Archive for September 14, 2023

NSA, FBI and CISA Release Cybersecurity Information Sheet On Deepfakes And Their Threats To Organizations

Posted in Commentary with tags , , on September 14, 2023 by itnerd

The NSA, FBI and CISA have released a CSI or cybersecurity information sheet called Contextualizing Deepfake Threats to Organizations. Here’s the TL:DR via this media alert:

Today, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Information Sheet (CSI), Contextualizing Deepfake Threats to Organizations, which provides an overview of synthetic media threats, techniques, and trends. Threats from synthetic media, such as deepfakes, have exponentially increased—presenting a growing challenge for users of modern technology and communications, including the National Security Systems (NSS), the Department of Defense (DoD), the Defense Industrial Base (DIB), and national critical infrastructure owners and operators. Between 2021 and 2022, U.S. Government agencies collaborated to establish a set of employable best practices to take in preparation and response to the growing threat. Public concern around synthetic media includes disinformation operations, designed to influence the public and spread false information about political, social, military, or economic issues to cause confusion, unrest, and uncertainty.

The authoring agencies urge organizations review the CSI for recommended steps and best practices to prepare, identify, defend against, and respond to deepfake threats.

Allen Drennan, Principal & Co-Founder, Cordoniq had this to say:

“The threat of deepfakes has been an ongoing challenge, however with the introduction of unregulated AI data mining that could provide unfettered access to media, this elevates the threat to a whole new level. Consumers who have provided photos, videos, audio and recordings to third-party social networks, email host providers and even online meeting solutions may find that their likeness is easily consumed by AI training models to better recreate deepfakes that not only look and sound like their intended target but also behave like them. Since many of these organizations maintain information for protracted periods of time as part of their terms of service, consumers may find these AI models can train against their likeness retroactively. Federal regulation of privacy as it relates to consumer provided content to companies and organizations is critical in preventing the wide-spread use of deepfakes.”

This cybersecurity information sheet is very much worth reading as this is an emerging threat that all should take seriously. And with emerging threats, it’s better to get out front of them rather than be on the defensive.

Cloud Vulnerabilities Surge 200% Due To Poor Security: IBM

Posted in Commentary with tags on September 14, 2023 by itnerd

The IBM X-Force Cloud Threat Landscape Report 2023 tracked 632 new cloud-related vulnerabilities between June 2022 and June 2023 and saw a 194% increase over the previous year bringing the total number tracked by the vendor to 3900, a number that has doubled since 2019. 

In 36% of the real-world cloud incidents, the top initial access point for cloud compromises was the use of valid credentials either attained during an attack or stolen prior to targeting a specific victim. That is a significant jump from the 9% observed the previous year.  

“[It] highlights the need for organizations to move beyond human-reliant authentications and prioritize technological guardrails capable of securing user identity and access management,” IBM analyst Chris Caridi said. 

The X-Force team found examples of poor security practices such as plaintext credentials located on user endpoints in 33% of incidents involving cloud environments. 

The next two most common access strategies, each 14% of engagements, were exploitation of public-facing applications and phishing and spear phishing.

Dave Ratner, CEO, HYAS had this to say:

   “Chris Caridi is correct that organizations need to do a better job of securing and authenticating user identity.  At the same time, bad actors will always break in, so the report also highlights the need for improved visibility and observability of anomalous communication patterns via Protective DNS — the telltale sign of an initial breach beaconing out to its command-and-control for instructions.  Only through a defense-in-depth strategy will organizations truly be able to implement business and operational resiliency.”

With the cloud being as pervasive as it is within most organizations, there really needs to be a focus on clouds security to ensure that this isn’t a threat to an organization’s security.

Caesars Admits To Being Pwned In Ransomware Attack…. And They Likely Paid Up

Posted in Commentary with tags on September 14, 2023 by itnerd

Caesars Entertainment has joined MGM Resorts in being pwned by hackers in a ransomware attack. This came to light in an SEC filing where they admitted to the pwnage:

As Bloomberg reports, citing sources close to the matter, the late-August attack left Caesars Entertainment forking over tens of millions of dollars to the hackers. The incident was described in an SEC filing published today, in which the company states that the breach occurred as the result of a “social engineering attack on an outsourced IT support vendor.” Sources told The Wall Street Journal that this social engineering attack involved a hacker posing as an employee to get the IT contractor to change a password. The hackers reportedly made off with the company’s loyalty program database, which contains a list of driver’s license numbers and Social Security numbers for a “significant number of members” within the database. 

