Like a sandworm leaving spice on Dune, the March Defrag is here, breaking down the month's news so you don't have to. The Cybersecurity must flow, so read on, you Intrepid Cybersecurity Heroes.
VULNS
BitLocker back in the Hurt Locker
A decade-old vulnerability in BitLocker encryption has reemerged, proving to be a thorn in the side of 2023 laptops equipped with Windows 11. This stubborn flaw facilitates the theft of BitLocker keys by exploiting the unshielded communication channel between the CPU and the laptop's discrete Trusted Platform Module (TPM). This vulnerability casts a wide net, potentially ensnaring any modern laptop sporting a discrete TPM.
However, it's not all doom and gloom. The silver lining here is that exploitation requires direct physical access to the device. To sidestep this security pitfall, we can avoid using TPM for BitLocker altogether, leaning instead on alternative fortifications like secondary passwords or external security keys. Moreover, laptops with TPMs integrated into their Intel or AMD CPUs might stand as our digital citadels against such intrusions.
AceMagic rolls out a free spyware with each purchase deal
Ace Magic's hot take on "value add" saw some of their mini-PCs come straight out of the box with an unwelcome extra: factory-installed spyware. This invasive software isn't just taking a silent tour of the systems; it's actively pilfering stored passwords, keeping a record of keystrokes, and siphoning off other critical information. Alarmingly, this issue isn't just a one-off, with 50 security vendors raising red flags and numerous users echoing similar experiences of malware mischief in their AceMagic devices. AceMagic has hustled out a revised version of the affected mini-PCs, hoping to quarantine this digital epidemic to just a few unfortunate batches. While this isn't their first rodeo with pre-installation problems, the presence of malware takes the concern to a whole new level.
From Protectors to Profiteers: The Avast Dilemma
Avast has been slapped with a hefty $16.5 million fine by the FTC. The cybersecurity giant was caught red-handed for collecting and peddling customer data without consent. From 2014 to 2020, Avast was not just an antivirus protector but also a data harvester, delving into users' web browsing details and then selling this treasure trove to third parties. Their attempt at anonymizing this data turned out to be less than effective, with unique identifiers leading right back to the user. Avast claimed their software would shield users from tracking, only for it to end up being the tracker itself. The FTC's crackdown doesn't end at the fine; Avast is now barred from selling browsing data and must delete all information gathered by Jumpshot, their now-defunct data-harvesting arm. They're also tasked with informing affected customers about this breach of trust. This cautionary tale underscores the critical importance of transparent and ethical handling of customer data.
INSIGHTS
Making sure Skynet has an off-switch
California is setting the stage for AI regulation with a new bill introduced by State Senator Scott Wiener. This landmark legislation demands rigorous pre-release testing of significant AI models, ensuring they come equipped with an emergency shut-off mechanism and robust hacking protections. A notable aspect is the establishment of a Frontier Model Division within the California Department of Technology to oversee compliance, focusing primarily on large-scale AI systems. The initiative also introduces CalCompute, a public effort to provide shared computing resources, promoting AI innovation while ensuring safety. This move by California, a key player in the AI industry, could significantly influence broader AI regulatory practices. Despite its comprehensive approach, the bill has faced criticism for not addressing issues like algorithmic bias. As federal progress on AI regulation remains sluggish, California's proactive steps highlight the growing need for such frameworks in the evolving digital landscape.
Five simple ways to protect yourself from being hacked.
LadBible offers the following key strategies to bolster your cybersecurity posture:
Strong Passwords: Utilize a password manager to generate and store robust, unique passwords for each of your accounts. This simple step is your first line of defense.
Antivirus Software: Ensure your devices are equipped with up-to-date antivirus software to detect and neutralize threats before they can cause damage.
RFID Protection: Consider an RFID blocking wallet to shield your credit cards from unauthorized scanning and cloning.
Web Safety: Steer clear of suspicious websites. Heed your browser's warnings about potentially unsafe sites and double-check URLs for legitimacy.
