Your Daily Decrypt

8/07/2023 - Today’s news and insights for cybersecurity pros and leaders

📸 Cybersecurity Snapshot

Here's a graphical representation of the provided cyber attack vectors. The horizontal axis represents the frequency or potential impact of each vector on an arbitrary scale. Note that the values are for demonstration purposes and provide a visual sense of the importance or frequency of each vector.

📰 Top Stories

Cybercriminals unleashed a ransomware assault on Prospect Medical Holdings, shuttering emergency rooms across several states. The breach sent hospitals scrambling, with many reverting to paper systems. The FBI is now digging into the incident, as healthcare remains a prime cyberattack target—costing the industry a staggering average of $11 million per breach.

A deep learning model, developed by UK researchers, can eavesdrop on and decode keystrokes with 95% accuracy using sound alone. Its proficiency only slightly diminishes on platforms like Zoom and Skype, dipping to 93% and 91.7% respectively. The breakthrough underscores the potential for new malware variants that exploit sound to pilfer personal data. This sound-based threat gains traction as machine learning evolves and high-quality microphones become more accessible.

The Colorado Department of Higher Education (CDHE) revealed a June ransomware attack that compromised data from students, former students, and educators. The cyber intruders accessed the CDHE systems from June 11-19, 2023, pilfering names, social security or student IDs, and educational records. Those potentially affected span a broad range of involvement with Colorado education institutions from 2004-2020. As the probe continues, CDHE promises notifications and 24 months of Experian IdentityWorksSM as a safeguard.

Even Congress isn't immune to cyberattacks, with personal data of lawmakers found on the dark web. While a 2021 IBM report indicated PII was involved in 44% of breaches, the first quarter of 2023 saw about 89 million Americans compromised. Businesses must reconsider the essentiality of the data they collect. Adopting verified digital IDs can reduce data storage, thereby diminishing hacker incentives.

🚨 Threat Alerts

Cyberattackers exploited a zero-day flaw in Salesforce's email services in a phishing scheme targeting Facebook users. Using legitimate Salesforce infrastructure, they masked their intentions, sending emails appearing to come from "Meta Platforms" containing authentic Facebook links. Victims were redirected to a fake Facebook domain, tricked into sharing personal details. Both Salesforce and Facebook parent Meta have taken corrective actions.

The fifth edition of Cyber Signals highlights escalating cybersecurity threats facing large venues and sporting events, drawing insights from the FIFA World Cup 2022™ in Qatar. With the global sports market exceeding USD600 billion, interconnected venues and networks make athletes, teams, and attendees prime targets for cybercriminals. The report emphasizes the need for comprehensive security frameworks, including firewalls, encryption, regular audits, and user training, to protect against threats and safeguard valuable data.

The Russia-linked APT group, BlueCharlie, has revamped its attack infrastructure following exposure in recent reports. Active since 2017, this group predominantly targets NATO countries and focuses on entities ranging from defense sectors to think tanks. Recorded Future noted that BlueCharlie is creating 94 new domains for potential phishing campaigns, indicating their adaptive approach and heightened sophistication in response to security research.

⚖️ Regulatory Updates

Cybersecurity remains a focal point for federal and state policymakers, with a surge in new proposals, tasks, and legislative efforts. This surge includes sector-specific initiatives, public company cyber incident reporting obligations, and the creation of the Office of the National Cyber Director (ONCD) to streamline cybersecurity policy. Amidst this evolving landscape, the ONCD has released a request for information, seeking feedback on harmonizing cybersecurity regulations. Stakeholders have until September 15, 2023, to provide their insights.

A bipartisan bill aiming to create an Office of Policy Development and Cybersecurity within the National Telecommunications and Information Administration (NTIA) has passed the House. Introduced by Rep. John Curtis and co-sponsored by Rep. Susan Wild, the legislation focuses on bolstering policies for internet and communication tech, promoting innovation, competition, and enhancing cybersecurity resilience. The bill had previously been introduced in the 117th Congress but didn't reach a vote. Companion legislation has also been introduced in the Senate.

CISA's FY2024-2026 Cybersecurity Strategic Plan emphasizes collaboration, innovation, and accountability. The plan focuses on three core goals: addressing immediate cyber threats, hardening the digital landscape against attacks, and driving security throughout tech product lifecycles. With an emphasis on measurable outcomes, CISA underlines the necessity for collective efforts among all sectors to ensure cybersecurity.

👀 Curated Finds

Ankita Dhakar (@expankita) shares a thread for those seeking remote cybersecurity jobs. She recommends three platforms:

𝐇𝐢𝐫𝐞𝐝 (@Hired_HQ) for connecting with leading companies looking for cybersecurity experts.

𝐅𝐥𝐞𝐱 𝐉𝐨𝐛𝐬 (@FlexJobs) to find remote roles that align with skills and schedules.

𝐉𝐨𝐛𝐬𝐩𝐫𝐞𝐬𝐬𝐨 (@Jobspresso) for leisurely browsing remote opportunities.

An Australian, Sarah Luke, victimized by a Paypal credential stuffing attack, has been fined $1.21 million by Adidas and the NBA after her account was used to sell counterfeit items. Luke believes her details were compromised in the Medibank data leak in October 2022. She faced charges including cyber squatting, trademark infringement, and IP infringement after her Paypal was used for fraudulent transactions in December 2022. Luke is seeking legal recourse and has engaged a US intellectual property lawyer to overturn the rulings.

Microsoft inadvertently exposed its internal 'StagingTool' utility for Windows 11, which activates concealed features known as 'Moments'. Previously only for internal use, the tool's existence was mistakenly made public during a Feedback Hub quest. Though Microsoft has since restricted access to the tool, Windows aficionados are now using this official tool to activate these concealed features. The utility, while intriguing, can introduce system instability, so it's advised to test on non-primary installations.

Hacktivism, the merger of hacking and activism, now increasingly relies on cybercrime techniques for funding. According to cybersecurity firm Kela, hacktivists use ransomware attacks, cryptocurrency theft, and credit card fraud to fuel their operations. This blend of financial gain and ideology blurs the line between hacktivism and cybercrime, posing a challenge for security experts. As hacktivist methods evolve, a comprehensive approach addressing these multifaceted threats is essential.

Thank you 🙏
Ali Abidi