In this blog series, our Executive Director Ben Taylor highlights a selection of cybersecurity, physical security, health or natural threat related stories relevant to the cannabis industry.


3 Tips for Cannabis Businesses Looking to Shore Up Some Cybersecurity Protection

According to Michael Sampson, partner at Leech Tishman and member of the firm’s litigation practice group stated that “Cyber risk remains very significant across the cannabis industry and across the U.S. commercial landscape generally, because this is really an area where the cannabis industry faces the same types of risks that many other businesses face,” he says. “The risk to the cannabis industry may be greater in some respects, but it’s certainly no less than any other business.”

In discussing the benefits of communicating with law enforcement after an attack in order to properly investigate, the author notes that, “Cannabis businesses may not be caught in a silo in the event of a cyberattack. It can be very helpful to an investigation for all affected parties to have their names thrown into the ring for further communication on the ramifications of the attack. And don’t get scared off by those letters: F. B. I. Just because cannabis remains a federally illegal industry, the FBI is not necessarily precluded from investigating crimes like this. Consider the IRS during tax season.”

Fraudulent Websites and Google My Business Listings Targeting Cannabis Industry

Earlier this year, Kushfly posted a blog outlining their brand being targeted by criminal actors who had created fraudulent business listings utilizing the Kushfly brand in an effort to scam potential customers. Not only does this activity hurt the customer, it also impacts a companies brand and consumer trust. A member of the cannabis industry information security community has recently identified other brands that were being targeted by this type of activity. Those organizations have been contacted to alert them of the fraudulent activity, but all cannabis businesses are encouraged to proactively scan for this type of activity. 

The Cannabis ISAO operates a Slack workspace which is free for any industry member to join where both cybersecurity and physical security threat intelligence like this is shared on a daily basis. To learn more and join in the conversation, please visit our Get Involved page.

2021 Top Routinely Exploited Vulnerabilities

On April 27, 2022, the cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom published a joint Cybersecurity Advisory (CSA), 2021 Top Routinely Exploited Vulnerabilities (AA22-117A). As in prior years, this joint effort highlights multiple vulnerabilities that threat actors are routinely exploiting on devices and software that remain unpatched or are no longer supported by a vendor. AA22-117A lists the top 15 and also includes 21 more “additional routinely exploited vulnerabilities,” for a total of 36 in 2021. For the purposes of this analysis, all 36 vulnerabilities will be aggregated. These lists, including the larger Cybersecurity & Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities Catalog, are part of an effort to help all organizations prioritize vulnerability management activities, including patching efforts that many struggle with.

Ransomware Quick Hits.

A few notable ransomware-related stories from the past week.

