Simply Cyber Newsletter #113

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

Microsoft catches Russian state-sponsored hackers shifting tactics to WhatsApp. State-sponsored Russian hackers, known as Star Blizzard, have shifted tactics to target WhatsApp accounts using phishing campaigns. They exploit QR codes to gain unauthorized access to sensitive messages. Microsoft advises vigilance among individuals in diplomacy, government, and Ukrainian assistance roles, emphasizing verifying suspicious messages with trusted methods.

What you need to know: Educate your end users about phishing tactics that manipulate trust by prompting them to bypass normal protections. In a recent attack, Russian threat actors exploit WhatsApp account-linking feature by sending broken QR codes or links, leading users to ask for alternatives. The follow-up communication provided a malicious link, tricking victims into visiting a phishing site.

Phishing attacks rely on deception, whether through email, social media, messaging apps, or even QR codes. Cybercriminals use urgent or high-stakes scenarios to trick individuals into clicking malicious links or sharing sensitive information. This highlights the importance of scrutinizing all unexpected communication, regardless of the platform.

Encourage users to avoid clicking on unsolicited links, double-check senders’ identities through trusted contact methods, and use security features like two-step verification where available. The key takeaway is simple: stay cautious and verify before you click, no matter the app or platform.

FOR PEERS

CISA report touts cyber hygiene enrollment surge for critical infrastructure orgs. CISA reported a 201% increase in critical infrastructure organizations adopting its Cyber Hygiene service from 2022–2024, improving vulnerability management and remediation times. Critical vulnerabilities dropped 50%, while sectors like communications led improvements. However, challenges remain with operational technology exposure, particularly in government services, where 63% of OT protocols are publicly accessible.

What you need to know: Share this story with your peers and have conversations about what your organization is doing to enhance vulnerability management through Cyber Hygiene initiatives. CISA’s report revealed a 201% increase in participation among critical infrastructure organizations, driving measurable improvements. Critical vulnerabilities dropped by 50%, remediation times decreased significantly, and exploitable services per organization declined over two years.

Despite these gains, challenges persist, especially in managing operational technology exposure. Alarmingly, 63% of OT protocols in government services are still publicly accessible, alongside risks in other sectors like IT (10%) and energy (10%). These findings underscore the importance of proactively evaluating your organization’s exposure and adopting robust practices like limiting public-facing services, securing OT environments, and prioritizing high-severity vulnerabilities. Collaborate with peers to integrate these lessons into workflows, ensuring alignment with evolving industry benchmarks and advancing the resilience of critical infrastructure systems.

FOR EXECUTIVES

Ransomware abuses Amazon AWS feature to encrypt S3 buckets. A new ransomware campaign targets Amazon S3 buckets, leveraging Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data and demand ransoms. Exploiting compromised AWS credentials, attackers create unrecoverable encryption keys. Businesses must enforce strict access policies, rotate keys frequently, and avoid using SSE-C to safeguard critical cloud storage.

What you need to know: Consider speaking with your business leaders about the risks of ransomware targeting cloud environments. Highlight that threat actors are exploiting cloud-native features like Amazon S3 encryption, making data recovery impossible without the attacker’s key. Explain that your plan involves implementing stricter access policies, reducing unnecessary permissions, and eliminating the use of vulnerable encryption methods like SSE-C.

To succeed, you'll need their support in prioritizing investments in cloud security tools, ensuring resources for key rotation and monitoring, and promoting training for employees handling AWS credentials. Emphasize that proactive measures reduce risks, minimize potential operational downtime, and protect business-critical data, keeping the organization resilient against emerging threats.

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content, every day.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Find more about what’s happening this week in the Simply Cyber community, below.

Thank you and see you again next time! Have a great week, #TeamSC!

Gerry

SIMPLY CYBER DAILY CYBER THREAT BRIEF

Catch the most popular weekday cyber threat news analysis livestream around and meet the most supportive community ever, #TeamSC!

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM EST via YouTube and LinkedIn - podcast also available on Spotify, Apple Podcasts, or your favorite podcast platform. You can also check it out on our podcast webpage.

SC MEDIA GROUP SIMPLY DEFENSIVE PODCAST

When: Monday, January 20 at 9:30 AM ET | Presented by: Simply Cyber Media Group

From Military Police to Cyber Sleuth - Jess Bishop's Journey and Insights

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells are joined by SOC analyst Jessica Bishop. Jessica shares her unconventional journey into cybersecurity, transitioning from military police to a corporate role and eventually into a SOC analyst position at an MSSP.

She discusses her job's dynamic and engaging aspects, the importance of teamwork and communication within cybersecurity, and her intriguing hobby of paranormal investigation. Tune in to hear about effective cybersecurity practices, the challenges of working in a SOC, and the crossover between investigative tactics in cybersecurity and paranormal research. Follow Jess on LinkedIn

Join us at 9:30 AM EST on Monday after the Daily Cyber Threat Brief and Jaw Jackin’.

SC MEDIA GROUP CYBERSECURITY MENTORS PODCAST 

When: Thursday, January 23 at 9:30 AM ET | Presented by: Simply Cyber Media Group

In this podcast we discuss mentoring in cybersecurity, information for those that are looking to get into cybersecurity, and tips for those that are looking to advance their careers.

Join us here for Episode 3 of Season 2 at 9:30 AM EST, immediately following the Daily Cyber Threat Brief and Jaw Jackin’ on Simply Cyber.

Connect the Cybersecurity Mentor Podcast:

• Sign up for our newsletter: https://sendfox.com/lp/m2vx85

• Join us on Discord: https://discord.com/invite/g4yRKjnD78

• Check out our YouTube channel for past seasons and more content: https://www.youtube.com/@CybersecurityMentorsPodcast

• Follow our LinkedIn page: https://www.linkedin.com/company/cybersecurity-mentors-podcast.

SC FIRESIDES PERSONAL BRANDING CASE STUDY

When: Thursday, January 23 @ 4:30 PM ET | Presented by: Simply Cyber Media Group

Personal branding is an important skill to hone in cybersecurity. In this episode of Simply Cyber Firesides, we will talk to Brittany White, a.k.a. bdubzz, a cybersecurity professional, lifelong learner, community builder - and a great example of how to brand yourself for your career.

Brittany's journey from CAD engineering to GRC shaped her inquisitive nature and passion for problem-solving. Today, she's dedicated to helping others, sharing knowledge, and making an impact in the ever-evolving world of cybersecurity.

To top it off, she recently completed the Personal Branding for Cybersecurity Career course from Simply Cyber Academy and can share her experience on starting a YouTube channel to begin building your brand.

bdubzz is an Information Security Analyst II: Compliance & Application Security in the Software Development Lifecycle (SDLC), the CFO for StudyGRC, and a mentor at Hack Smarter for the donate-what-you-can mentoring program.

Come join us to discover how to kickstart your personal branding for cybersecurity!

We hope to see you in live chat!

SC MEDIA GROUP WEEKLY STREAM SCHEDULE

SC ACADEMY THE PLACE FOR GRC CAREERS

At Simply Cyber Academy, we specialize in making GRC Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have NEW COURSES available to help you advance in your GRC Cyber career. Check them out!

Visit academy.simplycyber.io to learn more now.