Weekly Security Sprint EP 80. The start of alphabet soup with Insider Threat, and National Preparedness, plus election security

In this week's Security Sprint, Dave and Andy covered the following topics. Warm Start: • US cybersecurity chief says disinformation surge hasn't impacted election • FBI Statement About Fabricated Videos and Statements Falsely Attributed to the FBI. • Food and Agriculture Sector Eyes Cybersecurity Threats • Food and Ag Sector 2024 Cyber Threat Report (PDF) Main Topics: Black people are receiving racist text messages about picking cotton 'at the nearest plantation.' The FBI and the FCC have weighed in on the messages that multiple Black people across the country received on Wednesday. • FBI Statement on Offensive and Racist Text Messages • FB-ISAO reports Antisemitic text messages • Louisiana attorney general reveals new findings on racist texts • Text service says it shut down accounts allegedly behind racist messages Be security curious amid enduring extremism & terrorism threats, mass gatherings: • Man Arrested and Charged with Attempting to Use a Weapon of Mass Destruction and to Destroy an Energy Facility in Nashville • Cholo Abdi Abdullah Convicted for Conspiring to Commit 9/11-Style Attack at the Direction of Al Shabaab • Florida Man Indicted for Posting Threats on the Internet FBI Cyber Threat Updates: • Easy Access to Information for Conducting Fraudulent Emergency Data Requests Impacts US-Based Companies and Law Enforcement Agencies. As of August 2024, FBI noted an uptick in criminal forum posts regarding conducting fraudulent emergency data requests and is releasing this notification for industry awareness. Cybercriminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes. • HSI and Partners Announce Return of $1.8 Million Stolen During Business Email Compromise Scam Quick Hits: • Israel to collect soccer fans from Amsterdam after apparent antisemitic attacks • Israeli soccer fans attacked in Amsterdam, in what Dutch authorities call antisemitic incidents • Dave’s Severe Weather threat and preparedness reminders • China Hack Enabled Vast Spying on U.S. Officials, Likely Ensnaring Thousands of Contacts • U.S. Agency Warns Employees About Phone Use Amid Ongoing China Hack • Russia Suspected of Plotting to Send Incendiary Devices on U.S.-Bound Planes • Mystery fires were Russian 'test runs' to target cargo flights to US • Halliburton misses profit estimate, buyback target as cyber attack hurts. Halliburton missed Wall Street estimate on a previously disclosed cyber hack that forced the oilfield services provider to pause a share repurchase program, executives said on Thursday. • Unwrapping the emerging Interlock ransomware attack • NEWPARK RESOURCES INC. Newpark Resources, Inc. is a worldwide provider of value-added drilling fluids systems and composite matting systems used in oilfield and other commercial markets. NEWPARK’s 8K. • Major Oilfield Supplier Hit by Ransomware Attack • 764 Terror Network Member Richard Densmore Sentenced to 30 Years in Prison

