A North Carolina church cheated out of more than $793,000 in funds it had raised to build a new sanctuary has set up a GoFundMe account to try to replace some of the stolen money.
Elkin Valley Baptist Church lost the funds when cyber thieves compromised a staff member’s computer and intercepted an email from Landmark Construction, the builder working on the project, which contained an invoice. The scammers cloned the email and used it to provide false payment information that resulted in the church wiring nearly $794,000 into an unknown bank account.
Senior Pastor Johnny Blevins said the church discovered it had been cheated more than a week later, when the builder, Landmark Construction, inquired about payment.
“At that point, we thought we had paid Landmark, and of course, Landmark was waiting on a check,” Blevins told WXII-TV. “We said, ‘we have paid,’ and through investigation found out it was a fraudulent account.”
With construction underway and half of the raised funds gone, the church said it has had to take out a costly loan to continue the project.
Give a gift of $30 or more to The Roys Report this month, and you will receive “Escaping the Maze of Spiritual Abuse” by Dr. Lisa Oakley and Justin Humphreys. To donate, click here.
“It’s been a disappointing thing, but we are people of faith,” Blevins said. “So, we will keep moving forward and try to find a way to go forward.”
The FBI is investigating the cyber crime, and Elkin Valley Baptist also has hired a cyber analyst to look into the case.
The church said it is now unlikely that it will be able to complete its new sanctuary by May as planned but hopes to resume construction in February.
The church saved for 10 years to raise the funds for the new worship center, which will replace a sanctuary built in 1884.
“Six years ago, we outgrew our sanctuary and now meet in our gymnasium, requiring multiple Sunday services to accommodate all those who wish to worship,” the church said on its GoFundMe site. “For two months each year, we squeeze into the old sanctuary to make room in the gym for the 120+ boys and girls who participate in our Veritas basketball outreach program. It’s an amazing opportunity to minister the love of Christ through competition and sportsmanship. This is one of the many reasons why we need a permanent worship center.”
“Proverbs 24:10 teaches us, ‘If you falter in a time of trouble, how small is your strength!’” the site says. “So, while the loss is great and the task large, through the grace of God and the kindness of so many — we will overcome and emerge stronger.”
This article originally appeared at MinistryWatch and is reprinted with permission.
Anne Stych is a freelance writer, copy editor, proofreader and content manager covering science, technology, retail, and nonprofits. She writes for American City Business Journals’ BizWomen and MinistryWatch.
Keep in touch with Julie and get updates in your inbox!
Don’t worry we won’t spam you.
Southern Baptists have long disagreed over just about everything — from the role of women in the church and which Bible is
Against a patriotic backdrop of U.S. and Florida state flags, Governor Ron DeSantis took the stage at a private Christian university in
The president of the Lutheran Church-Missouri Synod has called for the excommunication of unrepentant white supremacists in the church’s ranks, rebuking an
The Roys Report seeks to foster thoughtful and respectful dialogue. Toward that end, the site requires that people use their full name when commenting. Also, any comments with profanity, name-calling, and/or a nasty tone will be deleted.
Comments are limited to 300 words.
Get new articles and breaking news delivered to your inbox.
© 2022 All rights reserved
Hi. We see this is the third article this month you’ve found worth reading. Great! Would you consider making a tax-deductible donation to help our journalists continue to report the truth and restore the church?
Category: Uncategorized
-
NC Church Sets Up Crowdfund To Replace Money Stolen in Cyber … – The Roys Report
-
Unlocking a sustainable future by making cybersecurity more … – Atlantic Council
Our programs and centers deliver in-depth, highly relevant issue briefs and reports that break new ground, shift opinions, and set agendas on public policy, with a focus on advancing debates by integrating foundational research and analysis with concrete policy solutions.
When major global news breaks, the Atlantic Council’s experts have you covered—delivering their sharpest rapid insight and forward-looking analysis direct to your inbox.
New Atlanticist is where top experts and policymakers at the Atlantic Council and beyond offer exclusive insight on the most pressing global challenges—and the United States’ role in addressing them alongside its allies and partners.
A weekly column by Atlantic Council President and CEO Frederick Kempe, Inflection Points focuses on the global challenges facing the United States and how to best address them.
UkraineAlert is a comprehensive online publication that provides regular news and analysis on developments in Ukraine’s politics, economy, civil society, and culture. UkraineAlert sources analysis and commentary from a wide-array of thought-leaders, politicians, experts, and activists from Ukraine and the global community.
MENASource offers the latest news from across the Middle East, combined with commentary by contributors, interviews with emerging players, multi-media content, and independent analysis from fellows and staff.
IranSource provides a holistic look at Iran’s internal dynamics, global and regional policies, and posture through unique analysis of current events and long-term, strategic issues related to Iran.
January 30, 2023
{{ searchResult.post_type }}{{ searchResult.date }}
{{ searchResult.author.name }}The world is on its way toward building a sustainable, inclusive energy future. Renewable energy sources have seen rapid growth thanks to technology innovation and declining costs. At the same time, digitalization is making conventional energy infrastructure more efficient. Continuing these trends will be critical to meeting global climate goals while raising prosperity around the world. And because energy transformation will herald a new, digitalized energy system, cybersecurity has a key role to play in unlocking that sustainable, inclusive future.
