Cannabis ISAO Director’s Cut: March 18

In this blog series, our Executive Director Ben Taylor highlights a selection of cybersecurity, physical security, health or natural threat related stories relevant to the cannabis industry.

Cybersecurity

Statement from CISA Director Easterly on the Passage of Cyber Incident Reporting Legislation 

“As the nation’s cyber defense agency, CISA applauds the passage of cyber incident reporting legislation. Thanks to the support of our many partners in Congress, CISA will have the data and visibility we need to help better protect critical infrastructure and businesses across the country from the devastating effects of cyber-attacks. CISA will use these reports from our private sector partners to build a common understanding of how our adversaries are targeting U.S. networks and critical infrastructure. This information will fill critical information gaps and allow us to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and quickly share that information with network defenders to warn other potential victims. CISA is committed to working collaboratively and transparently with our industry and federal government partners in order to enhance the security and resilience of our nation’s networks and critical infrastructure. Put plainly, this legislation is a game-changer. Today marks a critical step forward in the collective cybersecurity of our nation. We are also grateful to Congress for the unprecedented level of funding provided for CISA in the Fiscal Year 2022 Omnibus. This investment represents a recognition of the importance of our mission and the confidence of the Congress in our ability to defend our nation’s networks and critical infrastructure.”

How a Vulnerability in Third-Party Technology Is Leaving Many IP Cameras and Surveillance Systems Vulnerable

A large number of IP cameras and surveillance systems used in enterprise networks were recently discovered to be vulnerable to remote code execution and information leakage due to CVE-2021-28372, a vulnerability in the built-in ThroughTek Kalay P2P software development kit that is used by many of these devices. Many users of IP cameras and surveillance systems are unaware of the built-in software and TCP/IP stacks in their devices, and can overlook related vulnerabilities as a result. Vulnerabilities in built-in third-party technologies, many of which are not continuously maintained or are using legacy software, can leave IoT devices vulnerable in turn. This necessitates having proper visibility into devices in an enterprise network, as well as proper risk and vulnerability assessment.

Hackers Hit Mass. Background-Check Firm Used by State Agencies, Universities

Hackers made off with highly sensitive personal records on more than 164,000 job-seekers and license applicants in a virtual “smash and grab” attack last November which included marijuana entrepreneurs. An attorney for Creative Services said the company was offering two years of free credit monitoring and other support to those affected, since the stolen records included names, Social Security numbers, driver’s licenses, and other identifying information that could enable fraud.

Exposing initial access broker with ties to Conti 

Initial access brokers are the opportunistic locksmiths of the security world, and it’s a full-time job. These groups specialize in breaching a target in order to open the doors—or the Windows—to the malicious actor with the highest bid. EXOTIC LILY is a resourceful, financially motivated group whose activities appear to be closely linked with data exfiltration and deployment of human-operated ransomware such as Conti and Diavol. At the peak of EXOTIC LILY’s activity, we estimate they were sending more than 5,000 emails a day, to as many as 650 targeted organizations globally. Up until November 2021, the group seemed to be targeting specific industries such as IT, cybersecurity and healthcare, but as of late we have seen them attacking a wide variety of organizations and industries, with less specific focus. The group has been known to create entirely fake personas posing as employees of real companies. That would sometimes consist of creating social media profiles, personal websites and generating a fake profile picture using a public service to create an AI-generated human face.

Physical Security

Cannabis Shops Increasingly Opt for Armed, Private Security to Protect Themselves

A concerning trend of robberies in western Washington state has led to retail operators to reconsider whether or not their security personnel should be armed.

Additional reported dispensary robbery events this week include:

• Police charge man with gunpoint robbery during marijuana buy | Times Leader
• Police: Tracking device helped in capture of suspects in Bellevue marijuana shop robbery
• One suspect shot, killed in Seattle after armed robbery of Factoria pot shop | king5.com
• 1 dead, 1 injured after shooting at Bell Gardens marijuana shop
• Oakland Cannabis Sellers, Once Full of Hope, Face a Harsh Reality
• One suspect arrested in Grants Pass pot robbery – Mail Tribune

Oklahoma Thieves Impersonate Cops and Raid Several Pot Farms

On March 13, a group of six individuals—donned in believable law enforcement gear—furnished a fake search warrant and attempted to raid a Hughes County, Oklahoma medical cannabis grow operation in a brazen attack. The next day, other locations were hit including a medical cannabis business in Seminole County. Over 100 pounds of cannabis, machines, cash and cell phones were stolen. Law enforcement agents believe the rash of incidents are connected.

