Dr. Chase Cunningham - Defend & Conquer Weekly Review October 4, 2023

In this week's cybersecurity roundup, I'll be sharing the top 10 latest developments and news in the ever-evolving world of cybersecurity. From exposed industrial control systems to phantom hacker scams, here are the key takeaways you need to know to stay informed and protected.

1. Exposed Industrial Control Systems

Bitsight recently reported that nearly 100,000 industrial control systems (ICS) are exposed to the internet. These systems are particularly vulnerable in sectors such as education, technology, government, politics, and business. While there has been an overall decline in internet-exposed ICS services in 2019, my own analysis revealed a significant discrepancy. I found 388,000 exposed systems in the US alone and almost half a million globally. This disparity suggests that there may be more than 100,000 exposed systems across all sectors, emphasizing the urgent need for swift action to secure these critical systems.

2. Bunny Loader: A New Malware-as-a-Service Offering

Zscaler recently reported on a new malware-as-a-service offering called Bunny Loader. This malware is available for a one-time price of $250 and is designed to steal sensitive information related to web browsers, cryptocurrencies, VPNs, and more. The researchers noted that Bunny Loader has been rapidly developed since its release on September 4th, highlighting the commoditization of malicious tools and the need for robust cybersecurity measures to counteract such threats.

3. Phantom Hacker Scams Targeting Senior Citizens

The FBI has issued a warning regarding an increase in phantom hacker scams targeting senior citizens. These scams involve imposters posing as tech support, financial institutions, and government officials to gain the trust of their victims. By exploiting this trust, the scammers extract sensitive information or trick victims into giving them access to their banking and investment accounts. Shockingly, victims have lost nearly half a billion dollars to tech support scams in the first half of this year alone, with 66% of those losses occurring in individuals over 60 years old. It is crucial to educate elderly individuals on these scams and remind them never to share login credentials via email and to contact their bank directly if they receive suspicious calls.

4. Increasing Cyberattacks Targeting APIs

Cyberattacks targeting APIs have seen a significant increase of 137% since 2023, according to reports. The healthcare and manufacturing industries have become prime targets for attackers leveraging this method. This surge in attacks can be attributed to the growing number of internet-connected medical devices and associated apps and APIs. If your organization is involved in the healthcare sector or utilizes medical devices, it is vital to prioritize the security of your APIs to mitigate the risk of exploitation.

5. Privacy Concerns Surrounding CBP, ICE, and USS Use of Commercial Telemetry

The Department of Homeland Security (DHS) Inspector General discovered privacy issues concerning the use of commercial telemetry data by three DHS agencies: Customs and Border Protection (CBP), Immigration and Customs Enforcement (ICE), and the Secret Service. These agencies procured mobile device geolocation information without adequately developing and adhering to privacy policies. This finding raises important questions about how such practices were allowed to occur, considering the regulations and requirements that are meant to protect individuals' privacy. This revelation is likely to lead to further investigations and increased scrutiny of these agencies.

6. Russian Disinformation Targeting US Support for Ukraine

The New York Times has reported that Russian intelligence services are extensively targeting NATO and seeking to undermine US support for Ukraine. They employ tactics such as influence-washing and troll farms to spread disinformation. These efforts aim to erode trust in the US's involvement in Ukraine and disrupt NATO alliances. This emphasizes the importance of increasing awareness and critical thinking to counteract the spread of disinformation.

7. Zero-Day Vulnerability in Cisco VPN Software

Cisco has recently issued a warning regarding a zero-day vulnerability in its VPN software. To mitigate the risk, Cisco is encouraging users to transition from traditional VPNs to Zero Trust Network Access (ZTNA) solutions. Patches for the vulnerability are available, underscoring the necessity of promptly applying updates and transitioning to more secure alternatives.

8. Exploited Security Flaws in WS_FTP Servers

Tens of thousands of WS_FTP servers have been found to have newly exploited security flaws. These servers are readily discoverable on the internet, making them attractive targets for malicious actors. If your organization has any WS_FTP servers, it is essential to patch and secure them to prevent potential breaches.

9. Tenable's Acquisition of Hermetic

Cybersecurity company Tenable has completed its acquisition of Hermetic. This acquisition highlights the growing investment and interest in the cybersecurity sector. While economic uncertainties persist, it is crucial not to diminish investments in cybersecurity. Instead, organizations should optimize their cybersecurity strategies to adapt to these changing times.

10. Risks Associated with AI Assistants

MIT has published an article discussing the risks associated with big tech's investment in AI assistants. The proliferation of AI assistants raises concerns about security and the potential compromise of sensitive information. It is crucial to understand that the input provided to large language models like Chat GPT is accessible on the backend. Therefore, users must carefully consider the potential risks associated with sharing sensitive information through these platforms.

Conclusion

In summary, the cybersecurity landscape continues to evolve rapidly, with new threats and vulnerabilities emerging regularly. By staying informed about the latest developments, organizations and individuals can take proactive steps to safeguard their systems and data. It is essential to prioritize the security of industrial control systems, educate vulnerable populations about common scams, secure APIs, adhere to privacy policies, counter disinformation campaigns, apply software patches promptly, and invest in robust cybersecurity measures. By addressing these key areas, we can work towards a safer digital environment for all. Stay smart, stay safe, and stay secure!

*This blog post was written by Chase Cunningham, also known as Dr. ZeroTrust, for CybersecurityHQ.*