“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” the company wrote in the SEC filing. “We are monitoring the web and have not seen any evidence that the data has been further shared, published, or otherwise misused. Nonetheless, out of an abundance of caution, we are offering credit monitoring and identity theft protection services to all members of our loyalty program.”

Another example of a social engineering attack leading to epic pwnage. Just like the MGM attack. Which isn’t a surprise given that the same threat actors are behind both attacks. And if you read the statement, it sounds to me like they paid up but don’t know if this will guaranteed to stop the data from leaking. That’s not a good situation.

Here’s some commentary from some industry experts:

Drew Schmitt, Practice Lead, GuidePoint Research and Intelligence Team (GRIT) at GuidePoint Security:

Scattered Spider is well known for its affinity for large targets, and the victimization of MGM and Caesars proves that the group possesses the motivation and means to be successful in their operations targeting substantial organizations. Scattered Spider is well known for having very well-established social engineering capabilities that many groups do not, mainly because they are rumored to have a significant presence in the United States, a characteristic many other groups do not share. Scattered Spider is exceptionally persistent and technically competent at many techniques, including phishing, SMiShing, MFA bombing, and SIM swapping, which have all contributed to their successful social engineering campaigns. Recently, there have been increasing speculations that Scattered Spider has partnered with AlphV on several occasions to extort the organizations they have victimized successfully.

Regarding the MGM hack, there has been a lot of emphasis on the fact that a brief social engineering phone call resulted in widespread compromise within a huge organization. We currently do not have the complete picture, and although this method of intrusion highlights some potential gaps in cybersecurity processes, there is likely much more to this intrusion than meets the eye. Scattered Spider is highly determined and persistent in their operations; if it wasn’t for this social engineering attempt, it could have been another that relied on more technical means. Sometimes attackers get lucky, and this could be one of those times. 

The reality of this situation is that Caesars and MGM were enormous organizations that became victims of ransomware. Still, so far in 2023, there have been over 2,800 public ransomware victims posted across leak sites belonging to more than 52 different threat actors. This number doesn’t include the victims that pay a ransom demand, a number which organizations like Caesars would belong to. The ransomware pandemic continues to be the most prolific threat that all industries and organizations, regardless of size, face. The Caesars and MGM hacks are a reminder that partnerships in intelligence sharing and investing in cybersecurity teams should be a significant topic of discussion for all organizations and that, as an industry, we need to continue moving fast to keep up with evolving threats.

Chris Denbigh-White, Chief Security Officer for Next DLP:

In the wake of these recent cyberattacks, which appear to have emanated from the exploitation of an external IT provider, it becomes evident that businesses must fortify not only their internal networks but also extend their cybersecurity vigilance to encompass third-party vendors and strategic partners. This underscores the imperative for a comprehensive approach to safeguarding digital assets. In short many organizations need to “lift their vision in order to protect their businesses.”

I note that in the mainstream discussion about the cyberattacks that hit both Caesars and MGM, the use of social engineering tactics seems to be taking center stage. However, it is crucial to bear in mind that social engineering represents just one “link” in the chain of a successful attack. In order to effect the level of impact that we have seen by these attacks many other information security controls must have failed.  

Organizations seeking to implement learning from these disconcerting episodes should delve deeper, evaluating not only the robustness of their initial security layers but also the overall resilience of their security program. This holistic perspective is instrumental in averting scenarios wherein a single inadvertent user click could potentially jeopardize an entire corporate entity.

Mike Hamilton, Founder and CISO of Critical Insight:

  • Caesar’s paid the extortion demand ($30M?) and are up and running
  • That said, their loyalty program data was stolen and they’ve believed the promise to delete it
  • MGM did not pay, and still have threat actor activity inside the network
  • Apparently actors hit LinkedIn and gathered some employee names, then vished the help desk
  • The ALPHV gang was seen bragging online that it took 12 minutes to go from initial access to full domain admin, and this suggests assistance from an insider
  • MGM apparently having trouble making payroll, and employees are walking out:

I’ll add to this before closing. Besides apparently not being able to make payroll, this is also happening to MGM:

Clearly MGM has issues. Lots of issues.

