Aphinia - Your Weekly CISO Update

Here’s your weekly update on comings and goings, jobs, networking opportunities and actionable insights:

These are the most recent appointments and promotions of your cybersecurity peers. Say “CONGRATS!”🥂 to:

• Gary Delaney was appointed as Chief Information Security Officer at BNY Mellon. 

  Ryan Wood was appointed Chief Information Security Officer at VGM.

• Daniel Shalom was appointed Chief Information Security Officer at Earnix.

• Apurva Dhanwantri was appointed Chief Information Security Officer at Cornerstone OnDemand.

• Dane Durbin was appointed Chief Information Security Officer at The Scotts Miracle-Gro Company.

• Brandon Thompson was appointed as Chief Information Security Officer at A-LIGN. 

• Todd Mesick was appointed as Chief Information Security Officer at The Lubrizol Corporation.

• Paul Davis was appointed as Chief Information Security Officer at JFrog.

• Katie Clare was appointed Chief Information Security Officer at Covington & Burling LLP.

• Heather Fowles was appointed Chief Information Security Officer at the University of Massachusetts Lowell.

• Jeremy Walczak was appointed Senior Vice President, Chief Information Security Officer at GenesisCare U.S.

• Vic Prather was appointed Senior Vice President, Chief Information Security Officer at The First Bank.

• Eric Odell was appointed Chief Information Security Officer at Pactiv Evergreen Inc.

• Grant Leonard was appointed Chief Information Security Officer at Lumifi.

• Talia Burkarth was appointed Chief Information Security Officer at GNC.

• Katelyn Perna was appointed Chief Information Security Officer, Crypto at Robinhood.

Appointed? Promoted? Let us know!

Aphinia is growing! Say hello, reach and connect with our new members:

• Andrew Bjerken, Chief Privacy Officer, Marriott Vacations Worldwide

• Andrew Castelano, Director of Technical Instruction- Cybersecurity, Per Scholas

• Sarah Hendrickson, CISO, Cerebral

• Jeganath James, Head of Security, MinkasuPay

• Paul Kankwende, Group Head Information Security, Bayport Finance Services

• Dina Mathers, Head of Cyber Security, Carvana

• Dominic Pace, CISO, Onebrief

• Joey Rachid, Chief Information Security Officer, Vroom

• Matthew Tan, Head of Practice, Cybersecurity, Lumen

• Royce Weber, Director, Information Security and Risk, CTM

Welcome on board!

Who in your network can benefit from Aphinia? Please send them here »

Not yet a member? Apply here »

Do you want to share your story with fellow CISOs? Book your time now: https://calendly.com/aphinia/30min

Do you want to impart your wisdom and share actionable insights? And, importantly, to further enhance your personal brand so that you would get:

• a new Advisory role

• a consulting gig

• a promotion or appointment

• a book deal

• a speaking engagement at industry conference

Our dance card is filling up fast, here’s the link to grab your time slot now: https://calendly.com/aphinia/30min

Meanwhile, check out our wide ranging conversation with our guest Brent Deterding (CISO, AFNI) about how CISOs should think about building a personal brand on social media, best practices and pitfalls; career advice and all things cybersecurity:

Several important events happened that merit your attention:

• This escalated quickly... Last week, Microsoft and OpenAI released reports analyzing the utilization of AI services, including Large Language Models by different cyber threat actors. These reports encompass a range of state-affiliated threat actors, including those from Russia, Iran, North Korea, and China.

• Who is watching bee-watchers watchers? The IT service of the European Parliament has detected spyware on the smartphones of members belonging to its security and defense subcommittee during a routine device check. In response, the EU Parliament has sent a letter urging members to have their devices scanned by its IT department.

• Privacy is dead: Home delivery service DoorDash has agreed to pay a $375,000 civil penalty for breaching California's privacy laws. California Attorney General Rob Bonta filed a lawsuit against DoorDash for selling customer data without user notification or opt-out options. The data including customer names, addresses, and transaction histories, was sold to a marketing cooperative.

• Not your keys: US contractors are resisting two cybersecurity bills that aim to authorize government cybersecurity agencies to have unrestricted access to their networks in the event of a security breach.