The energy sector must withstand a constant siege of cyberattacks—including some backed by nation-states. New attacks can propagate at the speed of light, and their consequences can take days and weeks to unravel, disrupting markets, making equipment unsafe to operate, and causing cascading effects that spread beyond the targeted organization.
Every energy sector participant—new or established, private or public—has an interest in maturing cybersecurity across an increasingly interconnected digital energy system. To continue to strengthen resilience and reliability, investments designed to improve the cost-benefit profile for cybersecurity are critical not just for the biggest players, but for everyone.
Both new and old energy technologies depend on cybersecurity. Rapid digitalization across the energy sector has increased efficiency and decreased emissions, but also has changed and expanded the vulnerabilities the sector must consider. Attackers increasingly target not just information technologies (IT), but operating technologies (OT) as well. Retrofits to existing OT infrastructure like pipelines and legacy generating plants mean these are now often network-connected. Newer technologies like wind and solar depend on digital management.
The cyber threat isn’t limited to big players or the Global North. Recent years have seen successful ransomware against the biggest petroleum products pipeline in the United States, against the biggest electricity supplier in Brazil, and against smaller infrastructure operators like the municipal electricity utility in Johannesburg. We have also seen attacks against subcontractors leveraged to penetrate electric utilities connected to the US grid. This is a global challenge, for organizations large and small.
Faced with a continuous onslaught of cyberattacks, the energy sector will need to establish practices and institutions that drive down the cost of deploying strong cybersecurity across the energy value chain. Startups, subcontractors, and small utilities will become a consistently weak link in the energy ecosystem if affordable, effective cybersecurity remains unavailable.
So how can the energy sector ensure that cybersecurity keeps pace with cyber risk, and seize opportunities to get ahead of attackers? How can public and private sector leaders contribute to building a community of trust?
Regulators in the energy sector should ensure they enable—or at a minimum, don’t stifle—technology innovations that enhance cybersecurity. Cyber innovation will need to keep pace with both the new technologies of the energy transformation and the known risks to those technologies, even if slow-moving regulatory processes have not yet accounted for new business models, technologies, or threats.
Similarly, regulators should consider how to encourage rapid information sharing about threat intelligence. Although threat intelligence can help quickly harden targets against novel attacks, operators may be reluctant to share information if they believe it will later lead to legal and financial liabilities. Tabletop exercises that convene public and private organizations can improve incident response, building relationships and providing actionable insights before a crisis occurs.
Public and private sector leaders can both work to expand the pool of cybersecurity talent—one of the chief cost barriers for stronger cybersecurity. Cybersecurity experts are scarce, and experts who are also familiar with the operating technologies enabling the energy transition even more so. Training programs—public or private—will help meet demand. Solutions that expand the scope and power of automation can also help, as can information-sharing that enables security teams to quickly recognize new threats and efficiently apply patches.
For asset operators (public or private), cybersecurity should be part of decision-making on new projects. Considering how to secure new infrastructure or planned retrofits can help reduce the cost and complexity needed to manage risk. Monitoring operations helps operators and cyber analysts understand how systems interact with each other during normal production—and enables earlier detection of malicious activity. Seeking opportunities for automation of routine tasks can reduce the cost of strong cybersecurity. Advancements in machine learning and artificial intelligence make it easier to rapidly draw useful insights from massive data sets.
Private sector collaborations can help build trust and cyber maturity across the industry. Common standards and certifications can help spread best practices and build confidence that potential partners or clients will not introduce new vulnerabilities. Threat intelligence can sometimes be more comfortably shared across peer organizations than with regulators.
Private sector leaders can assess and improve their own organizations’ cyber risk posture. Boards that accurately understand their cyber risks will be better able to invest appropriately in managing those risks. Likewise, making clear that cybersecurity is a cross-cutting competency key to performance for every business unit helps build a strong security culture. And of course, recognizing that cybersecurity is an ongoing effort across the sector helps build the collaboration across the energy sector needed to contend with a dynamic, interconnected cyber threat landscape.
Finally, an inclusive energy transformation will also require cyber-inclusivity. Even as the Global North continues to build the connective tissue necessary to meet the cyber risks of a digitalized energy system, passing those lessons forward as the developing world pursues electrification and sustainable energy access will be necessary to ensure that the energy system of the Global South is constructed with cyber-resiliency in mind. Using global convenings like the Atlantic Council Global Energy Forum in Abu Dhabi earlier this month to bring cybersecurity to the table alongside discussions of increasing energy access is critical to build community and advance shared security in a digital energy system.
Leo Simonovich is the vice president and global head of industrial cyber and digital security at Siemens Energy.
Reed Blakemore is a deputy director at the Atlantic Council Global Energy Center.
EnergySource provides analysis and insight on key energy issues, making sense of key energy trends and their implications for geopolitics, geoeconomics, policy, and markets.
EnergySource Dec 12, 2022
By John Roberts and Julian Bowden
The Caspian has emerged as a major player in Europe’s effort to move away from Russian gas. But logistical and political difficulties could prevent crucial Caspian projects from getting off the ground.
EnergySource Dec 5, 2022
By Joseph Webster
US strategy on offshore wind is steadily evolving. The attendant changes could lay the groundwork for emergence as an offshore wind powerhouse.
EnergySource Nov 10, 2022
By Scott Reese
The energy transition requires scale, but it also requires speed. Through the marriage of human ingenuity with data and computing power, software integration can enable the acceleration of electrification and decarbonization, moving the world closer to loftier climate ambitions.
