In this blog series, our Executive Director Ben Taylor highlights a selection of cybersecurity, physical security, health or natural threat related stories relevant to the cannabis industry.


Cannabis MSO Shares Cyber Threat Report

A Cannabis ISAO partner organization has recently shared a report in our Slack workspace that outlines the activity of a threat actor they have coined as “GanjaMask”. That report was further elaborated on by an independent cybersecurity research professional. The full report is labeled as TLP:AMBER and as such can not be publicly shared, but if you would like access to the full report, please request access to our FREE Slack Workspace here.

“GanjaMask is a malicious enterprise that has been operating for the past year using a network of websites, social and maps postings, and communication methods in attempt to sell or distribute illegally produced or obtained cannabis products and other drugs. Their main method appears to be misrepresenting themselves as legitimate cannabis operators across the United States via Google Maps.

GanjaMask works by creating fake websites that misrepresent themselves as legitimate or formerly shuttered Cannabis companies, and then bolstering their visibility through fake listings on Google Maps.

The Google Maps listings take advantage of unsuspecting customers by mimicking common keywords of various Cannabis companies and offering to be more convenient than other companies in the area (if they exist). Listings often contain an address, website, and phone number and claim to offer Cannabis delivery services.

The websites are template driven and all like each other, and often contain elements from several companies. Rarely, the elements all align from logo to other content. All have offerings to accept payment in credit card, Bitcoin, or other cryptocurrencies and often have similar contact information to the malicious listing, on the homepage to build credibility with the victim.

When a prospective customer engages with the group by placing an order on the website, they often enter a credit card and their personal contact information. The card will almost always decline, leading someone to contact the customer via phone claiming “an alternative payment method is required”.

If a prospective customer initially engages them via phone or SMS, or after they submit an order on the website, the group then goes to engaging the now victim over phone or SMS to complete the transaction. They will usually request payment via Zelle or similar “instant transaction” networks. Once the funds are received, the group either disconnects or redirects the number to a target Cannabis company or reaches out some time later, often from a different number claiming to be the courier stating they need additional payment to complete the delivery, and if the victim disputes the request, they’ll then disconnect or redirect the most recent number to a target cannabis company.”

The full report features key indicators as well as associated phone numbers, domains and email addresses.

New guidance from the U.K.’s National Cyber Security Centre (NSCS) provides advice and recommendations for mitigating malicious insider behavior. Malicious insider activity is relatively rare, but can have a major impact on an organization when it does occur. It is defined as when anyone who has legitimate access to your organization’s assets exploits their position for unauthorized purposes (so not just employees, but also contractors, partners and suppliers). The measures you take to prevent, monitor or retrospectively audit data exfiltration by malicious insiders can also reduce the risk of data breaches by your staff. The measures will also provide some protection against data exfiltration by external attackers who have penetrated the organization’s network, or captured and exploited valid credentials.

Mitigations for data exfiltration should be one element within an overall framework of insider risk mitigation. This guidance assumes that organizations already have in place such a framework (such as CPNI’s Insider Risk Mitigation Framework), and also procedures in place for managing incident response following data exfiltration (see NCSC’s guidance on managing cyber incidents). Technical controls for consideration include:

  • Implementation of rules within products, apps and services
  • Deny listing/allow listing (by URL, IP ranges, applications, protocols, bi/dual directional rules etc)
  • Preventing use of steganography applications
  • Preventing or controlling the use of translation sites
  • Endpoint/mobile device management
  • Mobile application management
  • Data loss prevention software (including content inspection)
  • Security incident event management (SIEM) solutions
  • Log management and analysis
  • Controlling use of external storage devices
  • Controlling for abuse of email
Top 25 Most Dangerous Software Weaknesses for 2022

The Homeland Security Systems Engineering and Development Institute, sponsored by CISA and operated by MITRE, has released the 2022 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The list uses data from the National Vulnerability Database to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition. This year’s list also incorporates updated weakness data for recent Common Vulnerabilities and Exposure records in the dataset that are part of CISA’s Known Exploited Vulnerabilities Catalog. CISA encourages users and administrators to review the 2022 CWE Top 25 Most Dangerous Software Weaknesses and evaluate recommended mitigations to determine those most suitable to adopt.

