building

SecureTheVillage FREE Newsletters. Sign up or share with a friend!

• Cybersecurity News of the Week & Weekend Patch Report. Our award winning newsletter. Essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned.
• Family Protection Newsletter: Our monthly newsletter for non-cyber experts. For your parents, friends, and those who need to protect themselves in a digital world.

SecureTheVillage Guides for families and individuals

• NEW: After a Disaster: A Guide to Keep Your Phone Secure, Safeguard Your Information, and Avoid Being Scammed. This is a concise guide on how to protect yourself from scams in the aftermath of a local disaster, whether it's an earthquake, major fire, hurricane, or other crisis.
• How Hackable Are You? Strengthen your cybersecurity and privacy defenses with our free updated 13-step guide.
• Guide to Password Managers. What you need to know to get a password manager that's right for you.

Please Support SecureTheVillage: We need your help if we're to build a world of CyberGuardians. Please donate to SecureTheVillage.

Cybersecurity Nonprofit of the Week

Our kudos this week to the Cyber Readiness Institute (CRI) and the great work they do helping our smaller organizations manage their information security challenges. CRI’s Cyber Readiness Program helps organizations protect their data, employees, vendors, and customers. This free, online program is designed to help small and medium-sized enterprises become more secure against today’s most common cyber vulnerabilities. Their free Cyber Leader Certification Program is a personal professional credential for those who have completed the Cyber Readiness Program. Both are highly recommended. The Cyber Readiness Institute plays a major role in SoCal Cybersecure?, SecureTheVillage's learn-by-doing Cohort program for smaller businesses and nonprofits. Like SecureTheVillage, the Cyber Readiness Institute is a fellow-member of Nonprofit Cyber. Dr. Stahl is a proud member of CRI’s Small Business Advisory Council.

Section 2: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.?

Sad. Terribly sad. Too many people continue to be victimized by cyber scams. ?All of us have to help spread the word. Our monthly Family Protection Newsletter can help.

• Queens woman loses nearly $700,000 to scammers. Her family says they found out through GoFundMe: A Queens woman was tricked into draining her life savings through an elaborate scheme that went on for weeks, and her family says they had no clue. … The scam involved talking computers, fake officials and gold bars. … Scammers claimed to be with FTC, said victim's money wasn't safe
• Washington woman’s life savings wiped out by gold coin scam: The FBI says tech support scams involving gold coins are on the rise in western Washington. … After a stellar career as a social worker and mental health program manager for the state of Washington, 73-year-old Barb Putnam, of Olympia, has lost the majority of her life savings through a scam the FBI says is on the rise in western Washington. … The scheme involved Putnam initiating, under duress, transfers of large sums of money from her investment account to her local U.S. Bank branch, then having the bank wire all the money to an online gold coin dealer.

Different passwords for different websites. This is Control #8 in SecureTheVillage's How Hackable Are You Guide. Download it now. Share with your friends and colleagues.

• If You Use The Same Password For Different Websites, We Have Some Bad News For You: Even just changing your password a little bit isn't good enough. … Everyone knows that they shouldn’t use the same password for every website, but how many of us actually follow that rule? … Not many, according to a Forbes report, which found that more than 70% of people use the same password for multiple logins. … Here’s why experts say you really shouldn’t reuse passwords:

In a move to protect consumers, JPMorgan is restricting the use of Zelle to pay for purchases on social media.

• JPMorgan Chase launches new restrictions on Zelle after $870 million lost in scams at Chase, Bank of America and Wells Fargo: The controversial payment service Zelle has been used by fraudsters, leading to a massive lawsuit against the operator and three big banks. … One of America’s biggest banks is making big changes after customers lost hundreds of millions of dollars in scams utilising the peer-to-peer payment system Zelle. … From March JP Morgan Chase will begin blocking Zelle payments that are linked to social media contacts or online marketplaces. The bank may ask customers to specify the reason for the payment and the medium of communication, blocking any transaction that appears risky. … “To help protect you from fraud and scams, the Zelle Service should be used for payments between friends, family, and others you trust and should not be used to pay for goods from recipients with whom you are not familiar,” a new notice from JP Morgan Chase explained. … “The Service is not intended, and should not be used, for the purchase of goods from retailers, merchants, or the like, including on or through social media or social media marketplaces or messaging apps.”

Section 3: Cybersecurity and Privacy News for the Cyber-Concerned.

An in-depth story from The New York Times of how the President of Heartland Tri-State Bank in Elkhart, Kansas, was victimized by scammers. Total community losses: $47.1 million.