The Global Energy Center promotes energy security by working alongside government, industry, civil society, and public stakeholders to devise pragmatic solutions to the geopolitical, sustainability, and economic challenges of the changing global energy landscape.
Reed Blakemore
Image: Cables in a data center. (Federal Communications Commission, Flickr, CC0 1.0) https://creativecommons.org/publicdomain/zero/1.0/
© 2023 Atlantic Council
All rights reserved. -
How to Enhance Cyber Security Awareness for Remote Teams (5 … – Robotics and Automation News
Robotics & Automation News
Market trends and business perspectives
by Leave a Comment
Remote teams are exposed to more cyber security threats due to an expanded attack surface. With an exponential increase in the number of endpoints, cybercriminals can gain access to sensitive company data.
Enhancing cybersecurity awareness for remote teams is essential, and here are five tips to help with this.
It is important to set standards, expectations, and processes for remote teams. Basic areas to address include whether employees use company-provided or personal devices and a VPN or remote desktop.
Many remote teams use personal devices and home networks. Simply saving a document to a desktop without up-to-date antivirus software could cause an issue.
Bring-your-own-device (BYOD) policies need to be clearly spelled out to prevent remote employees from exposing sensitive company data.
Frequent computer cleaning is crucial for remote workers’ cybersecurity, especially if they use a personal device.
The junk spots stored among unused files can contain potentially harmful documents and take up too much space. Remote teams need a tool and instructions on how to remove them.
The human factor is one of the biggest challenges when it comes to cyber security.
Cyber security awareness involves delivering training to remote employees to help protect against potential security threats.
By creating a cyber security-conscious remote workforce culture, remote teams will be mindful of threats and how to recognize them.
By knowing what steps to take, remote teams can proactively reduce threats and the impact they could have on the company’s bottom line. Recognizing early warning signs before too much damage is done is often the best way to prevent data breaches.
Once-off training is not enough. It is vital to conduct regular training and make it mandatory for every employee, whether through internal training or an external course.
Robust policies and procedures will help to underpin cyber security training. Companies must have policies in place covering aspects such as internet usage, use of the equipment and social media. Specific rules for emails, browsing and mobile use should be in place.
Remote workers need the right access to the right applications to do their work.
Employers must determine which employees need access to the whole internal network and which may only need access to email and cloud-based services.
Implementing “least privilege” or minimum permissions reduces threats without affecting productivity.
Employers should discourage remote teams from using unsecured public Wi-Fi. Many remote workers use their personal Wi-Fi network, and they need to make sure it is set up securely.
Experts suggest remote workers connect to a company’s internal network using a VPN. This helps to maintain end-to-end data encryption. Employees need to know that they must keep patching VPNs with the latest security fixes.
When they use multifactor authentication, it adds another layer of protection against increasing VPN phishing attacks.
Remote teams won’t know if their cyber awareness measures are up unless they put them into practice. Regular cyber security drills can help them to recognize various cyber security threats.
When they can try out their skills on simulated threats, they learn lessons that can help them when faced with real threats. For example, employers could simulate a phishing scam to see how many employees click on or open attachments.
Remote work is expanding the surface of attack threats. Companies need to develop policies and processes to protect against them. They need to train their remote teams and create a culture of cyber awareness in order to proactively prevent attacks.
Filed Under: Computing
You must log in to post a comment.
Robotics and Automation News was established in May, 2015, and is now one of the most widely-read websites in its category.
Please consider supporting us by becoming a paying subscriber, or through advertising and sponsorships, or by purchasing products and services through our shop – or a combination of all of the above.
Thank you.
This website and its associated magazine, and weekly newsletter, are all produced by a small team of experienced journalists and media professionals.
If you have any suggestions or comments, feel free to contact us at any of the email addresses on our contact page.
We’d be happy to hear from you, and will always reply as soon as possible.
We support the principles of net neutrality and equal opportunities.
Copyright © 2023 · News Pro on Genesis Framework · WordPress · Log in -
IOTW: Everything we know about the Medibank data leak | Cyber Security Hub – Cyber Security Hub
Note: this article was updated on November 11, 2022 to reflect a development in the Australian Federal Police’s investigation
The hacker responsible for a data breach of Australian health insurance provider Medibank which affected 9.7 million people has released private medical information on the dark web.
The hacker posted a file labelled “abortions” to a site backed by Russian ransomware group REvil on November 10, 2022. It apparently contains information on procedures that policyholders have claimed on, including miscarriages, terminations and ectopic pregnancies.
The hackers also released files containing customer data called “good-list” and “naughty-list” on November 9, 2022. The so-called “naughty-list” reportedly includes details on those who had sought medical treatment for HIV, drug addiction or alcohol abuse or for mental health issues like eating disorders.
The hacker added to the November 10 data leak post, saying: “Society ask us about ransom, it’s a 10 millions (sic) usd. We can make discount 9.7m 1$=1 customer.”
During question time in Australian parliament on November 10, Minister of Home Affairs Clare O’Neil hit back at the hackers, saying: “I want the scumbags behind this attack to know that the smartest and toughest people in this country are coming [at] you.
“I want to say, particularly to the women whose private health information has been compromised overnight, as the minister for cyber-security but more importantly, as a woman, this should not have happened, and I know this is a really difficult time.”
