Pete Recommends – Weekly highlights on cyber security issues, September 10, 2022

Subject: NIST to launch new guidance on security risks of telehealth and smart home integration
Source: GCN

The National Institute of Standards and Technology will outline the safest ways for consumers to use new technologies that provide access to their health care information in a secure digital environment.the “Mitigating Cybersecurity Risk in Telehealth Smart Home Integration,” NIST’s National Cybersecurity Center of Excellence will outline the safest ways for consumers to use new technologies that provide access to their health care information in a secure digital environment.

The project specifically targets devices used within the Internet of Things, and that are potentially vulnerable to hacks as they share data within a household network.

“This project will analyze how consumers use smart home devices as an interface into the telehealth ecosystem,” the current abstract reads. “While the user experience may be improved, practitioners may find challenges associated with deploying mitigating controls that limit cybersecurity and privacy risks.”



Subject: The Air Force Just Survived a Reply All Email Apocalypse

It happens to the best of us: you meant to send an email to one or two people and, whoops, now you’ve accidentally blitzed your entire company or your school. For the sender, the “reply all” incident (also known as an “email storm” or a “Replyallcalypse”) is a thing of dread and humiliation; for the recipients, it’s often both hilarious and annoying.

According to images of the email thread shared by the tipster, a “replyallcalypse” happened when a low-level clerical employee at Ramstein Air Force base in Germany sent out a query about a computer issue at the base, subject line “Logo appearing on our screern [sic].” She wrote, “Please help us !!!” about an ugly and outdated logo that would not quit the screens at Ramstein. She called it “this horrible green statement.”

Subject: FTC sues data broker. The EU opens a “Tech Embassy” in Silicon Valley. US will restrict export of chips to China and Russia
Source: the CyberWire

Summary By the CyberWire staff – At a glance.
  • FTC sues data broker.
  • The EU opens a “Tech Embassy” in Silicon Valley.
  • Industry perspective on cybersecurity and US Federal acquisition policy.
  • US will restrict export of chips to China and Russia.
  • FTC sues data broker.


Selected Reading

U.S. Restricts Sales of Sophisticated Chips to China and Russia (New York Times) Limits were placed on high-end GPUs that power supercomputers and artificial intelligence, said Nvidia and AMD, two Silicon Valley chip makers.Nvidia, AMD warned of new US export restrictions on AI chips (Protocol) The U.S. government has issued new export licensing requirements to Nvidia and AMD for export to China and Russia of the advanced GPUs used for AI.

Australia’s New Anti-Encryption Law Is Unprecedented and Undermines Global Privacy (Foundation for Economic Education) If firms don’t have the power to intercept encrypted data for authorities, they will be forced to create tools to allow law enforcement or government to have access to their users’ data.

Plugging Cyber Holes in Federal Acquisition (Meritalk) By Ken Walker, President & Chief Executive Officer, Owl Cyber Defense

The European Union Opens “Tech Embassy” in Silicon Valley Ahead of New Technology Regulations (Snell & Wilmer) Snell & Wilmer is one of the largest law firms in the western Unites States.

DHS watchdog digs into uneven cyber awareness training, outdated policies (FCW) Some DHS policies and procedures aren’t up-to-date with the latest cybersecurity standards, a new report from the Office of the Inspector General at DHS says. The department, however, says that it’s taking action to mature their training program.

FTC sues Kochava for sale of people’s sensitive location data (TechCrunch) The FTC aims to prosecute Kochava based on numerous violations of the FTC Act, including those involving the unfair sale of sensitive data and consumer injury.

The FTC May (Finally) Protect Americans From Data Brokers (WIRED) The agency’s lawsuit against Kochava should squash the industry’s core defense—and help keep sensitive info off the open market.

NSA, Cyber Command mobilizing Election Security Group to fight foreign cyberattackers (The Washington Times) The National Security Agency and Cyber Command have activated their Election Security Group tasked with disrupting foreign cyberattackers aiming to hack or interfere with the upcoming midterm elections, assembling a team to combat threats coming from China, Iran and Russia.

The IRS will be more like the NSA after Biden’s changes (The Hill) President Biden and the Democrats are setting up the IRS as the next three-letter intelligence agency, with the rapid expansion of the service’s power and payroll. Changes resulting from the improp…

US Army to launch offensive cyber capabilities office (Defense News) Offensive cyber is defined as “operations intended to project power by the application of force in or through cyberspace,” according to NIST.