• Cactus ransomware hits Schneider Electric: In a bold move, the Cactus ransomware group claims to have pilfered 1.5TB of data from Schneider Electric's Sustainability Business division on January 17th, leaking 25MB of data on their dark website as evidence. This leak includes American citizens' passports and NDA documents. BleepingComputer reveals the group's extortion efforts, threatening to release all stolen data unless their ransom demands are met.

• I-Soon leak reveals China's global surveillance tactics: Documents from I-Soon, linked to China's Ministry of Public Security, unveil extensive surveillance on dissidents, minorities, and nationals abroad, showcasing hacking and espionage across regions like Hong Kong, Xinjiang, and Taiwan. This highlights China's efforts to infiltrate social media and breach privacy, raising global privacy and security concerns.

• Avast fined $16.5 million for privacy breach: The FTC fines Avast $16.5 million for selling user browsing data without consent, revealing sensitive information from 2014 to 2020. Despite anonymization claims, data could be traced back to individuals, compromising privacy. The settlement requires Avast to cease misleading data practices, delete collected data, and inform impacted users, marking a significant step in digital privacy enforcement.

• Walmart's Spark Driver data breach: A security breach on Walmart's Spark Driver platform exposed sensitive data, including names, Social Security numbers, and driver's license details. Affected individuals are being notified and advised to take protective measures against fraud and identity theft.

• Five Eyes Advisory on Russian cyberespionage: The Five Eyes intelligence alliance, comprising the UK, US, Australia, Canada, and New Zealand, has issued a warning about the evolving tactics of Russia's SVR (Foreign Intelligence Service) units, including APT29 and Cozy Bear. These groups are adapting their methods to target cloud environments increasingly utilized by both public and private sector entities.

• Easy money: In a major escalation against cybercrime, the U.S. State Department is offering up to $15 million for information leading to the capture of the masterminds behind the notorious LockBit ransomware operation. Since January 2020, LockBit has been implicated in over 2,000 attacks globally, inflicting significant operational and financial damage through data destruction and theft. 

• SubdoMailing scheme exploits reputable domains: Guardio Labs has exposed "SubdoMailing," a complex spam and click monetization campaign operated by ResurrecAds. This operation compromises thousands of domains and subdomains from reputable brands to distribute vast amounts of spam and phishing emails. The scheme effectively bypasses conventional email security protocols (SPF, DKIM, DMARC), aiming to drive significant traffic and revenue for its advertising network through deceptive means.

These senior cybersecurity sales roles you may want to forward to your friends and colleagues:

• University of Alaska is looking for a Chief Information Security Officer in Fairbanks, AK. 

• Oakland County Michigan is looking for a Chief Information Security Officer in Pontiac, MI. 

• Case Western Reserve University is looking for a Chief Information Security Officer in Cleveland, OH. 

• Pacific Premier Bank is looking for a Chief Information Security Officer in Addison, TX. 

• Merchants Bonding Company is looking for a Chief Information Security Officer in West Des Moines, IA. 

• Black Hills Federal Credit Union is looking for a Chief Information Security Officer in Rapid City, SD.

• The City of Lincoln & Lancaster County is looking for a Chief Information Security Officer in Lincoln, NE.

• Cryoport Systems is looking for a Vice President & Chief Information Security Officer in Hammond, LA.

• Ultra Electronics is looking for a remote Chief Information Security Officer in Austin, TX.

• The NYC Department of Finance is looking for a Deputy Chief Information Security Officer in Manhattan, NY.

• The New York City Department of Investigation is looking for a Chief Information Security Officer in Manhattan, NY.

Looking for a job? Hiring? Let us know.

These are virtual and live events for the cyber community you may find interesting:

=> SAVE THE DATE! April 16, 2024 - 6:00-9:00pm

Aphinia is hosting a members-only CISO Mastermind in downtown New York City on April 16, 2024, 6-9pm.

The event is all but sold out (the venue is small), and we have 4 remaining invites, first come first served: »Sign up here»

Industry Events:

• CISO San Francisco Think Tank is taking place on Feb 29, 2024 in San Francisco, CA.