David Koczkar, CEO of Medibank, called the release of the data “disgraceful” and a “weaponization of people’s private information”. He also called those involved in the cyber-attack and data leak “deplorable”.
In an attempt to protect those affected by the cyber security incident and the subsequent data leaks, Medibank urged members of the public and the media to not “unnecessarily download sensitive personal data from the dark web” and to “refrain from contacting customers directly”.
The initial cyber security incident occurred on October 13, 2022, when Medibank detected some “unusual activity” on its internal systems. After dealing with the cyber-attack, Medibank said in a statement that there was “no evidence that customer data has been accessed” during the breach.
Medibank was then contacted on October 17 by the malicious party, who aimed to “negotiate with the [healthcare] company regarding their alleged removal of customer data”.
The malicious party attempted to weaponize Medibank’s customers’ private medical data to extort the medical insurer, saying that they would release the data of the“1k most [prominent] media persons” that include “[those with the] most [social media] followers, politicians, actors, bloggers, [LGBTQ+] activists [and] drug-addicted people” as well as people with “very interesting diagnoses”.
It was confirmed on October 20 that the hacker’s claims were legitimate. Medibank, however, publicly refused to bend to the hacker’s demands and said it would not pay a ransom over concerns it would “encourage the criminal to directly extort [its] customers”.
The company also said that it had received council from cyber security experts who had said there was only a “limited chance” that paying the ransom would result in the return of the stolen data.
How we got here with @medibank. It initially said compromised login credentials were used (that may have involved VPN access). The attackers claim they accessed Redshift – an Amazon data warehousing product – via jump servers. #auspol #infosec (1/4)
In a tweet on November 10, journalist Jeremy Kirk suggested that the hack took place as a result of hackers gaining access to Medibank’s internal systems via compromized login credentials, a tactic that “may have involved VPN access”.
According to Kirk, the hackers claim they used jump servers to access Amazon data warehouse Redshift. The hackers also claim that they had access to Medibank’s internal systems for a month before they were discovered.
On November 7, Medibank revealed the true extent of the hack. The malicious actor gained unauthorized access to and stole the data for 9.7 million past and present customers.
The information included email addresses, phone numbers, addresses, Medicare numbers, names, dates of birth, passport numbers and visa details. It also encompassed the health claims data for 192,000 customers which contained private medical information including where customers were admitted for procedures, service provider names and locations and codes associated with diagnosis and procedures given.
Medibank urged all those affected to “stay vigilant” against cyber attacks that may be levelled against them because of the leak.
The cyber attack has reportedly affected NATOs response to the recent earthquakes affecting Syria an…
Two separate lawsuits have been filed against the company for allegedly failing to protect customer…
This marks the second social engineering attack the company has suffered in less than a year
The lawsuit alleges that LastPass stored crucial information that allowed hackers access to victims’…
This data breach marks the second cyber attack the company has suffered this year, both allegedly by…
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPCCareers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time. -
Protecting Against Malicious Use of Remote Monitoring and … – CISA
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) (hereafter referred to as the “authoring organizations”) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders about malicious use of legitimate remote monitoring and management (RMM) software. In October 2022, CISA identified a widespread cyber campaign involving the malicious use of legitimate RMM software. Specifically, cyber criminal actors sent phishing emails that led to the download of legitimate RMM software—ScreenConnect (now ConnectWise Control) and AnyDesk—which the actors used in a refund scam to steal money from victim bank accounts.
Although this campaign appears financially motivated, the authoring organizations assess it could lead to additional types of malicious activity. For example, the actors could sell victim account access to other cyber criminal or advanced persistent threat (APT) actors. This campaign highlights the threat of malicious cyber activity associated with legitimate RMM software: after gaining access to the target network via phishing or other techniques, malicious cyber actors—from cybercriminals to nation-state sponsored APTs—are known to use legitimate RMM software as a backdoor for persistence and/or command and control (C2).
Using portable executables of RMM software provides a way for actors to establish local user access without the need for administrative privilege and full software installation—effectively bypassing common software controls and risk management assumptions.
The authoring organizations strongly encourage network defenders to review the Indicators of Compromise (IOCs) and Mitigations sections in this CSA and apply the recommendations to protect against malicious use of legitimate RMM software.
Download the PDF version of this report: pdf, 608 kb.
For a downloadable copy of IOCs, see AA23-025.stix (STIX, 19 kb).
In October 2022, CISA used trusted third-party reporting, to conduct retrospective analysis of EINSTEIN—a federal civilian executive branch (FCEB)-wide intrusion detection system (IDS) operated and monitored by CISA—and identified suspected malicious activity on two FCEB networks:
Based on further EINSTEIN analysis and incident response support, CISA identified related activity on many other FCEB networks. The authoring organizations assess this activity is part of a widespread, financially motivated phishing campaign and is related to malicious typosquatting activity reported by Silent Push in the blog post Silent Push uncovers a large trojan operation featuring Amazon, Microsoft, Geek Squad, McAfee, Norton, and Paypal domains.
The authoring organizations assess that since at least June 2022, cyber criminal actors have sent help desk-themed phishing emails to FCEB federal staff’s personal, and government email addresses. The emails either contain a link to a “first-stage” malicious domain or prompt the recipients to call the cybercriminals, who then try to convince the recipients to visit the first-stage malicious domain. See figure 1 for an example phishing email obtained from an FCEB network.