• The Cryptocurrency Scam That Turned a Small Town Against Itself: How did a successful, financially sophisticated banker gamble his community’s money away? … Jim Tucker could hardly believe what he was hearing. It sounded like fiction, a nightmare too outlandish for an unassuming town like his. … It was July 2023, and Tucker was hosting a meeting of the board of Heartland Tri-State Bank, a community-owned business in a small Kansas town called Elkhart. Heartland was a beloved local institution and a source of Tucker family pride: Jim served on the board with his elderly father, Bill, who founded the bank four decades earlier. All the board members — the Tuckers and several other farmers and businesspeople — had known one another for years. … That evening, however, they were gathering to discuss what seemed, on its face, an epic betrayal. Over the past few weeks, the bank’s longtime president, a popular local businessman named Shan Hanes, had ordered a series of unexplained wire transfers that drained tens of millions of dollars from the bank. Hanes converted the funds into cryptocurrencies. Then the money vanished.

Two stories on the present and emerging dangers of LLMs. The first about the South Korean ban on Chinese DeepSeek. The second, from The Wall Street Journal, is a more general risk-review of LLMs.

• South Korea Bans Downloads of DeepSeek, the Chinese A.I. App: Regulators said they would suspend the app until they could be sure it complied with the country’s data protection laws.
• Large Language Models Pose Growing Security Risks: Companies must cope with risks on their own, at least for now. Government isn’t ready. … Cybersecurity threats are bound to multiply as large language models are commoditized, a process that seemed to take a big leap forward when China’s DeepSeek apparently showed LLMs can be built at lower cost than previously thought. … More powerful and pervasive large language models are creating a new cybersecurity challenge for companies. … The risks posed by LLMs, a form of generative artificial intelligence that communicates through language in a humanlike way, are already manifold. There is, for example, a danger that sensitive corporate or personal information inadvertently or deliberately will be exposed to models widely accessible to the public. There is also a possibility models can bring unsafe code or data into a company. … Such threats are bound to multiply as LLMs are commoditized, a process that seemed to take a big leap forward when China’s DeepSeek apparently showed LLMs can be built at lower cost than previously thought.

As pig butchering scams continue climbing, kudos to Thailand for disrupting the pig butchering farms in Myanmar, rescuing thousands who had been kidnapped and forced to fleece others.

• Pig butchering scams stole $5.5B from crypto investors in 2024 — Cyvers: Pig butchering scams have emerged as one of the most pervasive threats to cryptocurrency investors, with losses in the billions of dollars across 200,000 identified cases in 2024, according to a report from onchain security firm Cyvers, shared exclusively with Cointelegraph.
• Thousands rescued from illegal scam compounds in Myanmar as Thailand launches huge crackdown: Myanmar, Cambodia and Laos have become havens for criminal syndicates operating online scam operations and tricking thousands into enslaved work. … About 7,000 people have been rescued from illegal call centre operations in Myanmar and were waiting to be transferred to Thailand, prime minister Paetongtarn Shinawatra said on Wednesday, as the country launched a large-scale crackdown on scam centres operating on the border. … The prime minister’s announcement came after Thai police said they were preparing to receive up to 10,000 foreigners rescued from a network of notorious scam centres. … Myanmar, Cambodia and Laos, which share borders with Thailand, have in recent years become havens for transnational crime syndicates operating online scam operations, including romance scams, bogus investments and illegal gambling.

In another attack on our privacy, Google's new digital fingerprinting ad tracking policy makes it harder (impossible?) to maintain online privacy.

• New Google ad tracking policy a ‘Pandora’s box’ for privacy, experts warn: Google's new ad tracking policy is drawing scrutiny from regulators and privacy watchdogs who say it makes it harder for users to be anonymous online. … On Sunday, the search giant switched from enabling cookies to so-called digital fingerprinting. … Digital fingerprints allow advertisers and data brokers to collect consumer data based on internet users’ activities across web browsers, online sessions and often multiple devices. Google’s new policy enabling them will make it difficult for people online, including those using VPNs, Tor and privacy browsers, to stay anonymous, experts say. … To block cookies, individuals can use ad blockers, cookie blockers and incognito mode or clear their cookie cache, but with digital fingerprinting those protections aren't available.

Two stories on the scammers. The first has a piece of schadenfreude along with the warning that Russian cyber-gangs should be wary of attacking Russian companies. The second about a new ransomware group from China that includes a familiar warning to IT departments and MSPs: Patch Now.

• Leaked chat logs expose inner workings of secretive ransomware group: Researchers are poring over the data and feeding it into ChatGPT. … More than a year’s worth of internal communications from one of the world’s most active ransomware syndicates have been published online in a leak that exposes tactics, trade secrets, and internal rifts of its members. … The communications come in the form of logs of more than 200,000 messages members of Black Basta sent to each other over the Matrix chat platform from September 2023 to September 2024, researchers said. The person who published the messages said the move was in retaliation for Black Basta targeting Russian banks. The leaker's identity is unknown; it’s also unclear if the person responsible was an insider or someone outside the group who somehow gained access to the confidential logs. … Last year, the FBI and Cybersecurity and Infrastructure Security Agency said Black Basta had targeted 12 of the 16 US critical infrastructure sectors in attacks mounted on 500 organizations around the world. One notable attack targeted Ascention, a St. Louis-based health care system with 140 hospitals in 19 states. Other victims include Hyundai Europe, UK-based outsourcing firm Capita, the Chilean Government Customs Agency, and UK utility company Southern Water. The native Russian-speaking group has been active since at least 2022.
• Ghost Ransomware Targets Orgs in 70+ Countries: The China-backed threat group often acts swiftly, going from initial access to compromise in just one day, a behavior atypical of cybercriminal groups. … The China-backed Ghost ransomware group has racked up victims across more than 70 nations since 2021, by targeting vulnerable Internet-facing systems, often moving swiftly from initial access to compromise in just one day. … The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on Feb. 19 that sheds new light on how the prolific ransomware group operates, as a warning to organizations with systems running outdated versions of software and firmware with known vulnerabilities, which the group has been using to mount successful attacks. The advisory is part of the agency's #StopRansomware campaign.