In the latest Security Sprint, Dave and Andy covered the following topics. Warm Start. • CISA: Critical Infrastructure Security and Resilience Month 2024. “Resilience means doing the work up front to prepare for a disruption, anticipating that it will in fact happen, and exercising not just for response but with a deliberate focus on continuity and recovery, improving the ability to operate in a degraded state, and significantly reducing downtime when an incident occurs.” o A Proclamation on Critical Infrastructure Security and Resilience Month, 2024 o Biden declares November as critical infrastructure security and resilience month, calls safeguarding these systems • FS-ISAC: Ransomware Essentials. A Guide for Financial Services Firm Defense (PDF) Main Topics: Election Week! • Joint ODNI, FBI, and CISA Statement. • US cybersecurity chief says disinformation surge hasn't impacted election • CISA: Election Security Rumor vs. Reality • Georgia Poll Worker Arrested for Making Bomb Threat to Election Workers • FBI PSA: Scammers Exploit 2024 US General Election to Perpetrate Multiple Fraud Schemes • Colorado accidentally put voting system passwords online, but officials say election is secure • Joint ODNI, FBI, and CISA Statement on Russian Election Influence Efforts (01 Nov). Liability: • Attorney General James Secures $2.25 Million from Capital Region Health Care Provider to Protect Patient Data • HHS Office for Civil Rights Settles Ransomware Cybersecurity Investigation for $500,000 • HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $90,000 Insider Threats! Fired Employee Allegedly Hacked Disney World's Menu System to Alter Peanut Allergy Information Quick Hits: • Wiz CEO says company was targeted with deepfake attack that used his voice • Ripple effect: the devastating impact of data breaches • Canadian Centre for Cyber Security - Cyber Security Readiness • Defendants with Ties to White Supremacy Sentenced in Connection with Plot to Destroy Energy Facilities • United States Welcomes the United Kingdom’s Actions Against Known Purveyors of Kremlin Disinformation • Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives • Army of bots promotes petrostate hosting global climate talks • Reset Tech Investigation - Clickbait Cures: How Meta and Google Tolerate a Dubious Meds Market in the EU • Fitness app Strava gives away location of Biden, Trump and other leaders, French newspaper says • Meet Interlock — The new ransomware targeting FreeBSD servers • Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network • Spain floods disaster: death toll rises to 205 as extra troops mobilised • Biden Administration Announces Additional Security Assistance for Ukraine • Iran Tells Region ‘Strong and Complex’ Attack Coming on Israel • Cybersecurity Advisory – Threats Posed by Remote Technology Workers with Ties to Democratic People’s Republic of Korea • Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments • New Tradecraft of Iranian Cyber Group Aria Sepehr Ayandehsazan aka Emennet Pasargad • Cybercriminals Are Stealing Cookies to Bypass Multifactor Authentication • Canadian Centre for Cyber Security - National Cyber Threat Assessment 2025-2026 • Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats • Massive PSAUX ransomware attack targets 22,000 CyberPanel instances • Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files

In this week's Security Sprint, Dave and Andy covered the following topics. Warm Start: Organizational Cyber Security Culture • The Gate 15 Interview – Rob Sherman on CISOs: “Focus on risk, focus on resilience.” Plus: A Salt and Pepper America, burnout, beta, and more! • TribalHub x Gate 15: Organizational Cyber Culture Meets Concert Moments & The Gate 15 Interview – TribalNet! Building a Cybersecurity Culture, Tribal-ISAC, and how we rock! Memorandum on Advancing the United States’ Leadership in Artificial Intelligence; Harnessing Artificial Intelligence to Fulfill National Security Objectives; and Fostering the Safety, Security, and Trustworthiness of Artificial Intelligence • Statement from National Economic Advisor Lael Brainard on National Security Memorandum (NSM) on Artificial Intelligence (AI) • FACT SHEET: Biden-⁠Harris Administration Outlines Coordinated Approach to Harness Power of AI for U.S. National Security • Biden administration urges US agencies to ‘harness’ AI systems for national security • White House will order Pentagon and intel agencies to increase use of AI • US to unveil AI national security memo to avoid China’s ‘strategic surprise’ Main Topics: Info Ops • Russian propaganda exploits US hurricane response to undermine FEMA and Ukraine support. 2024 Elections • Joint ODNI, FBI, and CISA Statement. • Pennsylvania officials rebut false voter fraud claims from home and abroad • U.S. officials say Russia smeared Tim Walz, might stoke post-vote violence • American creating deepfakes targeting Harris works with Russian intel, documents show • CISA Launches #PROTECT2024 Election Threat Updates Webpage • Joint Statement by FBI and CISA on PRC Activity Targeting Telecommunications • Chinese Hackers Are Said to Have Targeted Phones Used by Trump and Vance • Foreign threats to the US election are on the rise, and officials are moving faster to expose them • Election Security Update as of Late October 2024 • Foreign Threats to US Elections After Voting Ends in 2024 • Foreign influence operations will expand before election and linger afterward, US agencies say • Recorded Future: Operation Overload Impersonates Media to Influence 2024 US Election • Microsoft: As the U.S. election nears, Russia, Iran and China step up influence efforts • Justice Department Announces Four Cases Brought by Election Threats Task Force • Secretary of State’s Office says they stopped cyberattack aimed at crashing voter website • Wisconsin sued over voting system’s allegedly weak cyber protections • Philadelphia Resident Charged for Election-Related Threat to State Party Representative • Maine man made homemade bombs and dropped some from drones, officials say • Dr. Paul Requests Information On DHS & CISA’s Participation At Election Day Cybersecurity Conference Quick Hits: Terrorism • Arizona grand jury indicts juvenile for planning attack at Phoenix Pride Festival • Maryland Man Charged With Attempting To Provide Material Support To ISIS • Suburban Chicago Man Sentenced to 18 Years in Prison for Trafficking Fentanyl and Attempting To Support ISIS Ransomware: • Black Basta ransomware poses as IT support on Microsoft Teams to breach networks • New Iranian-based Ransomware Group Charges $2000 for File Retrieval • Japanese Man Convicted of Making Virus Using AI; Likely 1st Person in Japan to be Convicted in Criminal Case for Abusing Generative AI • New Qilin.B Ransomware Variant Boasts Enhanced Encryption and Defense Evasion • Crystal Rans0m: Rust-Based Hybrid Ransomware • Avast Releases Free Decryptor for Mallox Ransomware • Decrypted: Mallox ransomware • Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action • Embargo ransomware: Rock’n’Rust • macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools • Akira Ransomware Evolution: A move towards cross-platform adaptability