UPDATE: Emily Phelps, Director, Cyware had this comment:

   “If organizations take away anything from the Caesar’s ransomware attack, let it be a reminder that human behavior is one of the most common vulnerabilities threat actors exploit. Technologies change rapidly. Human behavior doesn’t. Improving security awareness must be an ongoing effort, and it is only the beginning. 

    “To minimize social engineering risks, it’s important to also ensure you require multifactor authentication, ideally using different types of authentication such as a passphrase and an authenticator app. Threat intelligence is critical to recognizing potential risks before they can cause harm. 

    “Organizations must not only have access to reliable intel; they must also be able to operationalize intelligence quickly. If you aren’t taking action, you aren’t reducing risk. This is why security collaboration and trusted intelligence sharing are critical to enabling enterprises to rapidly act on context-rich insights, moving from a reactive to a proactive security posture.”

Dave Ratner, CEO, HYAS followed with this:

   “Social engineering is one of the most successful ways bad actors breach an environment, and one of the hardest gaps to close.  Continued user training is needed, but this must be complemented with defense-in-depth strategies that assume breaches will occur and  detect the initial telltale signs of a breach, the digital exhaust indicating anomalous activity, so that the attack can be stopped before it expands and impacts operational resiliency.”

Tech Leaders Make A Trip To Capitol Hill To Talk AI

Posted in Commentary with tags on September 14, 2023 by itnerd

Yesterday, the biggest names in tech made a trip to Capitol Hill for a closed-door summit on artificial intelligence:

Senate Majority Leader Chuck Schumer, D-N.Y., hosted the private AI Insight Forum in the grand Kennedy Caucus Room on Capitol Hill on Wednesday, as lawmakers sought advice from 22 AI tech giants, human rights and labor leaders about how government should regulate the new technology.

In addition to Musk, Meta CEO Zuckerberg and Microsoft co-founder Gates, ChatGPT-maker OpenAI CEO Sam Altman and Google CEO Sundar Pichahi attended, as well as leaders from human rights, labor and entertainment groups.

And here’s what they allegedly said:

According to Schumer, every leader in the meeting raised their hand when asked if government should regulate AI.

“We got some consensus on some things … I asked everyone in the room, does government need to play a role in regulating AI and every single person raised their hand, even though they had diverse views,” Schumer told reporters. “So that gives us a message here that we have to try to act, as difficult as the process might be.”

That’s not the response I was expecting from them. But likely it likely is the right answer. Allen Drennan, Principal & Co-Founder, Cordoniq had this comment:

“The new privacy and security concerns of AI need to be carefully evaluated by regulators, or consumers could quickly find that every piece of data that has ever been provided to private companies and organizations is used in the training of AI models.  While this has clear benefits, such as applying AI to cold-case files in investigations, it could also be used to scrape all communications you have ever posted to the Internet, including social media, email cloud host providers and others, to gain a more exact profile of the consumer, on a mass basis. This type of advertiser information is invaluable which makes privacy regulations all that more important.”

Hopefully, there’s a thoughtful approach to AI that balances regulation to letting it do what it was designed to do. That way we can get the benefits without many of the risks.

OVHcloud Launches Carbon Calculator 

Posted in Commentary with tags on September 14, 2023 by itnerd

 OVHcloud has announced that it now provides its IaaS customers with a carbon calculator aimed at giving them monthly reports on their cloud-related carbon emission. 

With over 20 years of innovation in developing a sustainable cloud through watercooling at scale, OVHcloud continues to set the bar for industry best practice. Giving customers a better understanding of their cloud infrastructure carbon footprint is aimed at not only providing greater transparency but also encouraging more responsible IT usage across the industry.

The methodology behind the carbon calculator required more than eight months of development, and aims to be exhaustive, by considering factors such as manufacturing down to the component level. Accessible on demand from the OVHcloud customer panel, the tool takes into account the estimated electrical consumption of servers from OVHcloud datacenter monitoring and map them to their carbon equivalent, taking into account the cooling and networking equipment, as well as freight, manufacturing, end of life and waste management, to provide a complete picture of the actual carbon footprint.

