Infosec Monitor: No. 36
No. 36, July 26, 2024
Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.
(Sorry for the brief hiatus while I was on vacation!)
In this week's edition of the Infosec Monitor?— The Crowdstike outage, data breach victims up 409%, Wiz’s aquisition response.
Get The Infosec Monitor every Friday in your inbox
Subscribe ???https://infosecmonitor.beehiiv.com
Highlight of the Week
CrowdStrike's faulty update crashes 8.5M Windows devices
On July 19, 2024, a CrowdStrike update caused millions of Windows devices to crash globally. The faulty update, meant to enhance threat detection, led to out-of-bounds memory read errors, resulting in system crashes. CrowdStrike's CEO quickly apologized, and the company has since improved its testing processes to prevent future incidents. The RecordDark Reading
Fortune 500 lost an estimated $5.4B in Crowdstrike outage. Axios
Crowdstrike meltdown highlights IT’s weakest link: Too much administration. CSO Online
News
TracFone settles with FCC for $16M over data breaches, enhances security measures
TracFone Wireless will pay a $16 million civil penalty to the FCC over three data breaches from 2021-2023, compromising customer data. Incidents involved API exploitation and order website vulnerabilities. TracFone will also enhance security measures, including API vulnerability reduction, SIM protection, annual assessments, and employee training. SecurityWeek
Meta shuts down 63,000 Nigerian Instagram sextortion accounts
Meta shut down 63,000 Instagram accounts and thousands more on Facebook linked to sextortion scams from Nigeria. These scams target victims to extort explicit content. Meta's new measures aim to protect users, especially teens, from these growing threats. Bleeping Computer
UK police take down DigitalStress DDoS-for-Hire service
UK police, in collaboration with the NCA, shut down the DDoS-for-hire service DigitalStress and arrested its owner. Data from the service will be used to pursue users and admins globally. This is part of Operation PowerOFF, which targets DDoS platforms since 2018. Bleeping Computer
DHS watchdog rebukes CISA and FLETC for ignoring orders, risking sensitive data
The DHS inspector general's report criticizes CISA and FLETC for continuing to use a high-risk contractor's software, failing to protect sensitive data, and posing significant cybersecurity risks. Despite DHS orders to cease use, both agencies continued, risking PII and critical training information. The Record
New malware FrostyGoop threatens critical infrastructure
A new malware strain, FrostyGoop, targets critical infrastructure via the Modbus protocol, posing a significant threat as it can disrupt essential services and is undetectable by traditional antivirus tools. Dragos recommends limiting Modbus device connections and ensuring they are not internet-connected. Axios
UK teen arrested for MGM Resorts hack linked to Scattered Spider
UK police arrested a 17-year-old linked to the Scattered Spider group behind the $100M MGM Resorts hack. The teen's arrest follows global efforts, including the FBI, to tackle the cybercriminals. MGM's shutdown response and refusal to pay ransom were praised. Scattered Spider has targeted over 100 organizations since 2022. The Record
AI & Security
Tech giants launch CoSAI to bolster AI cybersecurity
Tech giants like Google, Microsoft, and Amazon have formed CoSAI to enhance AI cybersecurity. Under OASIS Open, they aim to develop guidance and frameworks for AI risk mitigation, with Google's Secure AI Framework playing a key role. Collaborations with other entities will ensure comprehensive security measures. SC Magazine
Cybersecurity Incidents
APT41 targets multiple sectors in six countries with sophisticated malware
China-based APT41 targeted various sectors in Italy, Spain, Taiwan, Thailand, Turkey, and the UK, using sophisticated malware like DUSTPAN and DUSTTRAP for prolonged data extraction. They exploited Oracle Databases and Microsoft OneDrive for data exfiltration. Stolen code-signing certificates and advanced persistence techniques were employed, with parallels drawn to GhostEmperor's activities. ****The Hacker News
Ransomware attack shuts down 36 Los Angeles court offices
A ransomware attack forced the closure of 36 Los Angeles County Superior Court offices. Detected on July 19, the attack necessitated a shutdown of network systems for damage control and data protection. Recovery efforts are ongoing, with hopes to resume operations by Tuesday. Experts remain skeptical about a quick resolution. SC Magazine
Columbus, Ohio cyber incident disrupts city services
Columbus, Ohio, is recovering from a cyber incident disrupting city services, with 911 and payroll systems operational. The attack may have originated from a malicious email link. Other cities, including Forest Park, GA, Newcastle, WA, and LA County Superior Court, also faced recent ransomware attacks. The Record
Hackers leak documents from Pentagon contractor Leidos
Hackers breached Leidos Holdings, leaking internal documents online. The breach, linked to a 2022 Diligent Corp system hack, did not affect Leidos' network or sensitive customer data. The incident highlights ongoing cybersecurity challenges for major IT service providers. CSO Online
ClickBalance cloud database leak exposes 769M records
ClickBalance exposed 769 million records via an unprotected cloud database, revealing sensitive data like API keys and tax IDs. The breach, discovered by researcher Jeremy Fowler, was quickly secured but poses long-term risks. Organizations are urged to update credentials, enable two-factor authentication, and improve access controls and security vigilance. SC Magazine
Spytech hacked, exposing global surveillance data
A breach at Minnesota-based Spytech exposed surveillance data from over 10,000 devices worldwide, including Android, Chromebooks, Macs, and Windows PCs. Spytech’s spyware, used for spousal monitoring, operates without device owners' consent. CEO Nathan Polencheck is investigating the breach, which revealed unencrypted logs and significant misuse. TechCrunch