In this episode of The Gate 15 Interview, Andy Jabbour speaks with Rob Sherman. Rob is the Chief Information Security Officer (CISO) for American Tower Corporation, a global digital infrastructure provider. Among his role and responsibilities, he established the global information security program responsible for governance, risk, compliance and security operations for the company’s corporate and line-of-business operations. Among his many hats, Rob is a CISO, attorney, cyber program builder, involved in incident response, with over 25+ years of it and infrastructure experience. Learn more about Rob: LinkedIn In the discussion Rob and Andy discuss: Rob’s Background. Organizational Culture Leaning into resilience Ransomware What worries Rob Sherman Burnout in cybersecurity Three Questions - beta tapes, Top Gun, a Salt and Pepper America and more!

In this week's Security Sprint, Dave and Andy covered the following topics: Election 2024: Just So You Know: Foreign Threat Actors Likely to Use a Variety of Tactics to Develop and Spread Disinformation During 2024 U.S. General Election Cycle. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are issuing this public service announcement (PSA) to raise awareness of the efforts posed by foreign threat actors to spread disinformation in the lead up to, and likely in the days following, the 2024 U.S. general election. Just So You Know: Foreign Threat Actors Likely to Use a Variety of Tactics to Develop and Spread Disinformation During 2024 U.S. General Election Cycle CISA: A Message to Election Officials from CISA Director Jen Easterly ISIS-K behind foiled Election Day terrorism plot, U.S. officials say ‘You are next’: online posts show Islamic State interest in attacks on US ahead of election New cases of political violence roil US ahead of contentious election   DOJ: Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan Cyberattacks on Hospitals, Government Facilities, and Other Critical Infrastructure in Los Angeles and Around the World. U.S. charges Sudanese men with running powerful cyberattack-for-hire gang Risky Biz News: Anonymous Sudan's Russia Links Are (Still) Obvious Hacker Charged With Seeking to Kill Using Cyberattacks on Hospitals U.S. Indicts 2 Linked to Oct. 7 Cyberattack on Israeli Warning System USGS: (Some) Assembly Required. How to sign your organization up for the Great ShakeOut.   Quick Hits Germany: police arrest man over Israeli Embassy attack plot Digging into Salt Typhoon Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach Check Point: A Closer Look at Q3 2024: 75% Surge in Cyber Attacks Worldwide