• CISO Chicago Think Tank is taking place on Mar 12, 2024 in Chicago, IL.

• RSA 2024 is taking place on May 6-9, 2024 in San Francisco, CA.

• Gartner Security & Risk Summit is taking place on June 3-5, 2024 in National Harbor, MD.

• BlackHat is taking place on August 6-11, 2024 in Las Vegas, NV.

• Evanta Global CISO Executive Summit is taking place on September 16-18, 2024 in San Diego, CA.

Attending or hosting an event? Let us know!

Two Aphinia members are looking for vendor feedback:

Hi everyone! I’m considering how we build out an “insider risk” style program. Several folks i have spoken to have recomended a tool; Code42. I was wondering if any of you had any experiences of Code42 to share?

***

We are looking to purchase a password manager and give it away to our employees as a perk.  Are any of your companies doing something similar and if so, what vendor are you using?

The conversation is on Slack in the #general channel, so if you can share your experience and help them out, a) comment on Slack or b) if you are not on Slack, ping me and I will send you a link or c) if you don’t like Slack, send me an email and I will connect you directly.

Separately, if you looking for similar type of advice, post your question in the #general channel.

Hackers have been busy recently 📈 :

• Fairway Independent Mortgage Corporation confirms data breach following “operational incident” involving third-party vendor

• Prospect Medical notifies CIGNA policyholders of September 2023 data breach. 

• Aquent and CIGNA affected by third-party data breach at Prospect Medical Holdings.

• LoanDepot Says 16.9 million customers impacted by January data breach.

• U-Haul says 67,000 customers affected in records system breach.

• Cybersecurity breach at UnitedHealth subsidiary causes Rx delays for some pharmacies. 

• Australian data breach report highlights supply chain risks. 

• Tangerine data breach exposes personal information of 230,000 customers. 

• Onclusive finds ‘possible data breach’ from cyber attack. 

• Change Healthcare cyberattack disrupts services nationwide.

• HHS’ Office for civil rights settles second ever ransomware cyber-attack.

• Northwestern Mutual Life Insurance customer information leaked due to vendor data breach. 

• A cyber incident at Laurentian University disabled the website, WiFi, and email, impacting IT services recovery efforts.

• The City of Hamilton is tackling an ongoing cybersecurity incident affecting an unknown number of municipal systems.

• Following an attack in late November, Insomniac Games has disclosed that the Rhysida ransomware exposed employee data and deals with Nvidia and Marvel.

• Aspen Dental suffered a ransomware attack, and patient data was potentially stolen; an investigation is underway.

But a handful of them were nabbed 👮‍♀️:

• Father-Son Duo Arrested for LockBit Ransomware Involvement: Ukrainian police arrested a father-son duo suspected of being LockBit affiliates, highlighting a unique case of family involvement in cybercrime.

• More LockBit affiliates arrested, $10M bounty for info on others: French authorities have issued warrants against LockBit affiliates, intensifying efforts to dismantle the ransomware cartel. The US offers a $15 million reward for information on LockBit's leaders, marking a significant step in the global crackdown on the group.

• Reportedly detained: Aleksandr Ermakov, who was named responsible for the 2022 Medibank hack, has reportedly been detained in Russia over alleged cyber crimes. Australian intelligence has linked Ermakov to the hacking syndicate REvil, a Russian cybercrime gang that supplies hacking tools to novices in return for a cut of any ransoms paid.

• The plot thickens: The FBI has arrested and charged journalist Tim Burke with allegedly hacking Fox News. Burke allegedly used compromised credentials to access files then used to produce news reports for HBO and ESPN. Some of the footage that Burke released reportedly led to the firing of network figurehead Tucker Carlson. Burke's legal team denied the charges and claimed he found the files unprotected on the internet.

Stay safe.

Misha Sobolev

Aphinia

***

P.S.: Are you a senior GTM executive at a cybersecurity company wanting to get your story in front of 1,000s of cybersecurity executives? Sponsor a thought leadership section in the next issue of CISO Wire.