Cyber Intelligence Weekly: The 3 New Ideas You Need to Know this Week (Issue 153 – August 11, 2024)

Dear Friends and Colleagues,

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Before we get started on this week’s CIW, I’d like to highlight our Microsoft 365 Security Assessment. Is your Microsoft 365 truly secure? Uncover hidden threats and protect your critical data with our expert assessment. We reveal vulnerabilities like over-exposed content and insecure configurations, providing actionable guidance to prioritize risks and optimize your security. Our streamlined process ensures minimal disruption. Contact us today to secure your Microsoft 365 environment. https://lnkd.in/ehkmMS-B

Away we go!

1.?Trump Campaign Confirms Hack, Suspects Iranian Involvement

The campaign of former President Donald Trump acknowledged on Saturday that it had been hacked, following the receipt of internal communications by POLITICO from an anonymous source. The documents were reportedly provided by someone identifying themselves only as "Robert," who used an AOL email account to relay what appeared to be sensitive campaign materials, including a research dossier on Ohio Sen. JD Vance, Trump’s vice-presidential running mate.

The Trump campaign suggested that the hack may have been carried out by Iranian cybercriminals, citing a recent Microsoft report that identified a spear-phishing attempt against a senior official in a U.S. presidential campaign. Although Microsoft did not confirm which campaign was targeted, Trump’s team implied a connection between the reported cyber activity and their own breach. The campaign described the hack as a serious breach of security, potentially aimed at disrupting the 2024 election.

The extent of the information obtained by the hacker remains unclear, but the incident has drawn comparisons to the 2016 Democratic National Committee hack, which exposed embarrassing internal communications and was later attributed to Russian operatives. The Trump campaign’s spokesperson, Steven Cheung, declined to provide further details about the investigation or confirm if they had engaged with Microsoft or law enforcement regarding the breach.

This incident underscores the ongoing threat of foreign interference in U.S. elections, with the Trump campaign pointing to recent intelligence suggesting that Iran may be seeking to retaliate against Trump for his role in the 2020 assassination of Iranian military officer Qassem Soleimani. While the connection between this hack and broader geopolitical tensions remains speculative, the breach adds another layer of complexity to the already fraught 2024 election landscape.

2.?NHS Software Supplier Faces ￡6 Million Fine for Ransomware Attack Failings

Advanced, a UK-based IT service provider for the National Health Service (NHS), is facing a substantial fine of over ￡6 million ($7.6 million) following a significant ransomware attack in August 2022. The attack, which severely disrupted NHS services, exposed the personal data of nearly 83,000 individuals, including sensitive information like phone numbers and medical records.

The UK’s Information Commissioner’s Office (ICO) announced its provisional decision to fine Advanced ￡6.09 million, citing serious lapses in the company’s information security measures. The ransomware group, reportedly linked to the LockBit scheme, gained access to Advanced’s health and care systems through a customer account that lacked multi-factor authentication, a basic yet critical security measure. The breach also included details on how to access the homes of nearly 900 individuals receiving at-home care, further exacerbating the severity of the incident.

The ransomware attack had far-reaching consequences, notably crippling the NHS 111 service, which is essential for triaging urgent but non-emergency medical calls across the UK. The attack forced healthcare professionals to revert to manual processes, leading to significant delays and concerns about patient safety. The British government convened a crisis management meeting in response to the widespread disruption caused by the attack.

John Edwards, the UK’s Information Commissioner, criticized Advanced for failing to secure its healthcare systems adequately, despite having implemented some security measures on its corporate networks. He emphasized the importance of robust cybersecurity practices, particularly for organizations handling sensitive health data. The ICO’s decision to publicize the provisional fine is intended to serve as a warning to other organizations to strengthen their security protocols, including the implementation of multi-factor authentication.

3.?Researchers Discover Decades-Old Vulnerability in Major Web Browsers

A critical vulnerability, dubbed "0.0.0.0 day," has been discovered by Israeli cybersecurity firm Oligo Security, affecting major web browsers including Apple’s Safari, Google’s Chrome, and Mozilla’s Firefox. The flaw, rooted in how browsers handle network requests, could potentially allow attackers to bypass normal security measures and access private networks.

The vulnerability arises from the way browsers process queries to the IP address 0.0.0.0, a placeholder used before a real IP address is assigned. Oligo researchers found that attackers could exploit this by redirecting these requests to ‘localhost,’ a typically private address. This loophole could be used to gain unauthorized access to private data, execute remote code, and compromise local networks, affecting development platforms, operating systems, and internal systems.

Oligo reported the issue to major tech companies, and Google has already begun implementing fixes by blocking 0.0.0.0 requests in Chrome, with plans to update Chromium, the open-source platform behind Chrome and other browsers. Apple has also started rolling out changes to mitigate the issue in Safari. However, Mozilla’s Firefox currently lacks an immediate fix, though efforts are underway to address the vulnerability.

To enhance security, Oligo recommends using Private Network Access headers, HTTPS, and cross-site request forgery (CSRF) tokens in web applications, even if they are running locally. These measures can help protect against potential exploits that may arise from this longstanding vulnerability.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about