Infosec Monitor: No. 35
No. 35, June 28, 2024
Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.
In this week's edition of the Infosec Monitor?— LockBit hits the Federal Reserve, a new MoveIt critical but, and new malware increased by 40% in Q1.
Get The Infosec Monitor every Friday in your inbox
Subscribe ???https://infosecmonitor.beehiiv.com
Highlight of the Week
LockBit claims Federal Reserve data breach, demands ransom
LockBit claims to have stolen 33TB of sensitive banking data from the Federal Reserve, demanding a ransom by June 25. This would be one of the largest banking hacks in US history if confirmed. The Federal Reserve has not confirmed the breach but is reportedly negotiating with LockBit, with the FBI declining to comment. CSO Online SC Magazine
News
Chinese hackers use ransomware as cover for espionage against Brazil and India
Chinese government hackers, notably the ChamelGang group, are increasingly using ransomware to disguise espionage. Recent attacks targeted Brazil’s presidential office and India’s AIIMS. Researchers warn that misattributing these cyberespionage acts as cybercriminal operations can lead to strategic intelligence gaps and poor risk assessment. The Record
MoveIt again, Progress Software elevates MoveIt bug severity amid hacker attempts
Progress Software has raised the severity of a new MOVEit vulnerability (CVE-2024-5806) to "critical," urging immediate patching as hacker attempts spike. The flaw, found in a third-party component, allows unauthorized data access. Despite no reported exploits yet, increased activity has been observed, affecting thousands globally. Dark Reading The Record
Polyfill.io shut down for malware; reopens despite security warnings
Polyfill.io shut down for distributing malware on 100,000+ sites. Owners claim defamation and relaunch on polyfill.com , but Cloudflare and Sansec confirm ongoing risks. Google warns advertisers, urging them to avoid Polyfill's CDN. Security experts recommend using alternatives like Cloudflare and Fastly. Bleeping Computer
CDK Global cyberattack disrupts car dealers, full recovery by June 30
CDK Global is restoring services after a cyberattack disrupted operations for many of its 15,000 car dealership customers. Full recovery is expected by June 30. The BlackSuit ransomware gang is suspected, and major dealers have reported impacts to the SEC. Cybersecurity Drive Axios
Indonesia refuses to pay $8 million ransom after cyberattack on national data center. SecurityWeek
U.S. offers $10 million reward for WhisperGate malware suspect. Help Net Security
AI & Security
Microsoft warns of 'Skeleton Key' jailbreak affecting AI models
Microsoft warns of a new AI jailbreak attack named "Skeleton Key" that can trick generative AI models into ignoring safety guardrails, producing harmful content. The attack affects multiple models from major AI providers. Microsoft has implemented countermeasures and advises continuous vigilance and collaboration to protect against evolving threats. CSO Online
DHS hires first 10 members of AI Corps to boost capabilities
DHS has hired the first 10 members of its new 50-person AI Corps to enhance capabilities in areas like cybersecurity and combating online child exploitation. Over 3,000 applied, reflecting high interest. Members include experts from government, Big Tech, startups, and research. Axios
Is the cybersecurity industry ready for AI? Cybersecurity Dive
Cybersecurity Incidents
WebRecon data leak exposes 150M records
WebRecon leaked over 150 million records, including lawsuit histories, due to a missing password on their MongoDB database. Discovered by Cybernews, the leak risks identity theft and targeted scams, raising concerns about WebRecon's data security. Cybernews
China-sponsored phishing attacks compromise 40,000 corporate users in 90 days
China-sponsored attackers have compromised over 40,000 corporate users through sophisticated credential-phishing campaigns in 90 days. Utilizing advanced evasion tactics like bypassing MFA and URL filtering, these campaigns—LegalQloud, Eqooqp, and Boomer—pose significant threats to various industries and national security. Dark Reading
Designed Receivable Solutions data breach impacts 585K
Healthcare revenue cycle provider Designed Receivable Solutions reported a data breach impacting 585,000 people, with compromised data including sensitive health and personal information. Impacted individuals are being notified and offered 12 months of free identity protection services. No cybercrime group has claimed responsibility. SecurityWeek
Cyberattack hits Croatia’s largest hospital, slows patient processing
Croatia's largest hospital, KBC Zagreb, faces a cyberattack, slowing patient processing. No data breaches reported yet. Unclear if linked to recent DDoS attacks by pro-Russian group NoName057(16) on Croatian institutions. Help Net Security
Australia’s Ticketek breached, affecting 30M users
ShinyHunters breached Ticketek Australia, exposing data of 30 million users through a third-party cloud provider. No accounts or payment info were affected. This mirrors the recent Ticketmaster breach involving Snowflake accounts. Ticketek hasn't confirmed the cloud provider or culprit
South Africa’s health lab hit by ransomware during mpox outbreak
South Africa's National Health Laboratory Service faced a ransomware attack that crippled system operations during a mpox outbreak. With systems down, lab results are manually communicated. Hackers deleted backups, necessitating a system rebuild. The Record
Former Nuance employee breaches Geisinger patient data
A former Nuance Communications employee stole sensitive data of over a million Geisinger patients, including personal and healthcare information. Geisinger and Nuance have taken measures to address the breach, and the ex-employee is now facing federal charges. CSO Online
Supply chain attack targets WordPress plug-ins, creating unauthorized admin accounts
A supply chain attack on WordPress.org has compromised multiple plug-ins, including Social Warfare, creating unauthorized admin accounts and injecting SEO spam. Dark Reading Help Net Security
