Octo Tempest Group Threatens Physical Violence as Social Engineering Tactic
- The hacking group Octo Tempest, responsible for hacking MGM and Caesars Entertainment in September, has been identified as “one of the most dangerous financial criminal groups” by Microsoft.
- The group started off as a SIM swapping threat actor but has shifted to conducting more sophisticated ransomware attacks over the past year. The group has been identified as utilizing a variety of tactics to gain and maintain system access, including SIM phishing and swapping and using personal details to scare and threaten phishing victims.
- Researchers encourage organizations to leverage defense in-depth strategies to counter Octo Tempest, and other bad actors. As the article notes, additional obstacles sidetrack attackers and may cause them to unintentionally generate noise on the network.
- Link to Microsoft’s Report: https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/
Hackers Email Stolen Student Data to Parents of Nevada School District
- Recently, the Clark County School District (CCSD) in Nevada, which has over 300,000 students and 15,000 teachers, announced that they had suffered a cyberattack towards the beginning of October 2023.
- CCSD stated that they started taking steps to address the incident and that the investigation suggested that an unauthorized party had accessed limited personal information of a subset of CCSD students, parents, and employees. However, since this announcement parents have received personal emails, presumably from the hackers, informing them that their children’s data has been leaked along with 200,000 other student profiles.
- In addition to the emails to parents, the hackers have come out and stated that they are still on the school district’s systems, have existed on CCSD’s network for several months, and have requested a ransom payment of less than one third of the CCSD superintendent’s salary to leave the network.
- According to the article, CCSD has not currently commented on these additional developments. However, the article noted that some parents who received the emails have confirmed that the information received belongs to their children.
Lockbit Ransomware Gang Claims to Have Stolen Data From Boeing
- Recently, the cybercrime group Lockbit added Boeing to their physical list of victims that it keeps track of on a Tor leak website that is managed by the hackers.
- Lockbit claims it has exfiltrated a “tremendous amount” of data from Boeing. It has given Boeing until November 2nd to respond to its alleged ransomware attack.
- As the article highlights, Lockbit has previously listed larger companies when it was truly a vendor of the larger company that was compromised, which may be the case in this instance.
The Rise of S3 Ransomware: How to Identify and Combat It
- According to the article, about 60% of corporate data now resides in cloud storage solutions, such as Amazon’s S3 buckets. While solutions from organizations like Amazon are generally secure, they are still susceptible to cyber attackers and ransomware threats.
- A key way to mitigate cloud-based threats revolves around maintaining visibility within your organization’s cloud environment. Specifically, leveraging server access logging and specialized tools like Amazon’s CloudTrail solution for AWS allow for significant oversight of cloud environments.
- In addition to logging, it is important to leverage best practices for cloud systems. These include leveraging IAM roles for short-term credentials, following the principle of least privilege, utilizing server-side encryption, and other key risk mitigation techniques.
When Tech Innovations Create New Security Threats
- Technology vendors continuously develop well-intentioned, purpose-built functionality, and features intended to enhance our digital experience. However, new technology is often rushed into production with insufficient regard for security and privacy.
- The article walks through several examples of new technologies, while helpful, opened the door for additional, and at times unexpected, security concerns. Several examples include the rise of generative artificial intelligence, smart IoT devices, and biometric authentication on cellphones.
- Although new threats arise with innovative technologies, the best remedy for the new concerns is basic security hygiene. Among other threat reduction steps, the article emphasizes the importance of regularly testing backups, fully vetting business unit cross-functional incident response plans, and adopting a defense-in-depth approach to new technologies and old tools alike.
Defending Federal Networks Requires More Than Money, CSIS Study Finds
- According to a study from the Center for Strategic and International Studies (CSIS), the federal government knows how to throw money at problems; however, it needs to do a better job at helping civilian agencies understand the complex risks associated with cyberattack protection.
- The report from the CSIS provides significant insight into CISA and offers up a variety of recommendations on how the federal government can improve security from a strategic view.
- The most significant finding from the report was that while money is always needed, it is not enough to properly defend the government. As the report states, “The U.S. government needs to do a better job of planning, coordinating, and communicating the risks associated with cyberattacks against federal executive agencies.”
- Link to CSIS’ Report: https://www.csis.org/analysis/cisas-evolving-gov-mission-defending-united-states-federal-executive-agency-networks
CISA, HHS Release Collaborative Cybersecurity Healthcare Toolkit
- Recently, CISA and the Department of Health and Human Services (HHS) released a cybersecurity toolkit aimed at healthcare organizations. In conjunction with the toolkit, CISA and HHS hosted a roundtable to further consider how the government and healthcare industry can collaborate on cybersecurity initiatives.
- As the article notes, bad actors often see healthcare organizations as “target rich, cyber poor” entities. This toolkit aims to enhance the security posture of healthcare organizations while also creating a centralized hub for information and resources.
- Link to CISA’s Healthcare Toolkit: https://www.cisa.gov/topics/cybersecurity-best-practices/healthcare