As with past years, there is a continued transition in the Top 25 to more specific Base-level weaknesses. While there is a slow decline in the number of unique Class-level weaknesses (from 9 in 2020 down to 7 in 2022), the percentage of all mappings used to generate the list has declined from 30% in 2020 down to 16% this year. Other levels for compound and variant weaknesses remain relatively unchanged. Data from 2019 is included for completeness, with 43% of all mappings going to classes, but this initial set of data had many categories, which is where the remapping analysis was focused; so, there was not as much extensive analysis of classes as in later years.

Physical Security

SCOTUS Instigated Civil Unrest Could Pose Threat to Cannabis Businesses

As the U.S. grapples with the reality of a post-Roe society, authorities are expecting a sustained level of protests and civil unrest as a result. Protests have the ability to disrupt businesses in multiple ways, including inability of staff and customers to easily access your location, delivery schedules impacted through road closures, and increased risk for crimes such as vandalism and arson if bad actors with ulterior motives infiltrate the peaceful protesters.

One threat that cannabis businesses should pay attention to is that large protests can occupy law enforcement resources, and further leave their cash-based businesses vulnerable to slow police response times in the event of a robbery. Businesses are encouraged to monitor protest activity within the areas they operate to assess the ongoing risk. If protest activity were to be pro-longed similar to what was seen in areas like Portland in 2020 in response to the murder of George Floyd, it may be worth increasing security staff in anticipation of even less law enforcement support than usual. 

Meet the CLIMB Act, a New Bipartisan Cannabis Banking Bill

If signed into law, the bill would enable cannabis businesses to access a wide array of banking services, from lending to credit card services and money transfers. Taking a different approach than SAFE, it would also allow the New York Stock Exchange, Nasdaq and other national securities exchanges to list cannabis businesses, providing them with a new avenue to generate capital and grow. 

The bill’s sponsors intend to provide targeted financial relief to small businesses, and businesses run by veterans and members of disenfranchised communities, although the bill language provides few details on this front.

“The CLIMB Act is critical because it provides state legal American businesses with traditional funding and support mechanisms for this emerging industry, which other domestic industries currently enjoy,” said Saphira Galoob, Executive Director of the National Cannabis Roundtablein a recent press release

The CLIMB Act has already garnered endorsements from a number of MJ industry associations, including the National Cannabis Industry Association, National Cannabis Roundtable, American Trade Association for Cannabis and Hemp, Women Grow and Minorities 4 Medical Marijuana, among others.

Attorney General Ferguson convenes Washington Organized Retail Crime Theft Task Force

Attorney General Bob Ferguson announced today the creation of a statewide Organized Retail Crime Theft Task Force. The Task Force will improve coordination and collaboration among law enforcement agencies to address these multi-jurisdictional crimes that endanger employees and cause significant economic harm to our state.

The task force will focus on sophisticated, organized crime rings that account for almost $70 billion in retail losses across the country.

The Task Force is the first of its kind in Washington. Nine other states have a task force dedicated to organized retail crime.

An analysis from the Retail Industry Leaders Association estimates Washington retailers lost $2.7 billion to organized retail crime in 2021. Federal crime statistics show that the value of items stolen from Washington retailers increased by 151 percent from 2019 to 2020.

Natural Events

The West Just Experienced an Aspect of the Climate Crisis that Scientists have Warned of for Years

The West saw an aspect of the climate crisis play out this month that scientists have warned of for years. In the middle of a prolonged, water shortage-inducing megadrought, one area, Yellowstone, was overwhelmed in mid-June by drenching rainfall and rapid snowmelt that — instead of replenishing the ground over a matter of weeks or months — created a torrent of flash flooding that ripped out roads and bridges and caused severe damage to one of the country’s most cherished national parks. The US Bureau of Reclamation projected this week that Arizona, Nevada and California would see even more significant cuts to their Colorado River water allotments starting next year. Federal officials make those determinations on a year-by-year basis every August. Lake Mead, the nation’s largest reservoir which serves millions of people in the Southwest, is already running well below what last year’s projections suggested, even in its worst-case scenario. Last August, the bureau predicted the reservoir would most likely be at 1,059 feet above sea level at the end of this month, and 1,057 feet at worst. But it’s now around 1,045 feet.

Check out the latest blog highlighting issues important to cannabis security!