The recipient visiting the first-stage malicious domain triggers the download of an executable. The executable then connects to a “second-stage” malicious domain, from which it downloads additional RMM software.
CISA noted that the actors did not install downloaded RMM clients on the compromised host. Instead, the actors downloaded AnyDesk and ScreenConnect as self-contained, portable executables configured to connect to the actor’s RMM server.
Note: Portable executables launch within the user’s context without installation. Because portable executables do not require administrator privileges, they can allow execution of unapproved software even if a risk management control may be in place to audit or block the same software’s installation on the network. Threat actors can leverage a portable executable with local user rights to attack other vulnerable machines within the local intranet or establish long term persistent access as a local user service.
CISA has observed that multiple first-stage domain names follow naming patterns used for IT help/support themed social-engineering, e.g., hservice[.]live, gscare[.]live, nhelpcare[.]info, deskcareme[.]live, nhelpcare[.]cc). According to Silent Push, some of these malicious domains impersonate known brands such as, Norton, GeekSupport, Geek Squad, Amazon, Microsoft, McAfee, and PayPal.[1] CISA has also observed that the first-stage malicious domain linked in the initial phishing email periodically redirects to other sites for additional redirects and downloads of RMM software.
In this campaign, after downloading the RMM software, the actors used the software to initiate a refund scam. They first connected to the recipient’s system and enticed the recipient to log into their bank account while remaining connected to the system. The actors then used their access through the RMM software to modify the recipient’s bank account summary. The falsely modified bank account summary showed the recipient was mistakenly refunded an excess amount of money. The actors then instructed the recipient to “refund” this excess amount to the scam operator.
Although this specific activity appears to be financially motivated and targets individuals, the access could lead to additional malicious activity against the recipient’s organization—from both other cybercriminals and APT actors. Network defenders should be aware that:
Threat actors often target legitimate users of RMM software. Targets can include managed service providers (MSPs) and IT help desks, who regularly use legitimate RMM software for technical and security end-user support, network management, endpoint monitoring, and to interact remotely with hosts for IT-support functions. These threat actors can exploit trust relationships in MSP networks and gain access to a large number of the victim MSP’s customers. MSP compromises can introduce significant risk—such as ransomware and cyber espionage—to the MSP’s customers.
The authoring organizations strongly encourage network defenders to apply the recommendations in the Mitigations section of this CSA to protect against malicious use of legitimate RMM software.
See table 1 for IOCs associated with the campaign detailed in this CSA.
Domain
Description
Date(s) Observed
win03[.]xyz
Suspected first-stage malware domain
June 1, 2022
July 19, 2022
myhelpcare[.]online
Suspected first-stage malware domain
June 14, 2022
win01[.]xyz
Suspected first-stage malware domain
August 3, 2022
August 18, 2022
myhelpcare[.]cc
Suspected first-stage malware domain
September 14, 2022
247secure[.]us
Second-stage malicious domain
October 19, 2022
November 10, 2022
Additional resources to detect possible exploitation or compromise:
The authoring organizations encourage network defenders to:
This advisory was developed by CISA, NSA, and MS-ISAC in furtherance of their respective cybersecurity missions, including their responsibilities to develop and issue cybersecurity specifications and mitigations.
The information in this report is being provided “as is” for informational purposes only. CISA, NSA, and MS-ISAC do not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring.
January 25, 2023: Initial Version -
State and Local Cybersecurity Grant Program – CISA
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search
On September 16, 2022, the Department of Homeland Security (DHS) announced a first-of-its-kind cybersecurity grant program specifically for state, local, and territorial (SLT) governments across the country.
Funding from the State and Local Cybersecurity Grant Program (SLCGP) and the Tribal Cybersecurity Grant Program (TCGP) helps eligible entities address cybersecurity risks and threats to information systems owned or operated by—or on behalf of—state, local and territorial (SLLT) governments. Through two distinct Notice of Funding Opportunities (NOFO), SLCGP and TCGP combined will distribute $1 billion over four years to support projects throughout the performance period of up to four years. This year, the TCGP will be released after SLCGP.
Through the Infrastructure Investment and Jobs Act (IIJA) of 2021, Congress established the State and Local Cybersecurity Improvement Act, which established the State and Local Cybersecurity Grant Program, appropriating $1 billion to be awarded over four years.
These entities face unique challenges in defending against cyber threats such as ransomware, as they lack the resources to defend against constantly changing threats. The Department of Homeland Security (DHS), through the Cybersecurity and Infrastructure Security Agency (CISA), is taking steps to help stakeholders across the country understand the severity of their unique local cyber threats and cultivate partnerships to reduce related risks across the SLT enterprise.
Read below or print the SLCGP Fact Sheet and Frequently Asked Questions.
DHS will implement the SLCGP Grant Program through CISA and the Federal Emergency Management Agency (FEMA). While CISA will serve as the subject-matter expert in cybersecurity related issues, FEMA will provide grant administration and oversight for appropriated funds, including award and allocation of funds to eligible entities, financial management and oversight of funds execution.
The program is designed to put the funding where it is needed most: into the hands of local entities. States and territories will use their State Administrative Agencies (SAAs) to receive the funds from the Federal Government and then distribute the funding to local governments in accordance with state law/procedure. This is the same way in which funding is distributed to local governments in the Homeland Security Grant Program.