This week in cybercrime

• Hackers Steal $1.5 Billion in Biggest Cryptocurrency Heist in History: Hackers have stolen $1.5 billion in digital assets from Bybit, marking the biggest cryptocurrency heist in history. Bybit, a renowned cryptocurrency exchange, confirmed the breach on Friday.
• As US newspaper outages drag on, Lee Enterprises blames cyberattack for encrypting critical systems: Newspaper publishing giant Lee Enterprises said an ongoing cyberattack is causing disruptions across its business, and is now in its third week of outages. … In a filing with the U.S. Securities and Exchange Commission, Lee said it was conducting a forensic analysis to determine if sensitive or personal data was stolen in the cyberattack. … Lee said it anticipated the outages to last for several more weeks as the company restores affected systems. The company said it had notified law enforcement. … “The incident impacted the Company’s operations, including distribution of products, billing, collections, and vendor payments. Distribution of print publications across our portfolio of products experienced delays, and online operations were partially limited,” the company said in the filing. … Lee is one of the largest newspaper publishers in the United States, and provides publishing and website services to 72 publications across the country.
• Venture capital giant Insight Partners hit by cyberattack: New York-based venture capital and private equity firm Insight Partners has disclosed that its systems were breached in January following a social engineering attack. … The company manages over $90 billion in regulatory assets and has invested in over 800 software and technology startups and companies worldwide during its 30 years of activity. … In a statement released Tuesday, the firm said some of its information systems were breached on January 16 through "a sophisticated social engineering attack."

Section 4: For Smaller Businesses and Nonprofits

• Patch Now: CISA Warns of Palo Alto Flaw Exploited in the Wild: The authentication bypass vulnerability in the OS for the company's firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.
• Atlassian Patches Critical Vulnerabilities in Confluence, Crowd: Atlassian has released patches for 12 critical- and high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd, and Jira.
• New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now: Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. … Both the vulnerabilities have been addressed in version OpenSSH 9.9p2 released today by OpenSSH maintainers.

Section 5: Weekend Patch Report

Keeping your computers, smartphones, notepads and other devices patched and updated is #4 on SecureTheVillage's How Hackable Are You Guide. While patching is increasingly automated, it's important to double-check that it's being done. The following lists current versions of common software programs. Items in Bold have been updated in the past week. Updates are usually available from within the program. If not, updates can be downloaded from the company's website.

7-Zip 24.09.

Adobe Acrobat Reader updated to 2024.005.20414

AVG 25.1.3366.

Apple iOS 18.3.1

Apple iPadOS 18.3.1

Apple macOS Sequoia 15.3.1

Apple macOS Sonoma 14.7.4

Apple macOS Ventura 13.7.4

Apple watchOS ?11.3.1

Apple tvOS 18.3

Apple visionOS 2.3.1

Apple Safari 18.3

Brave updated to 1.75.180.

CCleaner updated to 6.33.11465.

Chrome updated to 133.0.6943.127.

Discord updated to 1.0.9183.

Dropbox updated to 218.4.4348.

Edge updated to 133.0.3065.82.

ExpressVPN 12.96.0.10

Firefox updated to 135.0.1.

Foxit Reader 2024.4.0.27683.

Google Drive for Desktop updated to 104.0.4.0.

iTunes updated to 12.13.5.3.

KeePass 2.57.1.

Malwarebytes 5.2.6.163.

Microsoft 365 & Office

Microsoft Windows

Notepad++ 8.7.7.

OneDrive updated to 25.015.0126.0002.

Opera Chromium updated to 117.0.5408.35.

Skype 8.136.0.203.

Spotify 1.2.56.502.

TeamViewer 15 15.62.4.

Thunderbird ESR 128 updated to 128.7.1.

Thunderbird ESR 128 128.7.0.

Zoom updated to 6.3.10.59437.

About SecureTheVillage:

The vision of SecureTheVillage is to make Southern California the cyber-safest metropolitan region in the United States for smaller businesses, nonprofits, families, and individuals. Making this happen takes a village.

Follow Stan Stahl, PhD on LinkedIn!

Support SecureTheVillage: We need your help if we’re to build a world of CyberGuardians?. Donate to SecureTheVillage.

It takes a village to secure the village.?