The calculator is location-based. As such, the reporting depends on the local power mix, meaning that a server located in a country with a low carbon power mix will result in a different carbon estimate than that of the same server housed in a country with a less favorable mix. By the end of the year, the market-based information will complement carbon calculator reporting, highlighting the Group’s commitment when it comes to power mix decarbonation. 

OVHcloud carbon calculator software stack was developed in conjunction with Sopra Steria, while the methodology was audited by IJO, an independent consulting firm specialising in Green IT. 

“As a major tech player in Europe, we have a key role to play in supporting a more sustainable digital landscape across the entire value chain, including employees, clients, suppliers and partners. That’s why we are delighted to have contributed to the creation of the OVHcloud carbon calculator, which enables businesses to assess the environmental impact of their cloud activities. We are proud of the trust placed in us to play an active role in this decarbonisation initiative” said Fabienne MATHEY-GIRBIG Executive Director Corporate Responsibility & Sustainable Development at Sopra Steria.

In line with a strong commitment to sustainability

OVHcloud has long developed a vertically integrated industrial model with most of its datacenters being built and owned by the Group, featuring proprietary innovations, and leveraging two factories located in Croix, France, and Beauharnois, Canada, to build its own designed servers, providing total control over the value chain. This unique approach means that in a ten hours period under full load an OVHcloud server requires just one glass of water to be cooled, when many servers on the market need seven times more. OVHcloud’s innovation also enables it to reach an average global PUE of 1.28, lower than the 1.55 [1] industry average according to 2022 estimates. 

These water usage effectiveness and power usage effectiveness scores are amongst the best in the industry. They pave the way for future certifications while the newly launched carbon calculator clearly demonstrates OVHcloud’s commitment to a sustainable cloud.

With sustainability rooted in our DNA, we constantly challenge ourselves to improve the carbon footprint of our overall operations. We are more than ever aware of the importance for our customers of calculating their carbon footprint as accurately as possible. We are therefore extremely happgy to give them a precise reading and understanding of it, all with a single click of the mouse.” said Michel Paulin, CEO OVHcloud.

All in all, OVHcloud Carbon Calculator provides customers with transparent and exhaustive (scope 1, 2, 3) carbon footprint information from manufacturing to infrastructure run. The Groupe is the only cloud provider to offer life cycle analysis at a component level on top of the carbon footprint of the cloud service consumption.


OVHcloud Carbon Calculator is now available free of charge worldwide [2] for all of our customers of the BareMetal product line direct from the OVHcloud control panel. It is also accessible through an API. Hosted Private Cloud customers will also benefit from the carbon calculator in the next weeks.

[1] Source: WW DC Operators PUE, Uptime Institute, 2021

[2] Except USA

MGM Resorts Hackers Claim That They Pwned The Company In Ten Minutes

Posted in Commentary with tags on September 14, 2023 by itnerd

This is one of those cases where it proves that the weakest part of your cybersecurity efforts are the humans. I say that because the MGM Resorts hack that I reported on was carried out via a simple 10 minute phone call:

The ALPHV/BlackCat ransomware group claimed responsibility for the MGM Resorts cyber outage on Tuesday, according to a post by malware archive vx-underground. The group claims to have used common social engineering tactics, or gaining trust from employees to get inside information, to try and get a ransom out of MGM Resorts, but the company reportedly refuses to pay. The conversation that granted initial access took just 10 minutes, according to the group.

“All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk,” the organization wrote in a post on X. Those details came from ALPHV, but have not been independently confirmed by security researchers.

If that’s true, then that’s very bad. And it highlights the need to train help desks and the like to be vigilant of social engineering like this. Because now that this is out there, it’s a safe bet that other threat actors will try the same thing to carry out similar attacks.

UPDATE: John Gunn, CEO, Token provided me with this comment:

It is beyond ridiculous that we continue to rely on humans as the core of our cyber-defense strategy and expect every employee in the entire organization to be able to identify and fend off sophisticated attacks from hackers using the most advanced tools and techniques. Humans, meaning everyday users, are simply not capable and we have to take this vulnerability out of the process by changing the way they login.