Eligible entities can form their cybersecurity planning and can create Cybersecurity Plans (in accordance with the minimum requirements as stated in the State and Local Cybersecurity Improvement Act), which are a requirement for receiving grant funds. The state-level Cybersecurity Planning Committee leverages previously established advisory bodies that the states may have formed. The membership of the Cybersecurity Planning Committee will be up to each individual state, given they meet the requirements of the legislation and NOFO. States are encouraged to expand their cybersecurity planning committees to include additional expertise based on individual state needs. DHS provides a list of these suggested additional personnel in the NOFO. However, states are not limited to the added personnel on this list.
The Cybersecurity Planning Committee will identify and prioritize state-wide efforts, to include identifying opportunities to consolidate projects to increase efficiencies. Each eligible entity is required to submit confirmation that the committee is comprised of the required representatives. The eligible entity must also confirm that at least one-half of the representatives of the committee have professional experience relating to cybersecurity or information technology. For more information on the composition of the Cybersecurity Planning Committee, including how to leverage existing planning committees, please refer to Appendix B of the Notice of Funding Opportunity.
Cybersecurity Planning Committee membership shall include at least one representative from relevant stakeholders, including:
Not less than half of the representatives of the Cybersecurity Planning Committee must have professional experience relating to cybersecurity or information technology. Qualifications are determined by the states.
Eligible entities are given the flexibility to identify the specific public health and public education agencies and communities the Planning Committee members represent.
The Cybersecurity Plan is a statewide planning document that must be approved by the Cybersecurity Planning Committee and the CIO/CISO equivalent. The Plan will be subsequently updated in FY24 and 25. It must contain the following components:
SLCGP Email: SLCGPinfo@cisa.dhs.gov
TCGP Email: TCGPinfo@cisa.dhs.gov
Social Media Handle(s): Visit CISA on Social Media.
(Please note other links will be added as they become available)
The following list of CISA resources are recommended products, services, and tools at no cost to the state, local, tribal, and territorial governments, as well as public and private sector critical infrastructure organizations.
State and Local Cybersecurity Grant Program Fact Sheet
State and Local Cybersecurity Grant Program Frequently Asked Questions
Cyber Resource Hub
Ransomware Guide (Sept. 2020)
Cyber Resilience Review
Free Cybersecurity Services and Tools
Cybersecurity Plan Template (click “Related Documents” tab to download)
To report an incident, visit www.cisa.gov/report
Key Links:
FEMA has assigned state-specific Preparedness Officers for the SLCGP. If you do not know your Preparedness Officer, please contact the Centralized Scheduling and Information Desk (CSID) by phone at (800) 368-6498 or by email at askcsid@fema.dhs.gov, Monday through Friday, 9 a.m. – 5 p.m. ET.
CSID is a non-emergency comprehensive management and information resource developed by FEMA for grant stakeholders. CSID provides general information on all FEMA grant programs and maintains a comprehensive database containing key personnel contact information at the federal, state and local levels. When necessary, recipients will be directed to a federal point of contact who can answer specific programmatic questions or concerns. CSID can be reached by phone at (800) 368-6498 or by e-mail at askcsid@fema.dhs.gov, Monday through Friday, 9 a.m. – 5 p.m. ET. -
Weak Security Controls and Practices Routinely Exploited for Initial … – CISA
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search
Best Practices to Protect Your Systems:
• Control access.
• Harden Credentials.
• Establish centralized log management.
• Use antivirus solutions.
• Employ detection tools.
• Operate services exposed on internet-accessible hosts with secure configurations.
• Keep software updated.
Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system. This joint Cybersecurity Advisory identifies commonly exploited controls and practices and includes best practices to mitigate the issues. This advisory was coauthored by the cybersecurity authorities of the United States,[1],[2],[3] Canada,[4] New Zealand,[5],[6] the Netherlands,[7] and the United Kingdom.[8]
Download the PDF version of this report (pdf, 430kb).
Malicious actors commonly use the following techniques to gain initial access to victim networks.[TA0001]
Malicious cyber actors often exploit the following common weak security controls, poor configurations, and poor security practices to employ the initial access techniques.
Applying the following practices can help organizations strengthen their network defenses against common exploited weak security controls and practices.
[1] United States Cybersecurity and Infrastructure Security Agency
[2] United States Federal Bureau of Investigation
[3] United States National Security Agency
[4] Canadian Centre for Cyber Security
[5] New Zealand National Cyber Security Centre
[6] New Zealand CERT NZ
[7] Netherlands National Cyber Security Centre
[8] United Kingdom National Cyber Security Centre
[9] White House Executive Order on Improving the Nation’s Cybersecurity
[10] NCSC-NL Factsheet: Prepare for Zero Trust
[11] NCSC-NL Guide to Cyber Security Measures
[12] N-able Blog: Intrusion Detection System (IDS): Signature vs. Anomaly-Based
[13] NCSC-NL Guide to Cyber Security Measures
[14] National Institute of Standards and Technology SP 800-123 – Keeping Servers Secured
U.S. organizations: To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov. To report computer intrusion or cybercrime activity related to information found in this advisory, contact your local FBI field office at www.fbi.gov/contact-us/field, or the FBI’s 24/7 Cyber Watch at 855-292-3937 or by email at CyWatch@fbi.gov. For NSA client requirements or general cybersecurity inquiries, contact Cybersecurity_Requests@nsa.gov.
