CISO Daily Update - November 7, 2024
NEW DEVELOPMENTS
Cyber-Attack on Microlise Disrupts DHL and Serco Tracking Service
Source: Infosecurity Magazine
A cyberattack on telematics provider Microlise disrupted tracking services for clients like DHL and Serco while exposing some employee data. Microlise disclosed the breach on October 31, triggering a 16% drop in its stock price. The company aims to restore systems by end of week and has brought in third-party cybersecurity experts to support containment and recovery. Although customer data remains secure, the attack disabled tracking and panic alarms in Serco’s prison transport vehicles, pushing crews to use alternative safety measures. DHL’s delivery tracking for the Nisa Group was also affected and impacted supply chain operations.
Suspect Arrested in Snowflake Data-Theft Attacks Affecting Millions
Source: Ars Technica
Canadian authorities have arrested Alexander "Connor" Moucka, suspected of breaching more than 165 organizations through compromised Snowflake accounts and stealing personal data from millions. Moucka allegedly exploited credentials obtained through infostealer malware–focusing on accounts without multifactor authentication. These breaches impacted major companies like AT&T and Ticketmaster, with stolen data later surfacing for sale online. In response, Snowflake enforced multifactor authentication and tightened password requirements to improve security.
INTERPOL Disrupts Over 22,000 Malicious Servers in Global Crackdown on Cybercrime
Source: The Hacker News
INTERPOL's Operation Synergia II, conducted from April 1 to August 31, 2024, dismantled over 22,000 malicious servers involved in phishing, ransomware, and data theft. The operation identified around 30,000 suspicious IP addresses and led to the seizure of 59 servers and 43 electronic devices including laptops and mobile phones. Authorities arrested 41 individuals and are investigating 65 more. Notably, Hong Kong police shut down over 1,037 servers, and Mongolian authorities seized a server and identified 93 individuals linked to cybercrime. Private sector partners including Group-IB and Kaspersky provided critical intelligence having identified thousands of IP addresses tied to phishing and malware operations.
A Kansas Pig Butchering: CEO Who Defrauded Bank, Church, Friends Gets 24 Years
Source: The Register
The FBI has recovered $8 million from a cryptocurrency scam that contributed to the collapse of Heartland Tri-State Bank in Kansas. Former CEO Shan Hanes embezzled $47 million from the bank between May and July 2023, transferring the funds into a fraudulent cryptocurrency scheme known as “pig butchering.” This scam tricks victims into investing in fake cryptocurrencies, leading to severe financial losses. Hanes received a prison sentence of over 24 years for his actions. The recovered funds will offer partial restitution to the bank’s shareholders and affected community members.
GoZone Ransomware Accuses and Threatens Victims
Source: Help Net Security
A new ransomware variant called GoZone has surfaced, demanding a modest $1,000 ransom in Bitcoin to decrypt files. GoZone’s ransom notes make false accusations, claiming victims possess child sexual abuse material and threatening to report them if they refuse to pay. Written in Go, the malware uses ChaCha20 and RSA encryption, adding the ".d3prU" extension to affected files. It also disables User Account Control, overwrites the system’s master boot record, and disrupts the System Restore tool to complicate recovery. Security experts advise against paying ransoms and recommend regular, secure backups to counter such attacks.
领英推荐
VULNERABILITIES TO WATCH
Azure API Management Flaws Let Attackers Take Full Control APIM Service
Source: Cyber Security News
Recent research revealed three critical vulnerabilities in Azure API Management (APIM) that could allow attackers to perform Server-Side Request Forgery (SSRF) attacks and upload malicious files. These flaws open the door to unauthorized access to internal Azure assets and arbitrary code execution. Microsoft responded by blocking access to local ports and virtual machine resources and improving validation to prevent unauthorized file uploads. Users should apply these updates immediately and review their APIM configurations to strengthen security.
Google Patches High-Severity Vulnerabilities in Chrome
Source: GBHackers
Google released Chrome version 130.0.6723.116/.117 for Windows and Mac, and 130.0.6723.116 for Linux, to fix two high-severity vulnerabilities: CVE-2024-10826 in the Family Experiences component and CVE-2024-10827 in the Serial component. Both flaws are "use after free" vulnerabilities that allow attackers to execute arbitrary code. Google urges users to update their browsers immediately to reduce security risks.
Cisco Bug Lets Hackers Run Commands as Root on Uwrb Access Points
Source: Bleeping Computer
Cisco patched a critical vulnerability (CVE-2024-20418) in its Unified Industrial Wireless Software that affects Ultra-Reliable Wireless Backhaul (URWB) access points. This flaw allows attackers to execute commands with root privileges by sending crafted HTTP requests to the web-based management interface without authentication. Impacted devices include Catalyst IW9165D Heavy Duty Access Points, Catalyst IW9165E Rugged Access Points and Wireless Clients, and Catalyst IW9167E Heavy Duty Access Points in URWB mode. Cisco urges users to apply the updates immediately to prevent potential exploitation.
SPECIAL REPORTS
Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems
Source: Darkreading
A recent SANS report reveals a sharp rise in cyberattacks targeting industrial control systems (ICS) and operational technology (OT) networks. Attackers frequently exploit vulnerabilities in IT networks to reach OT environments, with 74.4% of reported incidents being non-ransomware attacks. Common attack methods include accessing OT systems through external remote services or internet-connected devices (23.7%), employee workstations (20.3%), removable media (20.3%), and supply chain compromises (20.3%). Additionally, 18.6% of respondents reported spear-phishing attempts using email attachments as the initial compromise. Although only 12% faced ransomware attacks in the past year, the impact on ICS/OT environments remains high, with 38.1% reporting disruptions to reliability and safety during such incidents.
Identity-Related Data Breaches Cost More Than Average Incidents
Source: Help Net Security
Identity-related data breaches prove more severe and costly than typical incidents, with 66% of affected organizations reporting significant impacts. Among them, 44% estimated these breaches cost more than standard data breaches. To reduce risks, 61% of organizations plan to implement passwordless authentication within the next year, aiming to lessen vulnerabilities tied to compromised credentials. Additionally, 80% believe artificial intelligence will strengthen cybersecurity defenses over the next five years, and 79% intend to incorporate AI into their security strategies within the coming year.
Finding value in this newsletter? Like or share this post on LinkedIn