  • The State of Ransomware 2022. Earlier this week, Sophos released their annual study of the real-world ransomware experiences of IT professionals working at the frontlines around the globe. The study has revealed an ever more challenging attack environment together with the growing financial and operational burden ransomware places on its victims. It also shines new light on the relationship between ransomware and cyber insurance, and the role insurance is playing in driving changes to cyber defenses. This year, 5,600 IT professional from 31 countries participated in the research, with 965 sharing details of ransom payments made. Key findings include:
    • Ransom attacks are more frequent – 66% of organizations surveyed were hit with ransomware in 2021, up from 37% in 2020.
    • Ransom payments are higher – In 2021, 11% of organizations said they paid ransoms of $1 million or more, up from 4% in 2020, while the percentage of organizations paying less than $10,000 dropped to 21% from 34% in 2020. Overall, the average ransom paid by organizations that had data encrypted in their most significant ransomware attack, increased nearly fivefold to reach $812,360.
    • More victims are paying the ransom – In 2021, 46% of organizations that had data encrypted in a ransomware attack paid the ransom. Twenty-six percent of organizations that were able to restore encrypted data using backups in 2021 also paid the ransom.
    • The impact of a ransomware attack can be immense – The average cost to recover from the most recent ransomware attack in 2021 was $1.4 million. It took on average one month to recover from the damage and disruption. 90% of organizations said the attack had impacted their ability to operate, and 86% of private sector victims said they had lost business and/or revenue because of the attack.
  • New Black Basta ransomware springs into action with a dozen breaches. A new ransomware gang known as Black Basta has quickly catapulted into operation this month, breaching at least twelve companies in just a few weeks. The first known Black Basta attacks occurred in the second week of April, as the operation quickly began attacking companies worldwide. While ransom demands likely vary between victims, BleepingComputer is aware of one victim who received over a $2 million demand from the Black Basta gang to decrypt files and not leak data.
  • New Bumblebee malware takes over BazarLoader’s ransomware delivery. A newly discovered malware loader called Bumblebee is likely the latest development of the Conti syndicate, designed to replace the BazarLoader backdoor used to deliver ransomware payloads. The emergence of Bumblebee in phishing campaigns in March coincides with a drop in using BazarLoader for delivering file-encrypting malware, researchers say.
  • Ransom payment is roughly 15% of the total cost of ransomware attacks. Researchers analyzing the collateral consequences of a ransomware attack include costs that are roughly seven times higher than the ransom demanded by the threat actors. This includes the financial burden imposed by the incident response effort, system restoration, legal fees, monitoring costs, and the overall impact of business disruption. According to Check Point’s analysis, the ransom demand is typically between 0.7% and 5% of the victim’s annual revenue, with the average percentage being 2.82%. Many ransomware gangs offer discounts for fast payments, ranging between 20% and 25% if the ransom is paid within a few days.

Physical Security

The Gate 15 Interview: Ben Taylor, on Cannabis ISAO, Cannabis Industry Security, Cybersecurity, Rescue Dogs and More!

Our Executive Director Ben Taylor joined the Gate 15 Interview podcast this week to discuss information sharing, the development of the Cannabis ISAO, physical security and cybersecurity challenges the cannabis industry faces, along with scams and other crime trends.

Bankers Associations From All 50 States Push Senate To Pass Marijuana Banking Reform As Part Of Large-Scale Bill

Banking associations representing all 50 states and one U.S. territory sent a letter to Senate leaders on Thursday, imploring them to include marijuana banking reform in a large-scale manufacturing bill that’s heading to bicameral conference. The banking groups wrote that the current lack of banking access for cannabis businesses means that the “industry is operating primarily in cash, which causes significant public safety concerns and undermines the ability of cannabis regulators, tax collectors, law enforcement and national security organizations to monitor the industry effectively.”

“The SAFE Banking Act is a narrowly tailored solution designed to bring this growing industry into the regulated banking system and provide much-needed visibility into its financial activity,” the letter says, adding that the measure would promote transparency and improve tax collection.

Additional cannabis robbery-related headlines include:

Hostile Event Preparedness Training

An upcoming FREE webinar from Gate 15’s Hostile Event Preparedness Series is scheduled for 12 May at 1:00 PM Eastern. The session will cover the Hostile Event Attack Cycle. This builds on previous trainings that discussed education on hostile event preparedness and fire as a weapon. Security professionals are encouraged to register for this FREE event here. During the Hostile Event Attack Cycle Session, participants will:

  • Recognize types of Hostile Events, to better prepare for and react to an event
  • Identify indicators of potential violence, to possibly avert a hostile event from occurring
  • Identify the phases of a Hostile Event
  • Provide mitigation strategies to help in the development of a training program appropriate for your organization
US Department of Labor investigation of Boise mall shooting finds security company exposed officers to dangers of workplace violence

A federal investigation has determined that Professional Security Consultants Inc. – a Los Angeles-based security company that provides officers for shopping malls, schools, hotels, hospitals, office buildings and gated communities – repeatedly exposed its employees at the Boise Towne Square mall to workplace violence hazards and failed to follow its own procedures for interacting with armed individuals to enforce the mall’s code of conduct.