Canadian organizations: report incidents by emailing CCCS at contact@cyber.gc.ca.
New Zealand organizations: report cyber security incidents to incidents@ncsc.govt.nz or call 04 498 7654.
The Netherlands organizations: report incidents to cert@ncsc.nl.
United Kingdom organizations: report a significant cyber security incident: ncsc.gov.uk/report-an-incident (monitored 24 hours) or, for urgent assistance, call 03000 200 973.
The information you have accessed or received is being provided “as is” for informational purposes only. CISA, the FBI, NSA, CCCS, NCSC-NZ, CERT-NZ, NCSC-NL, and NCSC-UK do not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring.
This document was developed by CISA, the FBI, NSA, CCCS, NCSC-NZ, CERT-NZ, NCSC-NL, and NCSC-UK in furtherance of their respective cybersecurity missions, including their responsibilities to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.
May 17, 2022: Initial version -
Investigation into Twitter data breach launched – Cyber Security Hub
A dataset allegedly containing the email addresses and phone numbers of more than 400 million Twitter users has been put up for sale on hacking forum Breached Forums.
The dataset was uploaded to Breached Forums on December 23, 2022, by a hacker going by the screen name ‘Ryushi’. The hacker claimed to have collected the data using data scraping techniques and a now-patched vulnerability in the social media site’s software in 2021 and demanded US$200,000 for an “exclusive” sale of the data.
Sample of 400 million Twitter breach
Alexandria Ocasio-Cortez
– SpaceX
– CBS Media
– Donald Trump Jr.
– Doja Cat
– Charlie Puth
– Sundar Pichai
– Salman Khan
– NASA’s JWST account
– NBA
– Ministry of Information and Broadcasting, India
– Shawn Mendes
– Social Media of WHO pic.twitter.com/RdezKOlMml
In their post, the hacker addressed Twitter owner Elon Musk directly, saying: “Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4 m[illion] breach imaging [sic] the fine of 400 m[illion] users breach.
“Your best option to avoid paying $276 million USD in GDPR breach fines like Facebook did…is to buy this data exclusively”.
The hacker went on to warn that if Twitter did not buy the data before it was sold, users would “lose trust in you” and said that if malicious actors used the data to gain unauthorized access to the accounts of prominent people (e.g. celebrities or politicians), that they will “for sure make them ghost the platform” and “ruin [Musk’s] dream” of Twitter being a video sharing platform.
Ryushi went on to say that the data breach would exacerbate an already “sensitive time” for content creators on Twitter, and that if Musk was unsure about what to do he should “run a poll on Twitter like usual and people will chose their fate”, a reference to the fact Musk has allegedly used Twitter polls to influence business decisions.
The hacker also blamed Twitter directly for that hack, saying “at the end of the day it’s the company’s fault this data was breached”.
Hey @elonmusk, since you don’t seem to have much a media/comms team anymore, can you address the apparently legitimate claim that someone scraped & is now selling data on hundreds of millions of Twitter accounts? Maybe it didn’t happen on your watch, but you owe Twitter a reply.
Users of the site have urged Musk to publicly comment on the data breach. Cyber security expert and investigative journalist Brian Krebs tagged Musk in a public post about the breach, saying that he “owe[s] Twitter a reply” about the breach, even if it “didn’t happen on [his] watch”.
The forum post included sample data for 37 celebrities, corporations, journalists, politicians and government agencies including Doja Cat, Alexandria Ocasio-Cortez, the World Health Organization, Shawn Mendes and Piers Morgan.
It has been suspected that the sample data has already been used by malicious actors to access the accounts listed in the sample, namely British tabloid journalist Piers Morgan. This suspicion arose after Morgan’s Twitter was allegedly hacked and a number of strange tweets were posted to his profile between Christmas Day and Boxing Day 2022.
These tweets included abusive messages, false information and racial slurs directed at a number of people including the late Queen Elizabeth II and singer Ed Sheeran.
Morgan has not yet publicly addressed the hack.
The Irish Data Protection Commission (DPC) announced on December 23, 2022, that it will be launching an investigation into a breach that exploited the same vulnerability and affected 5.4 million users in July 2022. This investigation was referenced by Ryushi in their post.
The breach took place using a vulnerability in Twitter software that was first flagged to the company in January 2022. This vulnerability allowed malicious actors to learn if an email address or phone number was associated with an existing account by entering the number or email address and attempting to log in.
The DPC said in a statement that it had “corresponded with Twitter International Unlimited Company (‘TIC’)” in relation to the data breach and “raised queries in relation to GDPR compliance”.
After considering the information provided by TIC in response to its queries, the DPC said it was “of the opinion that one or more provisions of the GDPR and/or the Act may have been, and/or are being, infringed in relation to Twitter Users’ personal data”.
As a result of this, the DPC said that it will be investigating the data breach to determine “whether TIC has complied with its obligations, as controller, in connection with the processing of personal data of its users or whether any provision(s) of the GDPR and/or the Act have been, and/or are being, infringed by TIC in this respect”.
In November 2022, social media company Meta was fined $275 million following an investigation by the DPC into a Facebook data leak that took place in April 2021. This was also referred to by the hacker in their Breached Forums post.
