Threat Briefing: November 3, 2023

The U.S. government has recently engaged in a variety of initiatives to strengthen cybersecurity in the U.S., including new reporting requirements for non-banking financial institutions, collaboration with foreign governments on ransomware payment tracking, and an executive order on artificial intelligence. Through these initiatives, the U.S. has gained a greater understanding of the cyber threats affecting the U.S. and present new opportunities to mitigate those threats.

Cyber threat actors have continued to find new ways to publicize ransomware attacks and put pressure on victims to pay, as seen by a recent cyber attack in Las Vegas. Staying informed of the changes in tactics by cyber actors and the new cybersecurity initiatives developed by the U.S. is critical in strengthening your cybersecurity posture.

Cyber Actors Compromise School District and Email Parents of Students with Proof of Compromise – The Clark County School District suffered a cyber attack in early October 2023. SingularityMD, the group claiming responsibility for the attack, emailed parents of the students attending the district with proof of the attack, including a PDF with students photos, contact information, and student ID numbers. SingularityMD has started to leak the data from the attack and claimed they would have deleted the data if the school had a ransom that was approximately one-third of the school district superintendent’s salary. Bleeping Computer

North Korean Cyber Actors Targeting Blockchain Engineers Utilizing Mac Computers – The campaign utilizes a new malware, tracked as KandyKorn, which was likely distributed via a public Discord server, and can exfiltrate data, stop processes, and deploy additional payloads. The campaign likely targeted cryptocurrency engineers at a cryptocurrency exchange to steal cryptocurrency and support North Korea’s efforts to evade sanctions. The Record

Cyber Actors Collecting Identity & Access Management Credentials from Public GitHub Repositories, Supporting Cryptojacking Campaign – The campaign known as EleKtra-Leak has been occurring for approximately two years, whereby cyber threat actors scanned the repositories for plaintext credentials to create multiple AWS EC2 instances. These instances are then utilized to mine for the cryptocurrency Monero, a privacy-focused cryptocurrency. Security Week

New Ransomware-as-a-Service Variant Emerges Utilizing Source Code form Hive Ransomware Operation – The new variant, called Hunters International, is based on source code for Hive ransomware version 6. The cyber threat actors associated with Hunters International indicated they purchased the encryptor source code from Hive developers and were in the process of addressing issues with Hive’s code. Hunters International has been linked to one ransomware attack of a school in the United Kingdom. Bleeping Computer

Florida Man Sentenced to Prison for Role in SIM Swapping Conspiracy Resulting in Theft of Cryptocurrency – The man was sentenced to 30 months in prison and ordered to pay approximately $945,000 in restitution for his role in a SIM swapping scheme. From 2021 through 2022, the man and several co-conspirators compromised victims’ email accounts, gained access to their cell phones used to compromise the cryptocurrency wallets of over a dozen people resulting in the theft of almost $1 million in cryptocurrency. U.S. Attorney’s Office, District of Arizona

Over 45 Countries Attend Counter Ransomware Initiative Summit in the United States – The third summit since it’s launch in 2021, this year brought several new countries in attendance. Many of the attending countries pledged not to pay a ransom if government systems were the victim of a ransomware attack. Additionally, many of the countries also agreed to collaborate on sharing information on wallets used to move virtual currency obtained from ransomware attacks. The Record

U.S. Government Issues Executive Order on Artificial Intelligence, Outlining Responsibilities for Federal Agencies – The order addresses privacy issues, procurement, the use of AI, and hiring of AI professionals. As part of the new Executive Order, the Department of Homeland Security and the Department of Energy are required to study how AI can pose a threat to critical infrastructure. Additionally, the Department of Commerce is required to create authentication standards for generative AI systems. FedScoop

Non-Banking Financial Institutions Required to Report Data Breaches According to Federal Trade Commission Rule – Under the new rule, these institutions have 30 days to report any data breaches. The rule goes into effect starting in April 2024 and applies to any breach impacting at least 500 customers. When institutions identify a breach, they must report the type of information involved, number of customers impacted, and if there would be an impact to law enforcement operations if the breach was publicized. The Record

Russian Government Arrests Two Individuals for Conducting Cyber Attacks Against Russian Critical Infrastructure – The individuals were accused of supporting Ukrainian government forces. One individual was identified as a member of a Ukrainian cyber unit and another individual is a student at a Russian university. Bleeping Computer