Cybersecurity Roundup for August–September 2024
Peterson Technology Partners
25+ years of expert consulting and recruiting success. We guarantee innovative solutions and exceptional results.
“There appears to have been a data security incident that may have involved some of your personal information.”
This is background-check provider National Public Data finally admitting to a hack of their system starting in late December of last year, with leaks in April and this summer. But word first broke through Bloomberg, from a class action suit about the breach.
What’s at stake is 2.9 billion records of stolen data that supposedly contain information from the entire population of the US, Canada, and more. This includes email addresses, home addresses, names, social security numbers, and other personal information—at least some of which has been verified to be accurate, but it may not all be reliable.
This is just the latest in the seemingly endless cascade of user data flowing from the Internet to criminals who are working to profit from it. And while we’ve often covered businesses losing customer data, this comes from a data aggregator who gathered it themselves from other sources.
In this week’s cybersecurity roundup for August and September, we look at: the big breaches and changes in ransomware attacks in 2024, new attack types, a survey of corporate readiness, and what’s brewing in international cybercrime.
With so many cybersecurity threats and attack surfaces available, let us help you keep up with the cyberattack news as we close out the summer of 2024!
Ransomware/Breaches?
In a profile of security consultant Troy Hunt’s popular website Have I Been Pwned?, Scientific American writer Ben Guarino references stunning statistics: the website has more than 6 billion unique email addresses, and each account has been breached, on average, twice. This site allows users to enter email addresses to check exposure, a service that is increasingly in need with each passing month.
And while that stat may be mind-boggling, results from a recent study by the University of Minnesota are more heartbreaking, finding that hospitals that experience severe ransomware attacks witness an increased mortality rate between 36–55%, which is even higher for patients of color (62–73%).?
Overall, ransomware attacks by volume have been down, but by the ransoms demanded (and paid) they’ve been way up, showing that attackers are focusing on fewer, bigger targets, many of which, unfortunately, are in healthcare.
These numbers climb daily—since we built the visuals above just days ago, attacks this month climbed to 268, with the known, data-leaking ransomware attacks up to 3,534 at the time of publication.
Ransomware attackers have new toolsets to draw on, too, with the FBI and CISA putting out an advisory on RansomHub, a new ransomware-as-a-service (RaaS) provider with an array of options (phishing, password brute force attacks, more than nine known exploits in internet-facing systems, credentials dumping, lateral movement, and at least seven tools for exfiltrating data, from PuTTY to WinSCP to AWS S3 tools). According to the Cybernews, RansomHub claims one victim every day on average.
Significant data breaches hitting the news in August and September 2024 include:
On Attack Types and Readiness?
In addition to the proliferation of methods we’re familiar with, cybersecurity awareness must always extend to the ever-growing new (or updated/amalgamated) forms of attack, repurposing techniques used by the private sector.
Google’s Threat Analysis Group (TAG) in August profiled a specific form of watering hole attack from Russia’s Cozy Bear gang that mimics tools used by commercial spyware vendors Intellexa and NSO. If a vulnerable device even just loads an infected website, it can be hacked, taking advantage of unpatched devices.?
Another example (profiled in depth by Seguranca Informatica in late August) uses Microsoft Office documents (Word or Excel), well disguised as financial reports. Once opened, VBA macros write a DLL to disk which, once in memory, downloads a BAT file from server (along with private key) to open an SSH backdoor. It executes a Cobalt Strike beacon through legitimate Windows processes, allowing it to keep control and stay hidden.?
Speaking of Windows, at the Black Hat security conference in early August, researchers from SafeBreach revealed a vulnerability that could allow hackers to roll back your version of the OS, exposing old vulnerabilities including even the capacity to take control of the machine. Microsoft has acknowledged the flaw and is working on the fix now.??
Popular website-crafting service WordPress has suffered a vulnerability from yet another widely used plugin (WPML, for multilingual sites). According to Cybernews, this is the third WordPress plugin needing an urgent update in just the last two weeks. A patch was released in August, but the vulnerability extended to over a million websites worldwide.?
[For more on WordPress and alternative website solutions, check out this edition of The PTP Report.]
In terms of readiness, the Cybernews Business Digital Index of 1000 global companies (financial and healthcare sectors) was released in September, with 63% of those examined receiving a D rating and 40% an F. Only 11% received an A, with common the most common issues being:?
Making matters worse, they found that 35% have high-risk vulnerabilities, with 49% having employees still reusing compromised passwords.
International/Governance Corner?
In addition to the Port of Seattle (see above), Check Point Research determined that US utilities are dealing with more than a 70% increase in cyberattacks this year, showing the surging threat to infrastructure. So far these haven’t yet crippled systems at scale, but the possibility remains from a sufficiently coordinated strike.?
With elections occurring all over the world in 2024, attacks and misinformation have been rampant, and the US is no exception, with them occurring to both candidates and from a wide variety of nations, including waves of Russian cyberattacks, as well as China, Iran, and North Korea.
领英推荐
North Korea also made cybersecurity news for fake job-themed lures looking to plant malware on the machines of workers in aerospace and energy. Posing as recruiters from major companies, they deliver the malware via PDF (supposedly containing job descriptions) or even online coding challenges. They frequently use existing job descriptions but tailor them to perfectly fit the desired target.?
This joins with approaches we covered previously that work in the reverse, with agents looking to get hired by security vendors. Once hired, they immediately turn around and hack their new company.
Conclusion?
There’s much more to report on than we even have the space for, including cybersecurity regulations, the US prisoner exchange with Russia that included (for the first time) hackers, and law enforcement successes with Chinese hacking groups the Ghost cybercrime platform.
It’s no surprise that profits are surging for many cybersecurity firms, too, with companies like Avast, Datadog, Palo Alto Networks, and Fortinet beating financial estimates over the period.?
But showing the scale and reach of these ongoing attacks, even Fortinet was breached, confirming in September a leak of some 440GB of customer data from a shared third-party cloud drive after they declined to pay a ransom.?
This concludes our coverage for now, but if you have need of cybersecurity experts, or are game to join the fight yourself, contact PTP for onsite or remote consultants!
You can also catch up on our prior bi-monthly roundups here:
References?
Security Incident, National Public Data
What Giant Data Breaches Mean for You, Scientific American
NationalPublicData.com Hack Exposes a Nation’s Data, Krebs on Security
#StopRansomware: RansomHub Ransomware, CISA?
Ransomware newcomer RansomHub claiming one victim per day, Cybernews
2 TB of Sensitive “ServiceBridge” Records Exposed in Cloud Misconfiguration, HackRead
Port of Seattle says August cyberattack was Rhysida ransomware, CSO
Leaked Disney data reveals financial and strategy secrets, WSJ reports, Reuters
Halliburton confirms data was stolen in ongoing cyberattack, TechCrunch
State-backed attackers and commercial surveillance vendors repeatedly use the same exploits, Google TAG Updates
A Flaw in Windows Update Opens the Door to Zombie Exploits, Wired
Microsoft warns of ransomware attacks on US healthcare, CSO
Cybernews Business Digital Index reveals major shortcomings in corporate customer data security, Cybernews
Cyberattacks on US utilities surged 70% this year, says Check Point, Reuters
North Korean Hackers Lure Critical Infrastructure Employees With Fake Jobs, Security Week
Fortinet confirms breach that likely leaked 440GB of customer data, CSO
- Doug McCord
(Staff Writer)
Check out other articles from PTP on CyberSecurity and? AI?
Get the latest updates on recruiting trends, job market, and IT, and expert advice on hiring and job seeking at The PTP Report?