Infosec Monitor: No. 13
No. 13, January 26, 2024
Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.
In this week's edition of the Infosec Monitor?— MS and HPE hacked by same Russian group, everyone is concerned about AI’s impact on cybersecurity, and lots more.
News
Consensus growing for narrower UN cybercrime treaty
Final negotiations are underway for a UN Cybercrime Treaty. The U.S. advocates for a narrower version focused on "cyber dependent crimes," contrasting with Russia and allies who want a broader scope. The current draft, criticized for potentially criminalizing cybersecurity research and overlooking human rights, has sparked strong pushback from tech giants and human rights organizations. They argue it could lead to abuses and call for a focused approach, solely tackling cybercrime. The U.S. emphasizes the need for human rights protections and is concerned about obligations on internet service providers to hand over customer data internationally. Efforts are underway to amend the treaty with stronger human rights language and safeguards, led by countries like New Zealand and Canada, and supported by the U.S. The Record
VexTrio — the Uber of cybercrime
“The threat actors behind ClearFake, SocGholish, and dozens of other actors have established partnerships with another entity known as?VexTrio?as part of a massive "criminal affiliate program," new findings from Infoblox reveal.” The Hacker News
Can critical infrastructure learn from the US Navy on how to protect itself?
An interesting take on what the US Navy does to protect itself (digital twins, event prediction, cloud computing, etc.). The only problem with this take is that the US’s critical infrastructure isn’t run by one entity. Instead, it’s run by hundreds of independent companies. Still, worth considering. CSO Online
UK publishes “Cyber Governance Code of Practice” call for review
The UK government calls on business leaders to strengthen their cybersecurity measures, echoing the increasing severity and frequency of cyberattacks. A government survey revealed a lack of sufficient director involvement in cybersecurity, with only 30% of businesses having board members responsible for this area. A draft Code of Practice has been published to guide senior executives in enhancing cyber resilience. The government emphasizes the need for comprehensive plans to respond to and recover from cyber incidents. Although the code remains voluntary, it supports existing regulatory obligations like GDPR and NIS. The Record Gov.UK
SEC’s X (Twitter) account was hacked using a SIM swapping attack Bleeping Computer
Get The Infosec Monitor every Friday in your inbox
This newsletter is also published on Substack you can subscribe here. https://infosecmonitor.substack.com
AI & Security
Australia releases “Engaging with Artificial Intelligence (AI)”
“The paper summarises some important threats related to AI systems and prompts organizations to consider steps they can take to engage with AI while managing risk. It provides mitigations to assist both organizations that use self-hosted and third-party hosted AI systems.” The paper was developed with ten other nations, including the US, Germany, UK, and Japan. Cyber.Gov.AU
Discussion on the dark web about the illegal use of ChatGPT on the rise
In what should surprise no one, Kaspersky's Digital Footprint Intelligence service has identified a significant increase in Dark Web discussions about the illegal use of ChatGPT and other large language models. These discussions, totaling nearly 3,000 posts, primarily focus on developing malicious chatbots like FraudGPT, processing stolen data, and crafting malware. Additionally, the Dark Web has seen a surge in posts (around 3,000) about the sale of stolen ChatGPT accounts.Dark Reading
Gen AI backed cyberattacks are increasing remediation costs
A study by the Ponemon Institute for Barracuda reveals a significant rise in sophisticated and severe cyberattacks in 2023, many leveraging generative AI. These advanced attacks have increased the time and resources needed for remediation, pushing the average annual cost to $5.34 million (up from $2.98 million). The report highlights concerns about generative AI, with half of the respondents believing it can increase the frequency of attacks and only 39% feeling their security infrastructure is prepared for such AI-powered threats. CSO Online
Prompt injection, prompt extraction, new phishing schemes, and poisoned models are the most likely risks organizations face when using large language models. CSO Online
UK's National Cyber Security Centre (NCSC) warns about AI's potential to empower cyber threats
The NCSC points to emerging AI services like WormGPT, designed to assist criminal activities. The agency expects AI to augment existing cyberattack methods rather than create new ones, with varying benefits depending on the attackers' skill levels. Sophisticated threat actors could use AI to develop evasive malware, while intermediate and less skilled hackers could see improvements in reconnaissance and social engineering. Bleeping Computer
Cyber Security Incidents
领英推荐
Microsoft and HPE were both hacked by the same Russian group
Microsoft and Hewlett Packard Enterprise (HPE) have both fallen victim to cyberattacks by the Russian hacking group Nobelium, also known as Midnight Blizzard, APT29, or Cozy Bear. Nobelium, linked to Russia's Foreign Intelligence Service, used a password spray attack to compromise legacy accounts at Microsoft, gaining access to a small percentage of corporate email accounts, including those of senior leaders. In a similar vein, HPE's cloud-based email environment was breached, leading to the exfiltration of data from a small percentage of mailboxes. The connection between the HPE and Microsoft incidents remains unclear.
