Simply Cyber Newsletter #102

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your end users, peers, and executives. Support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

Change Healthcare data breach confirmed as largest-ever in U.S. healthcare history. Over 100 million people had sensitive health data stolen in a February cyberattack on Change Healthcare, exposing details like Social Security numbers and medical records. UnitedHealth Group is notifying affected individuals. The incident highlights cybersecurity risks and the importance of protective measures.

What you need to know: If you’re notified about any data breach involving your personal information, take immediate steps to protect yourself. Start by monitoring your credit reports and bank statements for unusual activity; identity thieves often exploit breached data. Consider placing a fraud alert or credit freeze with major credit bureaus to prevent unauthorized accounts. Update passwords for sensitive accounts, choosing unique ones, especially if you reuse passwords across multiple accounts. Enable multi-factor authentication (MFA) wherever possible for added security and watch out for phishing attempts, as scammers may impersonate legitimate sources to obtain further information.

For proactive protection, consider a data removal service like DeleteMe to help keep your personal information private. A proud sponsor of Simply Cyber, learn more at JoinDeleteMe.com/SIMPLYCYBER to take control of your data privacy.

FOR PEERS

Black Basta leverages Microsoft Teams. Black Basta ransomware affiliates use Microsoft Teams and malicious QR codes in a new social engineering attack, posing as IT support to deceive users into downloading remote management tools, facilitating ransomware deployment across targeted sectors worldwide.

What you need to know: Share this story with your peers and discuss how your organization addresses social engineering risks, particularly with the increasing use of Microsoft Teams and QR codes. Black Basta’s latest tactic leverages Microsoft Teams chats, where they pose as IT support, flooding inboxes with spam and sending Teams messages to convince users to download remote monitoring tools like AnyDesk. This approach not only highlights evolving ransomware techniques but also stresses the need for enhanced security protocols within common platforms like Teams. Organizations should reinforce existing safeguards by monitoring for unusual external Teams activities, restricting access, and training staff to recognize suspicious behavior, such as unrequested QR codes or unfamiliar chat requests. Emphasize that vigilance against these strategies is critical, as even everyday tools like Teams can be entry points for sophisticated threat actors.

This is also a great opportunity to educate end users around how legitimate IT staff would and would not contact them for support. By establishing clear communication protocols, such as specifying official channels for assistance and never asking users to download unfamiliar tools without verification, companies can reduce the risk of employees falling for fake IT requests. Reinforcing these guidelines in security training helps end users identify and question unexpected messages, especially if they involve QR codes, remote access requests, or external Teams chats. Clear expectations create a stronger security culture and empowering employees to be a crucial line of defense against these evolving social engineering attacks.".

FOR EXECUTIVES

CISA launches International Cybersecurity Plan. CISA's first international strategic plan (2025-2026) focuses on boosting resilience in foreign infrastructure critical to US interests, strengthening global cyber defenses, and unifying international engagement. This plan emphasizes real-time threat sharing, risk reduction, and collaboration to improve collective cybersecurity and protect interconnected critical infrastructure.

What you need to know: Have conversations with your executives about identifying and assessing dependencies on foreign infrastructure crucial to your business's operations, especially within the supply chain. Encourage them to prioritize mapping and managing cyber risks associated with these international dependencies, given CISA's emphasis on shared global risks. Discuss the need to stay informed about emerging global cybersecurity standards, including "secure by design" principles, as these may soon become compliance benchmarks. Stress the importance of aligning with best practices for cyber defense, such as real-time threat intelligence sharing, to enhance resilience against potential disruptions. Emphasize that proactively incorporating these strategies into the company’s 5-year plan strengthens current operations and positions the business for long-term resilience in an interconnected, evolving global landscape.

Stay current on trending topics, tips, events and resources in cybersecurity, connect with me on socials for new content, every day.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Thank you so much and see you again next Monday!

Have a great week, #TeamSC!

Gerry

DAILY CYBER THREAT BRIEF SIMPLY CYBER

Catch the most popular weekday cyber threat news analysis live stream around and meet the most supportive community ever. #TeamSC

Join us on the Daily Cyber Threat Brief, available on YouTube, LinkedIn, and your favorite podcast platform. Click the links below to favorite on your devices.

SIMPLY DEFENSIVE SEASON 1: EPISODE 6

Premieres: Monday, Nov. 4 at 9:30 AM EDT presented by Simply Cyber Media Group

Welcome to Simply Defensive! Josh Mason and co-host Wade Wells sit down with special guest Ashley Knowles from Black Hills InfoSec. Dive into the world of pen testing, SOC management, and the complex relationships between blue and red teams. Ashley shares her experiences working as a penetration tester for over a decade, her role with Black Hills InfoSec, and insights on improving SOC operations. Discover the challenges of balancing SOC metrics, handling new threats, and fostering transparency between teams. Plus, learn about the intricacies of Microsoft DevTunnels and other cutting-edge techniques used in the field. Don't miss Ashley's advice on research, continuous learning, and the importance of Googling effectively.

Click below to set your reminder notification and subscribe! Simply Defensive happens after the Daily Cyber Threat Brief on Monday.

2 CYBER CHICKS SEASON 5: EPISODE 6

Premieres: Wednesday, Nov. 6 at 9:30 AM EDT presented by Simply Cyber Media Group

If you’re looking for a high level rundown of some of the hottest compliance frameworks, this episode is for you. Jax and Erika kick off episode 6 with an overview of GRC, why compliance frameworks matter and how organizations can prioritize their efforts. Curious to see how many frameworks these 2 Cyber Chicks can rattle off in approximately 20 minutes?

Tune in to learn more & subscribe to Simply Cyber to get updates when new episodes drop!

SIMPLY CYBER CON 2024 WAS A SUCCESS!

IN CASE YOU MISSED IT: Simply Cyber Con was this past Friday and we couldn’t have asked for a better event. Whether you were a part of the conference virtually, or in person, we appreciate your engagement and support! If you missed it and want to catch up to speed and experience the replay, check out the tracks available on YouTube and visit simplycybercon.org to check out the lineup of speakers, and more.

Simply Cyber Con’s Discord is also still open and features the #simply-cyber-con-photos channel where some of the attendees dropped pictures from SC Con 2024.

Find the links below to watch both tracks on-demand and experience the inclusive community event for yourself! We can’t wait until next year, so start making your plans now to be there. We promise, you will not want to miss this event next year. #teamsc

STILL AVAILABLE!

Simply Cyber Con 2024 merch will still be available for a few more weeks, offering an assortment of styles available for everyone. Purchase your merch now!

Special thanks to Simply Cyber Con’s non-profit sponsor, Cybersecurity Central, for the creative design and merch support. Learn more about CC at CybersecurityCentral.org.

SIMPLY CYBER ACADEMY FOR GRC CAREERS

Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. Plus, we have TWO NEW COURSES to excel your cyber career.

At Simply Cyber Academy, we specialize in making GRC Cybersecurity Careers a reality. Visit academy.simplycyber.io to learn more now.