Cyber Intelligence Weekly: The 3 New Ideas You Need to Know this Week (Issue 155 – August 25, 2024)

Dear Friends and Colleagues,

Welcome to our weekly newsletter, where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Before we get started on this week’s CIW, I’d like to highlight that David Faraone has joined Echelon Risk + Cyber as a Partner. With a stellar background in cybersecurity consulting and leadership, David brings invaluable expertise to our team.

Welcome aboard, David!

See our official announcement: https://lnkd.in/gtZ7nufV

Away we go!

1.??US Law Enforcement Turns to Hacked Sky Messages in Major Drug Busts

In recent years, U.S. law enforcement agencies have increasingly tapped into a massive cache of encrypted chat messages originally seized by European authorities in 2021. This trove of half a billion messages was collected when European police hacked the encrypted phone provider Sky. Initially, this data was instrumental in numerous drug trafficking cases across Europe. However, recent court documents reveal that U.S. authorities are now utilizing this information to prosecute individuals involved in large-scale drug smuggling operations, particularly those using maritime routes to transport cocaine.

One of the significant cases involves Milos Radonjic, a Montenegrin national accused of conspiring to smuggle over two tons of cocaine into the U.S. and Europe using commercial vessels. Court records indicate that Radonjic and his associates used various encrypted messaging apps, including Sky, to coordinate their illicit activities. The evidence gathered from Sky messages includes detailed discussions about narcotics trafficking, images of ships used for smuggling, and geolocation data. These messages have provided critical evidence linking Radonjic to the smuggling operation, leading to his extradition to the U.S.

The Sky data has not only implicated Radonjic but has also played a role in other high-profile cases in the U.S. For example, former heavyweight boxer Goran Gogic has been charged with smuggling over $1 billion worth of cocaine using commercial container ships. Evidence from Sky messages has also linked Gogic to attempted murders of informants, further solidifying the importance of the encrypted chat data in building cases against organized crime figures.

This use of hacked encrypted communications illustrates a shift in law enforcement's approach to tackling organized crime. By gaining access to what criminals once considered secure channels, authorities have uncovered a wealth of information that has led to numerous arrests and prosecutions. As more cases emerge, the impact of the Sky data on both U.S. and global law enforcement efforts continues to grow.

?

2.??Configuration Error at FlightAware Exposes Sensitive Customer Data

Flight tracking service FlightAware recently disclosed that a configuration error led to the exposure of sensitive customer information, including Social Security numbers. The company, known for aggregating vast amounts of flight data, discovered the issue on July 25, 2024. According to a notice on its website, the error compromised various personal details, including names, email addresses, billing and shipping addresses, telephone numbers, and more. Depending on the information customers provided, data such as social media accounts, pilot status, and even the last four digits of credit card numbers were also exposed.

In a filing with California’s attorney general, FlightAware revealed that passwords and Social Security numbers were among the compromised data. As a precaution, the company is requiring all affected users to reset their passwords, though it has not specified whether these passwords were encrypted or scrambled. The breach reportedly dates back as far as January 2021, raising concerns about the potential long-term exposure of sensitive information.

Despite acknowledging the breach, FlightAware has not confirmed whether any of the exposed data was accessed or downloaded by unauthorized individuals. The company’s description of the incident as a "configuration error" suggests it may have been an internal mistake rather than the result of a targeted cyberattack. However, with over 10 million monthly users, the extent of the breach and the number of affected individuals remain unclear.

FlightAware has faced questions regarding the breach, but spokesperson Kathleen Bangs has not provided further details or clarified the scope of the issue. As the investigation continues, the company is urging all users to take steps to secure their accounts.

3.??Halliburton Takes Systems Offline After Major Cyberattack

Oil field services giant Halliburton recently experienced a cyberattack that forced the company to take certain systems offline to protect its operations. The breach, which occurred on Wednesday, impacted Halliburton's headquarters in Houston and prompted an immediate investigation. According to an 8-K report submitted to the Securities and Exchange Commission (SEC), hackers managed to access some of the company's systems. In response, Halliburton has engaged contractors to assist with the investigation and restoration efforts.

Charles Geer, Halliburton's vice president, stated that the company has proactively taken measures to safeguard its systems and has notified law enforcement about the incident. As the investigation continues, Halliburton is working to restore its systems and assess the potential impact of the breach. The company is also keeping its customers and stakeholders informed about the situation.

While the exact nature of the cyberattack remains unclear, reports indicate that some Halliburton employees were advised not to connect to the internal network as a precaution. As of Friday, no group has claimed responsibility for the attack. This incident is the latest in a series of cyberattacks targeting the oil and gas industry, which has become a frequent target for hackers and ransomware groups.

In response to the growing threat of cyberattacks on critical infrastructure, global leaders have committed to strengthening cybersecurity measures within the energy sector. Recent regulations by the Transportation Security Administration (TSA) require operators of hazardous liquid and natural gas pipelines to implement comprehensive cybersecurity protocols, including incident response plans and vulnerability assessments. These measures aim to protect vital energy systems from future attacks.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about