Microsoft is warning that other organizations are being targeted as well. The Hacker News
Two water companies, one in US one in the UK hit by ransomware
Veolia North America and Southern Water in the UK have both been targeted in ransomware attacks. Veolia's backend systems were disrupted, but water treatment operations remained unaffected. A limited number of individuals' personal data may have been compromised. Southern Water was attacked by the Black Basta group, who claim to have stolen 750 GB of data, including personal information. Southern Water confirms no impact on customer or financial systems. These incidents reflect a growing trend of cyberattacks on Western water facilities. Security Week
Trello API Exploited
An exposed Trello API has been exploited to link private email addresses with public Trello profiles, creating data profiles for about 15 million members. This breach, publicized when a user named 'emo' tried to sell the data on a hacking forum, involved using a Trello API endpoint that allowed querying public profile information using email addresses. The data primarily consists of public information, and linking it with private emails increases its potential for harm, such as targeted phishing attacks. This leak is reminiscent of a similar incident with Twitter in 2021, where an API bug led to the leak of over 200 million profiles.Bleeping Computer
More Ukrainian critical infrastructure hit by cyberattacks
Ukraine's critical infrastructure has been hit by several cyberattacks, affecting state-owned companies, including a major oil and gas company employing 100,000 people, which experienced a data center attack, leading to the shutdown of its website and call centers. Ukrposhta, the national postal service provider, faced disruptions due to an attack on its partners' information infrastructure but has since restored vital services. The transport safety agency DSBT reported attacks disrupting its border crossing and cargo delivery system—additionally, Ukrzaliznytsia, the state railway, experienced service interruptions. A Russian cyber group claimed responsibility for the DSBT attack. The Record
Loan Depot breach impact is now up to 16.6 million people Bleeping Computer
Jason’s Deli hit by credential stuffing attack impacting 344,034 customers SC Magazine
Subway is investigating claims by LockBit that it has exfiltrated Subway’s data Dark Reading
Colorado, Pennsylvania, and Missouri local governments are all facing ransomware attacks The Record
BuyGoods.com has 198GB of data exposed by misconfiguration SC Magazine
WordPress site are being targeted (again) with vulnerability to a database plugin installed on 1 million sites Bleeping Computer
Data & Research
What makes a ransom more likely to be paid?
Researchers from the University of Twente analyzed 481 ransomware attacks to understand what influences victims' decisions to pay ransoms. They found that data exfiltration increases the likelihood of payment (40% vs. 25%) and the average ransom amount (€1.2 million vs. €89,407). Organizations with recoverable backups are 27.4 times less likely to pay, while those consulting incident response companies are more inclined to pay. Insurance coverage and the victim's yearly revenue also significantly impact the ransom amount. Help Net Security
Are long passwords, not the holy grail?
Research by Specops Software shares this interesting data on long passwords:
It’s almost like passwords alone are not good enough. /s Help Net Security
Cybersecurity Mergers, Acquisitions, and Funding
Clerk raises $30 million in Series B TechCrunch
Silverfort raises $116M in Series D CTech
Snyk and Cato Networks are looking to IPO The Information
Help the Infosec Monitor grow, please share this if you enjoyed it!
This newsletter is also published on Substack you can subscribe here. https://infosecmonitor.substack.com