In this week's Security Sprint, Dave covered the following topics. Warm Start - the importance of taking time off. Topics. 1. Election Security. Trump campaign event arrest. Arrest for an election day attack. https://www.voanews.com/a/afghan-charged-in-election-day-terror-plot-passed-multiple-screenings/7818235.html CISA is ready. https://www.unomaha.edu/ncite/news/2024/10/cisa-at-ncite.php 2. Ransomware. Ransomware in 2024: Latest Trends, Mounting Threats, and the Government Response. https://www.trmlabs.com/post/ransomware-in-2024-latest-trends-mounting-threats-and-the-government-response 3. Conspiracy Theories. Suspect arrested after reports of threats toward FEMA operations in North Carolina. https://www.cnn.com/2024/10/14/us/fema-helene-north-carolina-reported-threats/index.html ‘It’s mindblowing’: US meteorologists face death threats as hurricane conspiracies surge. https://www.theguardian.com/us-news/2024/oct/11/meteorologists-death-threats-hurricane-conspiracies-misinformation

In the latest episode of Nerd Out, Dave welcomed back a friend of the pod, Bridget Johnson! Bridget caught everyone up on her latest work and new ventures before the two talked about the upcoming election and potential for violence. They transitioned to global terrorism and the potential risks associated with the continued conflict in the Middle East. Bridget is a part of the McCrary Institute. You can sign up for their products at: Newsletter signup - https://lp.constantcontactpages.com/sl/fS5OMD4/mccrarysignup Pods - https://www.youtube.com/@McCraryInstitute

In the latest episode of the Security Sprint, Dave goes solo and talks about the following topics. Warm Start - the importance of exercises. October 7th Anniversary PSA. IC3 PSA: Anniversary of October 7, 2023, Hamas Attacks May Motivate Individuals to Violence in the United States The Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) are issuing this Public Service Announcement to highlight potential threats in the United States from a variety of actors in response to the one-year anniversary of the HAMAS attacks on Israel on October 7, 2023, and consistent calls by foreign terrorist organizations (FTOs) to their supporters seeking to provoke violence in the West. Hurricane Milton Preparedness and looking ahead. MDM and Disaster Scams. NWS: Hurricane Milton Approaching Florida. Milton continues to intensify in the Gulf of Mexico today. Heavy rainfall ahead of Milton continues today with localized flooding concerns. This hurricane will approach the west coast of Florida during the middle of the week. Significant impacts are likely with a large and powerful hurricane at landfall in Florida, with life-threatening hazards along portions of the coastline. 

In this week's Security Sprint, Dave and Andy covered the following topics: Warm Open   Water, Water, Everywhere! §  WaterISAC – EPA: National Security Information Sharing Bulletin §  WaterISAC - Cybersecurity Fundamentals for Water and Wastewater Utilities §  WaterISAC: Incident Awareness – Ransomware Attackers Target Kansas Water Treatment Facility §  Kansas water plant cyberattack forces switch to manual operations §  WaterISAC: EPA’s Hazard Mitigation for Natural Disasters: A Starter Guide for Water and Wastewater Utilities §  Fears of Weakness in Water Cybersecurity Grow After Kansas Attack §  WaterISAC: Potential Supply Chain Impacts from East Coast and Gulf Coast Labor Negotiations (Updated September 26, 2024) §  Deluge of Threats to Water Utilities: Securing Operational Technology Against Cyberattacks   INC Ransomware had a very active weekend! GRIP subscribers saw some of that in the SUN, and see more in this week’s Ransomware and Data Breach Digest and a special Bricklayer AI-informed TARGET Report on INC Ransomware.   Main Topics   Severe Weather, Hurricane Helene, and Resilience Planning.   Crime FBI Releases 2023 Crime in the Nation Statistics. ADL: New FBI Data Reflects Record-High Number of Anti-Jewish Hate Crimes FBI Releases 2024 Quarterly Crime Report and Use-of-Force Data Update.   CSAM. A Proclamation on Cybersecurity Awareness Month, 2024. T-Mobile Required to Change Business Practices After Data Breaches. Derek Johnson. T-Mobile reaches $31.5 million settlement with FCC over past data breaches.   Quick Hits JCAT First Responders Toolbox: Enhancing Bystander Reporting to Prevent Terrorism UK NCSC: Multi-factor authentication for your corporate online services NZ NCSC - Joint Guidance: Detecting and mitigating Active Directory compromises CISA Warns of Hurricane-Related Scams.  Federal Trade Commission’s Staying Alert to Disaster-related Scams and Before Giving to a Charity,  Consumer Financial Protection Bureau's Frauds and scams, and  CISA’s Phishing Guidance, Stopping the Attack Cycle at Phase One to help organizations reduce likelihood and impact of successful phishing attacks.  Wifi suspended at big UK train stations after ‘cybersecurity incident.’ Israel issues warnings, guidelines for travel abroad ahead of Jewish holidays Indictment Alleges the Activity Was a More Recent Phase of a Wide-Ranging Hacking Conspiracy in Support of IRGC Targeting of Current and Former U.S. Officials Iranian hackers indicted Friday allegedly sought to impersonate Ginni Thomas as they targeted Trump campaign Treasury Sanctions Iranian Regime Agents Attempting to Interfere in U.S. Elections Rewards for Justice: Election interference Individual - IRGC Hackers, up to $10 Million Election Security Update as of Mid-September 2024: 45 Days Until Election 2024.  Staying a Step Ahead: Mitigating the DPRK IT Worker Threat Iran was behind thousands of text messages calling for revenge over Quran burnings, Sweden says Maryland Woman Sentenced for Conspiring to Destroy the Baltimore Region Power Grid Patch for Critical CUPS vulnerability: Don't Panic Neo-Nazis are using AI to rebrand Hitler for a new generation Axios Vibes: Americans blame politicians for misinformation Neo-Nazi Telegram Users Panic Amid Crackdown and Arrest of Alleged Leaders of Online Extremist Group Man threw explosive device inside California courthouse on day of arraignment Republican Homeland Security Committee bill set to combat CCP cyber threats, boost cyber resilience