Skepticism is Healthy: If an offer or opportunity seems too good to be true, proceed with caution. Often, these are traps set by cybercriminals to lure unsuspecting victims.
As always we would add enabling Multifactor to the list, for any of your accounts that offer it.
Ransomware Attacks Soar by 49% Despite Global Law Enforcement Efforts
2023 has marked a notable year for the growth of ransomware groups, underscoring the persistent challenge they pose. According to a report from Palo Alto Networks' Unit 42, there has been a staggering 49% increase in the number of victims reported on ransomware leak sites, totaling nearly 4,000 incidents. This upsurge is largely attributed to the exploitation of zero-day vulnerabilities, highlighting the sophistication and adaptability of these cybercriminal entities. The report also sheds light on the dynamic nature of the ransomware ecosystem, noting the emergence of 25 new leak sites offering ransomware-as-a-service, despite the apparent shutdown of around five such platforms. While law enforcement agencies have made notable strides in disrupting major players, the continuous adaptation and resilience of ransomware groups present an ongoing battle. Let's stay informed and proactive in our efforts to safeguard our digital environments against these evolving threats.
LockBit and Law Enforcement play Cops and Robbers
LockBit has swiftly rebounded from a significant law enforcement operation that disrupted their operations less than a week ago. Despite the setback, LockBit has relaunched on a new infrastructure, signaling a potential shift in their attack focus towards government entities. This move comes after authorities successfully penetrated their servers, an event LockBit attributes to their own complacency and failure to update critical software components in a timely manner. The group's comeback was marked by the establishment of a new data leak site, showcasing victims pending data release, and an admission of their previous security lapses. Notably, LockBit's introspection on the breach reveals a critical vulnerability in their outdated PHP server, which they believe led to the compromise. In response, LockBit has pledged to enhance their security measures, decentralize their operations, and offer incentives for vulnerability reporting in their system.
BREACHES
It's not us, It's You. Caesars Entertainment breaks up with DEF CON after $15 Million Hack
Caesars Entertainment has ended its long-standing 25-year partnership with DEF CON, following a cyberattack where hackers demanded a $15 million ransom from Caesars. The decision to part ways was sudden and left DEF CON organizers seeking clarity on the matter, though they've stated the separation was on amicable terms. This move by Caesars, coming in the aftermath of a costly hack—albeit one covered by insurance—suggests a reconsideration of the risks associated with hosting a hacker-focused event. Despite this setback, DEF CON has swiftly secured a new location in Las Vegas for its 2024 event, ensuring the continuity of one of the largest gatherings in the cybersecurity community. While Caesars Hotel physical security likely won't miss having road flares thrown into elevators, the convention center is a great venue, too.
Sacre Bleu! Data of half the population of France stolen in its largest ever cyberattack.
Over 33 million people in France, have been affected by the country's largest-ever cyberattack. Two service providers for medical insurance companies, Viamedis and Almerys, were targeted in cyberattacks that occurred five days apart in early February. The attackers utilized phishing techniques to obtain health professionals' logins and accessed a portal used by health professionals. The French data protection authority (CNIL) assured that no bank details, medical data, postal addresses, telephone numbers, or emails were involved. The CNIL cautioned users about phishing risks and advised careful verification of the authenticity of communications from official organizations.
FBI Counteracts Chinese Malware in SOHO Routers to Protect US Infrastructure
The FBI has taken proactive steps to neutralize a malware threat orchestrated by Chinese state-sponsored hackers by remotely purging the KV Botnet malware from numerous small office and home office routers, predominantly Cisco and Netgear. This malware, linked to the Volt Typhoon group, was aimed at commandeering these devices to launch attacks on critical US infrastructure. With the necessary legal permissions, the FBI intervened by sending commands directly to the infected routers to eliminate the malware and safeguard against future infections. This operation underscores the critical security challenges posed by outdated devices, which can serve as gateways for cyber threats not only to the device owners but also to the broader public and critical national infrastructure.