01 March, 2023
Online
08 – 09 March 2023
Free CS Hub Online Event
08 March, 2023
Online
15 March, 2023
Online
15 March, 2023
Online
March 21, 2023
Free CS Hub Online Event
Insights from the world’s foremost thought leaders delivered to your inbox.
2023-04-12
10:00 AM – 11:00 AM EST
2023-03-15
10:00 AM – 11:00 AM EST
2023-03-15
10:00 AM – 11:00 AM SGT
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPCCareers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time. -
View from Davos: The Changing Economics of Cybercrime – Dark Reading
Cybersecurity In-Depth
Editor’s note: The author participated in a panel discussion at the World Economic Forum titled “Ransomware: To Pay or Not to Pay” on January 19, 2023.
While much of the press on the 2023 World Economic Forum in Davos, Switzerland, focused on international strife, on the ground it was a significantly more economic affair. Certainly, many of the conversations focused on how society must do more to align around solutions to the many polycrises we are facing today, including the threat of a third world war, accelerating climate change, and widening income inequality over COVID-19. But chief among the topics was real, tactical discussion on how to reduce the profit motives of cybercriminals — and help enterprises look at their cyber risk in a radically different way.
In our ransomware panel, Catherine De Bolle, executive director for Europol, noted that cybercrime is a risk created by humans, driven by the economic conditions of high profit and easy opportunity. Ransomware is the most recent monetization of these motives and opportunities, and it has evolved from simple malware to advanced exploits and double or triple extortion models.
The motive for cybercrime is clear: to steal money. But the digital nature of cybercrime makes the opportunity uniquely attractive, due to the following:
As a veteran Air Force cyber operations officer who now runs a cyber-risk solutions company writing insurance policies covering extortion payments, I feel these points all too clearly. That is why it’s time that enterprises dramatically rethink how they manage their cyber-risk as not just a technical problem but a financial problem as well.Fighting Cybercrime With Cyber Resilience
While helping companies pay extortion is never the first choice for any insurer, its role is to help make its clients whole and reduce their financial exposure. But insurers have a responsibility to help their clients think proactively and holistically about how they assess, measure, and manage their cyber-risk overall. In other words, ask:
This is the core idea behind cyber resilience, a way to protect digital infrastructure for enterprises by integrating the technical, policy, behavioral, and economic elements necessary to mitigate and manage cyber as a predictable risk.
Compared to insurance lines like property or auto, which have decades of data measuring what keeps a building from burning down or a car crash victim alive, cyber is a less mature line of insurance. Cyber policies are still harder to underwrite, given the difficulty in quantifying and pricing the risk. They require talented underwriters backed by technical knowledge, threat assessment software, and advanced analytics to measure a company’s security controls balanced against risks in their sector. But like pushing regulations that require fire sprinklers in buildings and seatbelts in cars, insurance can rewrite the rules of how cyber-risk is managed by helping our clients make their digital infrastructures significantly more resilient to extortion threats.
Chainalysis, a member of the Institute for Security and Technology’s Ransomware Task Force, found that ransomware revenue declined by nearly 50% in 2022. Though we have seen extortion attempts remain strong, we can anecdotally say that fewer companies are deciding to pay extortion due to controls that allow them to restore from backups or rebuild their IT networks.
This tells us that for a certain segment of the corporate ecosystem, sharing best practices builds resilience to extortion and raises the cost for attackers. Our goal now is to shift the view of companies and the insurance industry toward this new approach of cyber resilience and reward those who invest in strong cyber hygiene.
In our discussion group on ransomware, a CEO who had just thwarted an extortion attempt said it best when they noted what saved their company was rehearsing a holistic plan to respond to an incident. Exercising with real-world lessons helped their executive team successfully navigate an intrusion without paying the ransom. Davos’ blend of public and private sector leaders made the perfect audience to hear this message.
Fighting cybercrime is a team sport, and to succeed, we must adopt this framework of cyber resilience that integrates the technical, policy, behavioral, and economic elements necessary to manage the reality of ever-growing cybercrime as a predictable and manageable cyber risk.
Copyright © 2023 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG. -
Cybersecurity: Close the skills gap to improve resilience – World Economic Forum
Eliminating the cybersecurity skills shortage, employers can improve the resilience and stability of both their organization and its workforce. Image: Unsplash/Markus Spiske
Listen to the articleWhat is the World Economic Forum doing on cybersecurity?
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
A weekly update of the most important issues driving the global agendaYou can unsubscribe at any time using the link in our emails. For more details, review our
privacy policy.
What is tech diplomacy and why does it matter?
Sebastian Buckup and Mario Canazza
February 23, 2023
Digitizing the City: How the UK's financial system is scrapping paper
Michael Carty
February 23, 2023
How quantum technology could revolutionise Africa's health, agriculture and finance sectors
Lindiwe Matlali and Andrew Fischer
February 23, 2023
Who is responsible for cybersecurity in the home?
Remko Vos
February 22, 2023
What challenges to look out for now the ‘era of connected things’ has quietly arrived
Winston Ma
February 21, 2023
How can AI support human creativity? Here's what a new study found
Jan Bieser
February 20, 2023
About Us
Events
Media
More from the Forum
Partners & Members
Language Editions
Privacy Policy & Terms of Service
© 2023 World Economic Forum