The group of bandits wore uniforms and masks, saying they worked for the “Oklahoma Marijuana Board” which doesn’t exist, and wore Oklahoma Highway Patrol uniforms. They demanded cash for a supposed compliance violation fine. The Oklahoma Medical Marijuana Authority (OMMA), however, would be in charge of compliance had there been an actual compliance violation. OMMA officials do not demand for fines to be paid immediately at gunpoint.

Last week we reported that the FBI is warning the public of ongoing widespread fraud schemes in which scammers impersonate law enforcement or government officials in attempts to extort money or steal personally identifiable information.  It is important to keep staff aware of these types of trends in order to allow for early recognition of suspicious activity.

Storefront Security and Emergency Response Survey Results

There is and has been a heightened concern for break-ins and break-in attempts at retail locations across the country. In response to these concerns, LP Magazineasked loss prevention practitioners to answer a 20-question survey addressing these concerns in retail establishments. Survey questions were crafted with the guidance and support of subject-matter experts to help develop a pool of questions that explored relevant issues in the retail environment. The full survey results have been attached to this Daily Report. Some key findings include:

• 83% of respondents indicated they experience break-in or break-in attempts in their area of responsibility every year
• 29% experienced more than 15 break-ins or attempted break-ins a year
• 77% believe that smash-and-grabs are a growing concern in their area of responsibility
• 54% indicated that loss of inventory or cash was most expensive cost incurred during a break-in, while 23% indicated emergency glass repair was the most expensive cost

Man Shoots Supervisor in Houston, Texas Office Building

Police said the suspect is an employee at Greenway Plaza and “passed up everybody else” to get to this victim. It is unclear why he targeted the supervisor. After a search, authorities said the suspect was arrested at a high-rise apartment complex roughly 5 miles from the Greenway Plaza.

In October 2021, employees working at Greenway Plaza building went through intense active shooter training scenarios.  Employees working in the space say they never could’ve imagined they would be using the skills they learned in that drill just five months later. Assistant Houston Police Department Chief Larry Satterwhite says from what they can tell, the active shooter drill paid off.  “In times of crisis, you revert to what you’ve been trained and what you’re thinking about,” Satterwhite said. He says being mentally prepared for the worst can be the difference between life and death, and he recommends all companies take the time to implement active shooter training in the workplace. 

Public health crises, such as the COVID-19 pandemic, remain the top security concern of employees in the U.S., according to the 2022 State of Employee Safety Report from AlertMedia, which details employees’ current perceptions of safety in the workplace. The study found that 90% of U.S. workers believe their organization has a duty of care to protect employees from unnecessary risk of harm when working or traveling on their behalf. Furthermore, 82% of employees stated employers’ obligation to keep employees safe extends to those working remotely.

The report asked respondents to rank their level of concern when it comes to ten common workplace safety threats. The threats were ranked by how many employees classified themselves as “extremely or somewhat concerned.”

1. Public health emergencies (79%)
2. Cyberattacks (65%)
3. Severe weather (65%)
4. Crime (62%)
5. Significant outages (59%)
6. Transportation disruptions (55%)
7. Natural disasters (54%)
8. Workplace violence (53%)
9. Structure fires (48%)
10. Protests and demonstrations (46%)

While 82% of working Americans report that their employer offers safety training, only 56% report participating in training more than once per year. What’s more, employees who are not offered safety training are more than twice as likely to say they would not know what to do in the event of an emergency at work. Several upcoming trainings can help organizations experience similar results in hostile situations.

Natural Events

China Locks Down Business Center of Shenzhen Amid COVID-19 Surge 

China’s government responded Sunday to a spike in coronavirus infections by shutting down its southern business center of Shenzhen, a city of 17.5 million people, and restricted access to Shanghai by suspending bus service.

• China battles multiple outbreaks, driven by stealth omicron
• China battles worst Covid outbreak for two years as cases double in 24 hours
• China tightens controls as more virus cases reported

Above Average Spring Temperatures Could Grow More Expansive By June 

Temperatures through the rest of spring are expected to be most above average in the Southwest and Southern Plains, but that heat could expand to a much larger area of the country by June, according to the latest outlook from The Weather Company, an IBM Business and Atmospheric G2. Above to much above average temperatures are favored from the Southern and Central Plains into the Southwest, when looking at the whole three-month period from April to June.

Much of the upper Midwest and East could have temperatures near or slightly above average, while the Northwest is favored to be near or slightly cooler than average. Keep in mind this outlook is an overall three-month trend. That means we could see periods that are hotter or cooler in each respective region of the country when compared to what is shown.

Check out the latest blog highlighting issues important to cannabis security!

Tweet