People are the weakest link in cyber security and their abilities to defend have improved extremely little in the past twenty years while attack methods and tools have raced forward in effectiveness and frequency. When cyber criminals fully implement AI, it will be a bloodbath as breaches and the losses accelerate seemingly unimpeded. We must stop relying on humans to defend our organizations against today’s cyber attacks.

New Generation of Age-Old Nigerian Prince Scams as Hackers Use Generative AI for Novel Scams

Posted in Commentary with tags on September 14, 2023 by itnerd

Abnormal Security has published its newest discovery showcasing the evolution of the Nigerian prince scam and how these attacks continue, despite increased awareness, targeting businesses and organizations – not just personal accounts – and using generative AI to see more success. 

As a CISO that’s been doing this for years, it was intriguing and exciting to Abnormal Security’s CISO Mike Britton that this attack is still occurring and they’re still targeting business emails, which shows that this is still an effective attack.

You can read more on this here.

New Screen Protectors From Mujjo For The iPhone 15 Are Available Now

Posted in Commentary with tags on September 14, 2023 by itnerd

Introducing the all-new Glass Screen Protector — Mujjo’s first-ever screen protector. The easy way to protect your phone screen.

Here are some good details to know:

  • Super-clear high-quality glass.
  • 9H hardness reinforced glass for scratch resistance.
  • Ultra-thin: 0.33mm for perfect responsiveness.
  • Electroplated coating to resist fingerprints, oil, dust and water.
  • Made from recycled materials.
  • Easy-to-use applicator tray for perfect alignment, made from recycled plastic.
  • Each box includes two protectors and two cleaning kits.
  • Available for every iPhone 15 model.
  • €29.00 / £24.00 / $24.00

Available today on

The DoD Is Overhauling Its Cyber Strategy With Actionable Intelligence

Posted in Commentary with tags on September 14, 2023 by itnerd

The Department of Defense published its 2023 Cyber Strategy aimed to open up communications with other federal agencies and the private sector on the topics of cyber threats, elections and other critical systems, and increasing collaboration with foreign allies.

The strategy may be a challenge for the Defense Department which has a shortage of cybersecurity-trained personnel and doesn’t typically share intelligence outside agency walls, and, for decades, only focused its Cyber Command defense operations on protecting U.S. military networks from cyberattacks.

“DOD’s cyber strategy was extremely reactive in nature and led U.S. Cyber Command to really only be prepared to help recover from a cyber […]. During those days, I would frustratingly refer to Cyber Command as the ‘clean up on Aisle 6’ and ‘break glass in time of war’ command,” said Lt. Gen. Charlie Moore, who served as deputy commander of Cyber Command from 2020 to 2022.

DOD is now aiming to provide more resources and intelligence to tighten the bond with the private sector— which controls almost 90 percent of all critical U.S. networks.

Rather than merely asking companies to share information about breaches after they’d occurred, DOD is starting to say to companies: “‘we owe you actionable intelligence, and you will defend the networks yourselves,’” said Eoyang, the deputy assistant secretary.

Ted Miracco, CEO, Approov Mobile Security had this comment:

   “This new cyber strategy from the DoD represents an important shift from a reactive to proactive posture and is ultimately about far more than DoD’s capabilities. Networks crossing sectors and borders require a global security mindset. This strategy’s direction is right, but execution will determine whether it leads to meaningful improvement in cyber resilience as talk of information sharing and partnership is good, but only if it is backed-up by real, sustained commitments. The strategy’s emphasis on sharing actionable intelligence to enable better private sector defenses, rather than just mopping up after the fact, is wise, but it will require overcoming cultural obstacles.

Emily Phelps, Director, Cyware follows with this:

   “Securing critical infrastructure is complex, and with today’s threat landscape, it requires a modern, proactive approach. Threat intelligence alone is not enough to combat a persistent wave of adversaries. Intelligence must have the necessary context and clarity so that the right people can take the right action. It requires strategic automation to rapidly collaborate so that teams have the actionable intel they need without the noise that slows them down.”

This is a good move by the DoD as different federal agencies and the private sector working to stop cyber threats makes them all stronger. I hope we see more joint efforts like this going forward.