In this episode of The Gate 15 Interview, we’re mixing things up! Andy Jabbour recorded this session onsite at TribalNet 2024 with TribalHub’s Senior Marketing & Communications Manager, Michelle Bouschor, who took over as moderator. They were joined by Adam Gruscynski, IT Director, Potawatomi Casino Hotel and Tribal-ISAC Steering Committee member and Drew Ludwick, Director of IT Operations, Muckleshoot Casino Resort, to discuss ideas around cybersecurity and organizational culture.In the discussion the group discusses: Organizational culture and what makes a cyber strong organizational culture. Tribal-ISAC! What it is, how it’s like other ISACs, what makes it special. How to build a strong organizational culture and the importance of leadership buy-in and taking things in “chewable bites.” Why we love TribalNet! Some of our favorite concert experiences – some we shared as we talked from Linkin Park to Snoop. And more, of course! Selected Links: TribalNet Conference 2024 Tribal-ISAC Michelle Bouschor. With 15 years of experience in tribal casino marketing, tribal government public relations, media, and community relations, I’ve honed my skills in navigating the unique landscape of indigenous communities. For the past 5 years, I’ve proudly contributed to TribalHub, leveraging my expertise to empower tribal entities through innovative solutions and strategic partnerships. Passionate about fostering collaboration and growth within tribal communities, I’m dedicated to driving positive change and sustainable development.·      Michelle on LinkedIn Adam Gruscynski. Responsible for the day-to-day operations of the IT Department for Potawatomi Casino Hotel while ensuring all of the technology needs, whether current or future, of the organization are met. Adam joined Potawatomi Casino Hotel in 2008. During his time at PCH, Adam has gained an abundance of experience by taking on various roles including IT Security Manager, Senior Cybersecurity Engineer, Lead Network Administrator, Network Administrator, and Application Administrator. Prior to PCH, Adam was Network Engineer at the Milwaukee Journal Sentinel where he began his career as Help Desk Intern.·      Adam on LinkedIn Drew Ludwick. A seasoned IT executive with over 25 years of progressive leadership experience in technology management, specializing in cybersecurity, strategic planning, and technology governance. Known for shaping and executing technology strategies aligned with business goals, leading diverse technology teams, and fostering innovation.·      Drew on LinkedIn