Army to create new offensive cyber and space program office (FedScoop) The Army will create a new offensive cyber and space program office in 2023, spinning it off from its electronic warfare portfolio, according to officials. The new colonel-led, or O-6 level, program office will be under Program Executive Office Intelligence Electronic Warfare and Sensors and will be aptly called Program […]

Subject: FBI Warns Individuals Employed in the Healthcare Industry of the Ongoing Scam Involving the Impersonation of Law enforcement and Government
Source: FBI via The RISKS Digest – Gabe Goldberg <[email protected]>Thu, 1 Sep 2022 15:28:46 -0400

BALTIMORE—The FBI is warning individuals employed in the healthcare industry of ongoing widespread fraud schemes in which scammers impersonate law enforcement or government officials in attempts to extort money or steal personally identifiable information (PII). Scammers, as part of a large criminal network, research background information of their intended targets through a medical practice’s website and/or social media and supplement this information with information found on common social media websites such as Facebook, Instagram, LinkedIn, etc., to make themselves appear legitimate. … Hard to believe this works.

Subject: Supply chain risk is a top security priority as confidence in partners wanes
Source: Help Net Security

As cyber attackers increasingly look to capitalize on accelerating digitalization that has seen many enterprises significantly increase their reliance on cloud-based solutions and services as well as third-party service providers, software supply chain risk has become a major concern of organizations. Seventy-nine percent of security professionals responding to a recent survey conducted by the Neustar International Security Council (NISC) indicated that their organization’s reliance on cloud-based solutions has increased from pre-pandemic levels, with 48% saying their reliance has “greatly increased.” Similarly, 78% said their reliance on cloud-based services has increased (40% greatly), and 66% reported that their reliance on third-party services providers has increased (27% greatly). As a result, 76% of respondents said they now view supply chain risk as a top security priority….

Subject: Interpol dismantles sextortion ring, warns of increased attacks
Source: BleepingComputer

However, their targets didn’t know this app was designed to steal the contents of their phones’ contact lists which the cybercriminals would use to blackmail the victims, threatening to share their nude videos with relatives and friends in their address books.

“We conducted a proactive investigation and in-depth analysis of a zombie command and control server hosting the malicious application, which – along with the joint efforts by our counterparts – allowed us to identify and locate individuals linked to the criminal syndicate,” said Raymond Lam Cheuk Ho, the head of Hong Kong Police’s Cyber Security and Technology Crime Bureau.

Sextortion is a type of digital extortion where the criminals coerce or trick their targets into sharing explicit videos or images that will later be used for blackmail.

To make things even scarier for their targets, they’ll also often gain access to their social media or contact info, threatening to send the sexual imagery they got their hands on to the victims’ families and friends.

Scammers behind sextortion campaigns are also known to distribute various strains of malware via phishing emails, ranging from data-stealing trojans to ransomware.

“INTERPOL’s awareness campaigns on cyber threats have emphasized that just one click – on an unverified link or to send an intimate photo or video to someone – can suffice to fall victim to cybercrime.”


Related Articles:

Subject: U.S. bank regulator warns of crisis risk from fintech proliferation
Source: Reuters via beSpacific

Reuters: “The rise of fintech services and digital banking could spur financial risks and potentially a crisis over the long term, Michael Hsu, Acting Comptroller of the Currency, a major U.S. bank regulator, warned on Wednesday. “I believe fintechs and big techs are having a large impact and warrant much more of our attention,” Hsu told a New York conference, noting the encroachment of fintech companies into the traditional financial sector, including via partnerships with banks, was creating more complexity and “de-integration” across the banking sector…”…

Banks and tech firms, in an effort to provide a seamless customer experience, are teaming up in ways that make it more difficult for regulators to distinguish between where the bank stops and where the tech firm starts, said Hsu. And with fintech valuations falling as financing costs rise, bank partnerships with fintechs are increasing, he said.

Earlier, Gene Ludwig, a former Comptroller of the Currency, also warned that regulations for fintechs are much less strict than those that govern banks.

“The non-banking industry is getting away with murder,” said Ludwig, who is now a managing partner of Canapi Ventures, a venture capital firm.

Ludwig predicted non-banks “will get us into the next financial crisis if we don’t do something about it.”


Subject: Iranian hacker group posed as journalists to hunt dissidents
Source: FCW spent weeks trying to fool specific targets with intricate appeals—including U.S campaign staff. A hacker group likely linked to Iran’s Revolutionary Guard used sophisticated means and elaborate false identities to steal information from government officials, think tankers, and others around the world who might be in contact with Iranian dissidents, according to a new report from cybersecurity company Mandiant.

Dubbed APT42 by Mandiant, the group has been active since 2015, the report said. Its primary tactic is spear-phishing, a common scam whose perpetrators pose as a legitimate entity and attempt to persuade a target to open an email and click a link that allows the group to steal information. What sets this group apart is the lengths to which they go to appear trustworthy.

One member of the group “posed as a well-known journalist from a U.S. media organization requesting an interview and engaged the initial target for 37 days to gain their trust before finally directing them to a credential harvesting page,” the report said.
Another member posed as the British newspaper Metro to hit targets “located in Belgium and the United Arab Emirates, [with an] online interview via a customized PDF document containing an embedded link leading to a Gmail credential harvesting page,” the report said.


Posted in: Cybercrime, Cybersecurity, Economy, Email Security, Healthcare, Privacy, Social Media