领英推荐
Evolve Bank & Trust confirms data breach affecting customers and fintech partners
Evolve Bank & Trust confirmed a data breach by the LockBit ransomware gang, exposing personal information on the dark web. The breach impacts Evolve’s retail customers and fintech partners. Debit cards and digital banking credentials are unaffected. Evolve is providing free credit monitoring and new account numbers for some customers. The Record
LA County DHS data breach impacts 47,000 individuals
LA County DHS suffered a data breach affecting 47,000 people due to a push notification spamming attack on an employee’s Microsoft 365 account. Compromised data includes personal and medical information. DHS has taken corrective measures and is offering affected individuals free identity monitoring for one year. SecurityWeek
Hacker selling 30M TEG customer records, Ticketek breach confirmed
A hacker is selling 30M TEG customer records, including names, birthdates, and emails. TEG's Ticketek confirmed a recent data breach, but passwords are encrypted. Suspected cloud provider Snowflake denies platform breaches. TechCrunch
Levi Strauss reports credential stuffing attack affecting 72K accounts
Levi Strauss reported a credential stuffing attack affecting 72,000 customer accounts. Exposed data includes personal details and partial payment card information. The company has reset passwords and advised users to select unique ones. SC Magazine
New Caesar Cipher Skimmer Targets WordPress, Magento, and OpenCart Sites
A new credit card skimmer, "Caesar Cipher Skimmer," is targeting WordPress, Magento, and OpenCart sites, modifying checkout files and mimicking Google services to steal payment info. It uses Caesar cipher encoding and PHP scripts disguised as style sheets. Russian comments in the code suggest the involvement of Russian-speaking threat actors. The Hacker News
AU10TIX exposed personal user info for 18 months, affecting X and TikTok
AU10TIX, an identity verification firm, exposed user data online for 18 months. The leak, affecting major app users, included personal documents and biometrics. Leaked credentials, due to malware, were found on Telegram. AU10TIX's claim of resolving the issue was false. Dark Reading
Hackers steal $2 million from CoinStats wallets, linked to North Korean Lazarus Group
Hackers stole over $2 million from 1,590 CoinStats wallets, attributed to North Korea’s Lazarus Group. Only wallets created within CoinStats were affected. CoinStats resumed activity with limited functionalities and is investigating further. Some users received phishing messages prior to the hack. SecurityWeek
LivaNova USA data breach impacts 130,000
Medical device maker LivaNova USA reported a data breach affecting 130,000 individuals, discovered in November 2023. The LockBit ransomware gang claimed responsibility, stealing 2.2 terabytes of data. Compromised information includes personal and medical details. LivaNova is providing two years of identity protection and credit monitoring, and incurred $2.6 million in costs due to the breach. SecurityWeek
JAXA targeted in multiple cyberattacks, sensitive data unaffected
Japanese space agency JAXA has faced multiple cyberattacks since last year, with hackers targeting general business operations and possibly breaching communications with external partners. Sensitive data on rockets and satellites remain unaffected. Investigations and preventive measures are underway as Japan faces increased cyber threats, particularly from China. The Record
Neiman Marcus says 64,000 affected by breach of Snowflake customer account. The Record
Nearly 150,000 ASUS routers exposed to critical vulnerability. Cybersecurity Dive
Interesting Reads
Google disrupts over 10,000 DRAGONBRIDGE activities in Q1 2024
Google's Threat Analysis Group disrupted over 10,000 instances of PRC-linked DRAGONBRIDGE activity in Q1 2024. Despite high content production, DRAGONBRIDGE sees minimal authentic engagement. They increasingly use AI to create spammy content pushing pro-PRC views and targeting US social issues, Taiwan, and major news events. Google
Companies boost cyber defense to lower insurance premiums, yet gaps remain in coverage
Three-quarters of companies invest in cyber defense to qualify for better cyber insurance terms. Despite this, ransomware recovery costs averaging $2.73 million per incident still exceed insurance payouts. Insurance providers link premiums to maintained defense standards, but significant coverage gaps remain. Cybersecurity Dive
Inside the Mind of a CISO: Survey and Analysis SecurityWeek
Why it took the U.S. nearly 10 years to ban a Russian cyber vendor. Axios
CDK Attack: Why Contingency Planning Is Critical for SaaS Customers. Dark Reading
7 open source security tools too good to ignore. CSO Online
Data & Research
New malware increased by 40% in Q1
New malware increased by 40% from January to March, with 60% of attacks targeting critical infrastructure. Commercial enterprises saw a 10% rise in new malware. Most attacks were in the US, exploiting severe vulnerabilities. Active ransomware groups include LockBit and Hunters International. CSO Online
70% of organizations?targeted by BEC attacks in the past year. siliconANGLE
75% of new vulnerabilities exploited within 19 days. Help Net Security
“LockBit attacks saw a massive resurgence in May, increasing by 655% compared to April. LockBit attacks accounted for 37% of all ransomware attacks globally last month.” SiliconANGLE
Cybersecurity Mergers, Acquisitions, and Funding
Acquisitions & Mergers
Jana Partners acquires stake in Rapid 7. siliconANGLE
VC Funding
PortSwigger, maker of BurpSuite, raises $112M in Private Equity round. TechCrunch
Odaseva, enterprise encryption and backups, raises $54M in Series D funding. siliconANGLE
KarmaCheck, background checks, raises $45M in Series B funding. siliconANGLE
AuthZed, permissions management, raises $12M in Series A funding. siliconANGLE
Get The Infosec Monitor every Friday in your inbox
Subscribe ???https://infosecmonitor.beehiiv.com