Natural Events

Climate Change Could Double the Number of Major Hurricanes and Typhoons by 2050, Study Finds

As a result of climate change, the number of hurricanes and typhoons rated as Category 3 storms and higher could double by the year 2050, a new study concludes. Using computer modeling, the study, which was published Wednesday in the journal Science Advances, concluded that, as global air and water temperatures continue to rise due to excess greenhouse gas emissions, the increase in the number of major hurricanes and typhoons will affect a larger number of people.

According to the new study, climate change will help increase the wind speeds of major hurricanes by as much as 20% over the next 28 years, as well as the overall frequency of Category 4 and 5 storms by more than 200% in some parts of the world. The predicted increase in the frequency of major hurricanes and typhoons is not evenly distributed in areas that already see tropical cyclone activity. While Miami is projected to see a modest annual increase in probability of experiencing a major hurricane in a given year (from 3.6% at present to 4.0% by 2050), Honolulu is forecast to see that probability more than double (from 4.0% to 8.6%) over the same span, the study found.

Massive wildfires helped fuel global forest losses in 2021

Around the globe, 2021 brought more devastating losses for the world’s forests, according to a satellite-based survey by the University of Maryland and Global Forest Watch. Earth saw more than 97,500 square miles of tree cover vanish last year, an area roughly the size of Oregon. Many of the areas that vanished in 2021, such as the boreal forests dominated by hardy spruce and pine that were burned by wildfires in Canada, Russia and the United States, are expected to grow back over time — though perhaps not soon enough to aid the world in its efforts to pull as much carbon from the atmosphere as possible.

Russia experienced its “worst fire season ever,” said Elizabeth Goldman, a researcher with the World Resources Institute (WRI), which launched the Global Forest Watch project 25 years ago. While such blazes are a natural part of the boreal ecosystem, “the Russian fires are particularly worrying because of Siberia’s vast peatland area and melting permafrost, both of which can release massive amounts of stored carbon when peat is dried or burned, or when permafrost melts,” she said. This can result in feedback loops that can worsen fires and hasten climate change.

Amazon Warehouse Collapse Probe Finds Worker Safety Risks

U.S. regulators are calling on Amazon to improve its procedures for dealing with severe weather like hurricanes and tornadoes that could threaten workers at its warehouses dotted across the country. The Occupational Safety and Health Administration (OSHA) on Tuesday sent a “Hazard Alert Letter” to Amazon following the agency’s investigation into the deadly collapse of a company warehouse in Edwardsville, Illinois in December. Given the increase in frequency and intensity of climate change induced severe weather systems, the need for proper preparedness is more important than ever.

The investigation raised concerns about the potential risk to employees during severe weather emergencies, according to the letter sent to Amazon that OSHA made public. The agency said its inspection found that, while the company’s severe weather procedures had met minimal federal safety guidelines for storm sheltering, the company still needed to further protect its workers and contract employees. The letter requires Amazon to review its severe weather emergency procedures but the company won’t face any fines or penalties.

The agency has recommended Amazon makes its warning devices readily accessible, ensures all employees participate in drills for emergency weather events and include site-specific information in its emergency plans. It said it will also send hazard alert letters to three delivery service providers, who employed the injured worker and five of the employees who died.

‘Everything is Halted’: Shanghai Shutdowns are Worsening Shortages

Widespread COVID outbreaks in China have brought entire cities to a standstill and hobbled manufacturing and shipping hubs throughout the country. An estimated 373 million people — or about one-quarter of China’s population — have been in covid-related lockdowns in recent weeks because of what is known as the country’s zero covid policy, according to economists at Nomura Holdings. There are also fears that new lockdowns could soon take hold in the capital city, Beijing, escalating the threat to the global economic recovery. Continuing lockdowns in Shanghai — a major hub for America’s semiconductor and electronics supply chains — has set up companies for potentially months of delays and higher costs

White House officials are closely monitoring the situation in Shanghai, with the State Department providing frequent updates on the potential impacts. New economic data from March shows Chinese exports of good rose by 15 percent relative to last year, but this data does not reflect the impact of the Shanghai lockdown that began at the end of last month, according to a White House official, who spoke on the condition of anonymity to provide internal administration assessments.

Check out the latest blog highlighting issues important to cannabis security!