Pro-Palestinian group's DDoS attack on UAE Bank
BlackMeta, a pro-Palestinian hacktivist group, launched a record six-day DDoS attack on a UAE bank, averaging 4.5 million requests per second. Using the InfraShutdown service, the attack cut legitimate traffic to almost zero. BlackMeta, linked to Anonymous Sudan, has targeted multiple nations' infrastructures. Dark Reading
领英推荐
3,000 GitHub accounts found distributing malicious software
Over 3,000 GitHub accounts were found distributing malware like Atlantida Stealer and RedLine. Operated by Stargazer Goblin, these "Ghost" accounts exploit GitHub's reputation, posing risks to organizations. SC Magazine
Greece’s land registry endures 400 cyberattacks, 1.2GB of data breached
Greece’s Land Registry faced 400 cyberattacks, leading to a breach of 1.2 GB of non-sensitive data. No personal information was compromised. Hackers failed to access the central database. Measures include VPN termination, password resets, and mandatory two-factor authentication. Digital services remain unaffected. Bleeping Computer
Cyberattack disrupts operations at Cadre Holdings
Cadre Holdings, a safety equipment maker, faced a cyberattack affecting some operations. The breach, detected on July 15, led to system shutdowns and initiated standard response protocols. The investigation is ongoing, with the full impact undetermined. Possible ransomware involvement, but no group has claimed credit. SecurityWeek
Tunisian ISP, TopNet, leak exposes data of 442,000 customers, 972 employees
A TopNet data leak exposed data of 442,000 customers and 972 employees due to poor security. Risks include scams, phishing, and further breaches. TopNet, a major Tunisian ISP, has not responded to the issue. Experts warn that ISPs' poor security poses significant risks. Cybernews
Hamster Kombat targeted by malware, 250 million players at risk
Hamster Kombat, a game with 250 million players, is being exploited by cybercriminals through fake apps and websites distributing spyware and malware. Malicious campaigns on Telegram and GitHub target users seeking the game, spreading threats like Ratel spyware and Lumma Stealer. Only access the game via its official Telegram channel. Bleeping Computer
BreachForums v1 members' data leaked, exposing 212,414 users' info. Bleeping Computer
Interesting Reads
Supreme Court ruling complicates Biden's cybersecurity regulation efforts
The Supreme Court's recent decision to overturn the Chevron doctrine complicates the Biden administration's push for stricter cybersecurity regulations. This ruling undermines the legal basis for many existing and proposed cybersecurity measures, making them susceptible to legal challenges and potentially limiting federal agencies' regulatory authority. Cyberscoop
How attackers evade EDR/XDR systems
Attackers evade EDR/XDR systems by exploiting gaps in telemetry collection, detection logic, and response processes. Improving these systems involves enhancing telemetry sources, refining detection rules, and strengthening response procedures to ensure comprehensive threat detection and elimination. CSO Online
Coast Guard's maritime cybersecurity efforts hindered by staffing and authority issues
The Coast Guard's efforts to secure the US maritime supply chain are hampered by inadequate staffing, training, authority, and cyber expertise. Only 36% of maritime organizations use their free cybersecurity assistance. Rising cyber threats, including a 111% increase in reported incidents, highlight the urgent need for improved cybersecurity measures. Dark Reading
EU's DORA: strengthening financial cyber resilience by 2025
The EU’s Digital Operational Resilience Act (DORA) aims to bolster financial institutions' cyber resilience by January 17, 2025. It mandates comprehensive risk management, incident response, and third-party risk management. CISOs face challenges in meeting these requirements, emphasizing the need for prioritization and collaboration across departments. DORA's influence may extend globally and to other sectors. CSO Online
Wiz’s letter to employees after turning down Google’s $23B acquisition offer. TechCrunch
How cyber insurance coverage is evolving Cybersecurity Dive
Magento sites targeted with sneaky credit card skimmer via swap files The Hacker News
Data & Research
GenAI data risks prompt increased use of data loss prevention controls
A Netskope study reveals that regulated data shared with GenAI apps poses significant breach risks, leading 75% of businesses to block at least one GenAI app. Despite this, 96% of enterprises use GenAI, with data loss prevention controls rising from 24% to 42% in a year. Effective user coaching mitigates some risks. Help Net Security
Data breach victims in the US up 409% y/y. SC Magazine
One third of dev professionals unfamiliar with secure coding practices. Help Net Security
Cybersecurity Mergers, Acquisitions, and Funding
Acquisitions & Mergers
Wiz turns down $23B acquisition offer from Google. TechCrunch CSO Online
VC Funding
Vanta, security and compliance, raises $150M in Seires C funding. SecurityWeek
Chainguaurd, supply chain security, raises $140M in Series C funding. SecurityWeek
Ctera, cloud data management, raises $80M in Equity funding. SecurityWeek
Dazz, AI-automated cloud security remediation, raises $50M in equity funding. TechCrunch
Linx, identity management, raises $33M in Seed funding. TechCrunch
Lakera AI, GenAI threat detection, raises $20M in Series A funding. siliconANGLE
Protexxa, AI-powered security for SMB, raises $10M in Series A funding. SecurityWeek
Heeler Security, application security, raises $8.5M in Seed funding. siliconANGLE
Zest Security, cloud risk mitigation, raises $5M in Seed funding. SecurityWeek
Get The Infosec Monitor every Friday in your inbox
Subscribe ???https://infosecmonitor.beehiiv.com