Infosec Monitor: No. 33
No. 33, June 14, 2024
Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.
In this week's edition of the Infosec Monitor?— Snowflake incident reaches 165 orgs, Microsoft president before congress, and AI being used against cybercriminals.
Get The Infosec Monitor every Friday in your inbox
Subscribe ???https://infosecmonitor.beehiiv.com
Highlight of the Week
Snowflake incident now up to 165 orgs impacted, cloud shared responsibility model under pressure
Snowflake is under scrutiny after attacks on over 165 customer databases, attributed to lack of MFA. The company, which doesn't enforce MFA by default, now plans to mandate advanced security controls. Mandiant linked the breaches to the UNC5537 gang, highlighting the need for stronger default security measures. It should be noted, beyond MFA, there are other controls Snowflake could have deployed. They didn’t appear to notice increased failed logins and login pages were exposed to the general internet instead of using a whitelist for IPs. Cybersecurity Dive TechCrunch CSO Online AxiosThe Hacker News
News
Microsoft President urges cyberattack “red lines” in congress testimony
Microsoft President Brad Smith testified before Congress, urging "red lines" and consequences for nation-state cyberattacks. While accepting responsibility for a recent breach, he criticized the impartiality of the review board. Smith promised updates on cybersecurity measures and faced questions on AI, deepfakes, and the controversial Recall feature. The Record
Canadian and UK privacy regulators probe 23andMe data breach
Canadian and UK privacy regulators are jointly investigating a data breach at 23andMe, affecting 5 million users. The probe will assess data protection adequacy and regulatory compliance. The breach, discovered in October 2023, mostly impacted individuals of Ashkenazi Jewish and Chinese ancestry. U.S. federal investigation status is unclear. The Record
Russian hackers target Paris Olympics with disinformation campaigns
Russian hackers, including teams Storm-1679 and Storm-1099, are targeting the Paris Olympics with disinformation campaigns. Other threats include ransomware, espionage from China, North Korea, and Iran, and phishing attacks. France is boosting cybersecurity efforts with help from U.S. experts. The Russian Embassy denies involvement. Axios
London hospitals seek urgent blood donations after ransomware attack
London hospitals face a blood shortage after a ransomware attack on Synnovis by the Qilin group disrupted operations. Non-urgent procedures are canceled, and O Negative and O Positive blood reserves are low due to the inability to match blood types quickly. Bleeping Computer
AI & Security
AI chatbots extract cybercriminal financial data across 600 institutions in 73 countries
Netcraft’s ChatGPT-based chatbots have successfully extracted financial data from cybercriminals, revealing bank accounts in over 600 institutions across 73 countries. Dark Reading
The growing threat of AI system poisoning
AI system poisoning is a growing cybersecurity threat as AI use expands. NIST warns of four main attack types that can corrupt AI models. Both external hackers and insiders can execute these attacks, often targeting tech companies. Organizations need robust, multilayered defenses and improved AI security expertise to mitigate these risks effectively. CSO Online
Cybersecurity Incidents
Frontier Communications discloses cyberattack exposing 751,000 people's data
Frontier Communications disclosed a cyberattack in April exposing data of over 751,000 people. The RansomHub group claimed responsibility, suggesting more data was compromised. Detected on April 14, the breach disrupted Frontier's IT network but is not expected to impact financial results. Cybersecurity Dive
Chinese hackers compromise 20,000 FortiGate appliances worldwide
Chinese state-sponsored hackers exploited a zero-day vulnerability in Fortinet’s FortiGate appliances, compromising 20,000 systems globally, including Western governments and defense companies. The Coathanger malware, capable of persisting through reboots and updates, remains a significant threat. Help Net Security
New York Times source code and data leaked on 4chan
New York Times' source code and data were leaked on 4chan after a GitHub token breach. The 273GB data archive, stolen in January 2024, includes IT documentation and the Wordle game. No internal systems were impacted. This follows another leak involving Disney’s Club Penguin data. Bleeping Computer
Cyber incident forces Cleveland to shut down city hall
Cleveland has shut down its City Hall due to a cyber incident. Essential services like police and 911 remain operational, while internal systems are offline. No word yet on the cause of incident. The Record
Ransomware attacks disrupt Traverse City and Newburgh services
Ransomware attacks hit Traverse City, MI, and Newburgh, NY, disrupting city services and closing facilities. Emergency services are unaffected. Traverse City's networks are offline; Newburgh's City Hall is closed. The Record
Arlington, MA loses $445K in email scam
A cyberattack cost Arlington, MA, $445K in a business email compromise scam. Hackers impersonated a vendor for a school project. The town recovered $3K, and the loss won't affect the project's timeline. FBI reports show rising BEC scams, with $2.9B lost in 2023. Statescoop.com
Hacker attempts extortion after Tile data breach at Life360
Life360 faced an extortion attempt after a hacker breached Tile's customer support platform, accessing user data but not sensitive information like passwords or credit cards. The breach likely used stolen credentials from a former Tile employee. Bleeping Computer
Truist bank confirms october 2023 data breach affecting 65,000 employees
Truist Bank confirmed a breach in October 2023 after data appeared on a hacking forum. The data includes information on 65,000 employees and bank transactions. Bleeping Computer
GitHub phishing campaign wipes repos, extorts victims
GitHub users are being targeted in a phishing campaign using malicious OAuth apps to wipe repositories and extort victims. Attackers tag usernames, triggering legitimate-looking emails. If OAuth requests are approved, repos are wiped, and victims are extorted via Telegram. GitHub is addressing the issue and advising preventive measures. SC Magazine
Kulicke and Soffa confirms data theft in revised SEC filing, 200TB of data stolen. Cybernews
Crypto platform UwU Lend dealing with $20 million theft. The Record
Interesting Reads
Telecom, media, and tech companies lead in cybersecurity spending and governance
Telecom, media, and tech companies excel in cybersecurity, doubling their spending to 10% of tech budgets. They face high cyber risks, with robust governance and vendor risk practices. Notable breaches include T-Mobile and Microsoft. Cybersecurity Dive
Cybersecurity's critical role in mergers and acquisitions
Ignoring cybersecurity in M&A can lead to severe consequences. Smaller companies are often more vulnerable, but awareness is growing. By 2025, 60% of M&As will prioritize cybersecurity. CISOs should focus on technology, governance, third-party risks, and opportunistic and dormant threats. Cyber risks can also impact deal valuations. CSO Online
The Ascension hack was caused by an employee downloading a malicious file. Bleeping Computer
Pakistani hackers target Indian government with Android malware for six years. The Record
Biometric terminal vulnerabilities uncovered Dark Reading
11 times the US government got hacked in 2023 CSO Online
Tech execs hold cybersecurity budgets, risking misalignment. Cybersecurity Dive
Data & Research
“Cyber-insurance claims reached record highs in 2023 with over 1,800 cyber claims from US and Canada.” Dark Reading
VSCode extensions with malicious code installed 229M times. SC Magazine
Cybersecurity Mergers, Acquisitions, and Funding
Acquisitions & Mergers
Lacework to be acquired by Fortinet for an undisclosed sum. Security Week
VC Funding
Cyberhaven, data security, raises $88M in Series C funding. Security Week
Xona, OT zero trust, raises $18M in Venture round. Security Week
Pyte, secure data collaboration, raises $5M in Venture round. Security Week
Get The Infosec Monitor every Friday in your inbox
Subscribe ???https://infosecmonitor.beehiiv.com