FTC orders Blackbaud to boost security after massive data breach
In a notable development, Blackbaud, a prominent provider of cloud-based donor management software, has reached a settlement with the Federal Trade Commission (FTC) following a severe data breach and ransomware attack in May 2020, impacting millions. The FTC's allegations highlight Blackbaud's insufficient security measures, including inadequate monitoring for hacking attempts, lack of data segmentation and deletion, and the absence of multifactor authentication and robust password policies. To rectify these issues, Blackbaud is mandated to enhance its security protocols, establish a comprehensive information security program, and implement a data retention schedule. This settlement follows a $3 million SEC settlement and a $49.5 million resolution of a multi-state investigation earlier. Blackbaud is also required to maintain transparency about its data security and retention practices and to report any future data breaches promptly to the FTC.
AnyDesk Breach Compromises Code Certificates and Spurs Urgent Protective Measures
AnyDesk Software GmbH, recently disclosed a network breach that compromised their source code and code signing certificates. Although AnyDesk has completed remediation and reports no evidence of end-user device compromise, the lack of a detailed breach timeline raises concerns. Security experts warn that compromised certificates could allow attackers to create signed malware or trojanized AnyDesk versions, potentially bypassing security measures. In response, it's recommended to update AnyDesk installations, review system logs for suspicious activity, and engage in threat hunting for signs of compromised certificates. Kaseya Labs found many networks running vulnerable AnyDesk versions, urging immediate updates or service shutdowns until security is confirmed. AnyDesk has revoked web portal passwords and advises password changes, especially for reused ones, although no end-customer data exposure has been confirmed yet.
All External Service Providers Are Not Equal
The DOD released a memo outlining what FedRAMP equivalency for Cloud-based external Service providers looks like. There are still significant questions surrounding the requirements, but it is likely that ESPs will need to be successfully assessed at NIST 800-53 moderate level by a certified C3PAO.
HIPAA OCA Small Breach Reporting Deadline
As any company handling healthcare information should know, there are proscribed reporting requirements to HHS Office for Civil Rights (OCR). Larger breaches, those exposing the information of more than 500 individuals, have a 60-day reporting requirement. Breaches that impact less than 500 individuals have a yearly reporting of deadline of March 1. If March crept up on you and you haven't reported a breach exposing less than 500 individuals to OCR, get on it. It's also important to note that this deadline relates solely to reporting to OCR. Any breach of healthcare information carries with it a host of other reporting requirements, most important among them, to those whose data has been breached.
March 1, 2023: HIPAA Breach Notification Rule Deadline for Reporting Small Data Breaches (hipaajournal.com)
UPCOMING EVENTS
Sunshine Cybercon Tampa - March 27-28, 2024
Meet us at Sunshine Cybercon in Tampa, a two-day event that is tailored for senior-level professionals, offering a blend of insightful presentations by industry leaders, wisdom from keynote speakers, and dynamic panel discussions.
Cybersecurity Summit Baltimore - April 4, 2024
The Inaugural Baltimore Cybersecurity Summit connects C-Suite & Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts.
CISO Initiative Summit – Fort Myers June 5-6, 2024
Save the date! Get ready to geek out with principia/RAID as we launch The CISO Initiative, an exciting new chapter built on the foundation of the acclaimed CIO Initiative summits. Expect a tour through the latest in tech, cyber-smarts, and leadership wizardry, all served up by the brightest minds in our field. Networking is at the heart of the event, offering unmatched opportunities to connect with peers, forge valuable partnerships, and engage in thought-provoking discussions. Our crew from principia/RAID will be in the mix, sharing insights and maybe a joke or two.
That's all for this month's issue of principia/RAID's Defrag. Stay vigilant, Stay secure, and until next time, Long Live the Cybersecurity Heroes!
principia/RAID Digital Security delivers information technology advisory and consulting services with a specific focus on vCISO services, information security and compliance management. We thrive on helping our clients reduce their cybersecurity risk and achieve compliance with their CMMC, NIST 800-171, NIST 800-53, DFARS, and SOC/ISO requirements.
Have questions? We can help you.