Infosec Monitor: No. 36

No. 36, July 26, 2024

Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

(Sorry for the brief hiatus while I was on vacation!)

In this week's edition of the Infosec Monitor?— The Crowdstike outage, data breach victims up 409%, Wiz’s aquisition response.

Get The Infosec Monitor every Friday in your inbox

Subscribe ???https://infosecmonitor.beehiiv.com

Highlight of the Week

CrowdStrike's faulty update crashes 8.5M Windows devices

On July 19, 2024, a CrowdStrike update caused millions of Windows devices to crash globally. The faulty update, meant to enhance threat detection, led to out-of-bounds memory read errors, resulting in system crashes. CrowdStrike's CEO quickly apologized, and the company has since improved its testing processes to prevent future incidents. The RecordDark Reading

Fortune 500 lost an estimated $5.4B in Crowdstrike outage. Axios

Crowdstrike meltdown highlights IT’s weakest link: Too much administration. CSO Online

News

TracFone settles with FCC for $16M over data breaches, enhances security measures

TracFone Wireless will pay a $16 million civil penalty to the FCC over three data breaches from 2021-2023, compromising customer data. Incidents involved API exploitation and order website vulnerabilities. TracFone will also enhance security measures, including API vulnerability reduction, SIM protection, annual assessments, and employee training. SecurityWeek

Meta shuts down 63,000 Nigerian Instagram sextortion accounts

Meta shut down 63,000 Instagram accounts and thousands more on Facebook linked to sextortion scams from Nigeria. These scams target victims to extort explicit content. Meta's new measures aim to protect users, especially teens, from these growing threats. Bleeping Computer

UK police take down DigitalStress DDoS-for-Hire service

UK police, in collaboration with the NCA, shut down the DDoS-for-hire service DigitalStress and arrested its owner. Data from the service will be used to pursue users and admins globally. This is part of Operation PowerOFF, which targets DDoS platforms since 2018. Bleeping Computer

DHS watchdog rebukes CISA and FLETC for ignoring orders, risking sensitive data

The DHS inspector general's report criticizes CISA and FLETC for continuing to use a high-risk contractor's software, failing to protect sensitive data, and posing significant cybersecurity risks. Despite DHS orders to cease use, both agencies continued, risking PII and critical training information. The Record

New malware FrostyGoop threatens critical infrastructure

A new malware strain, FrostyGoop, targets critical infrastructure via the Modbus protocol, posing a significant threat as it can disrupt essential services and is undetectable by traditional antivirus tools. Dragos recommends limiting Modbus device connections and ensuring they are not internet-connected. Axios

UK teen arrested for MGM Resorts hack linked to Scattered Spider

UK police arrested a 17-year-old linked to the Scattered Spider group behind the $100M MGM Resorts hack. The teen's arrest follows global efforts, including the FBI, to tackle the cybercriminals. MGM's shutdown response and refusal to pay ransom were praised. Scattered Spider has targeted over 100 organizations since 2022. The Record

AI & Security

Tech giants launch CoSAI to bolster AI cybersecurity

Tech giants like Google, Microsoft, and Amazon have formed CoSAI to enhance AI cybersecurity. Under OASIS Open, they aim to develop guidance and frameworks for AI risk mitigation, with Google's Secure AI Framework playing a key role. Collaborations with other entities will ensure comprehensive security measures. SC Magazine

Cybersecurity Incidents

APT41 targets multiple sectors in six countries with sophisticated malware

China-based APT41 targeted various sectors in Italy, Spain, Taiwan, Thailand, Turkey, and the UK, using sophisticated malware like DUSTPAN and DUSTTRAP for prolonged data extraction. They exploited Oracle Databases and Microsoft OneDrive for data exfiltration. Stolen code-signing certificates and advanced persistence techniques were employed, with parallels drawn to GhostEmperor's activities. ****The Hacker News

Ransomware attack shuts down 36 Los Angeles court offices

A ransomware attack forced the closure of 36 Los Angeles County Superior Court offices. Detected on July 19, the attack necessitated a shutdown of network systems for damage control and data protection. Recovery efforts are ongoing, with hopes to resume operations by Tuesday. Experts remain skeptical about a quick resolution. SC Magazine

Columbus, Ohio cyber incident disrupts city services

Columbus, Ohio, is recovering from a cyber incident disrupting city services, with 911 and payroll systems operational. The attack may have originated from a malicious email link. Other cities, including Forest Park, GA, Newcastle, WA, and LA County Superior Court, also faced recent ransomware attacks. The Record

Hackers leak documents from Pentagon contractor Leidos

Hackers breached Leidos Holdings, leaking internal documents online. The breach, linked to a 2022 Diligent Corp system hack, did not affect Leidos' network or sensitive customer data. The incident highlights ongoing cybersecurity challenges for major IT service providers. CSO Online

ClickBalance cloud database leak exposes 769M records

ClickBalance exposed 769 million records via an unprotected cloud database, revealing sensitive data like API keys and tax IDs. The breach, discovered by researcher Jeremy Fowler, was quickly secured but poses long-term risks. Organizations are urged to update credentials, enable two-factor authentication, and improve access controls and security vigilance. SC Magazine

Spytech hacked, exposing global surveillance data

A breach at Minnesota-based Spytech exposed surveillance data from over 10,000 devices worldwide, including Android, Chromebooks, Macs, and Windows PCs. Spytech’s spyware, used for spousal monitoring, operates without device owners' consent. CEO Nathan Polencheck is investigating the breach, which revealed unencrypted logs and significant misuse. TechCrunch

Pro-Palestinian group's DDoS attack on UAE Bank

BlackMeta, a pro-Palestinian hacktivist group, launched a record six-day DDoS attack on a UAE bank, averaging 4.5 million requests per second. Using the InfraShutdown service, the attack cut legitimate traffic to almost zero. BlackMeta, linked to Anonymous Sudan, has targeted multiple nations' infrastructures. Dark Reading

3,000 GitHub accounts found distributing malicious software

Over 3,000 GitHub accounts were found distributing malware like Atlantida Stealer and RedLine. Operated by Stargazer Goblin, these "Ghost" accounts exploit GitHub's reputation, posing risks to organizations. SC Magazine

Greece’s land registry endures 400 cyberattacks, 1.2GB of data breached

Greece’s Land Registry faced 400 cyberattacks, leading to a breach of 1.2 GB of non-sensitive data. No personal information was compromised. Hackers failed to access the central database. Measures include VPN termination, password resets, and mandatory two-factor authentication. Digital services remain unaffected. Bleeping Computer

Cyberattack disrupts operations at Cadre Holdings

Cadre Holdings, a safety equipment maker, faced a cyberattack affecting some operations. The breach, detected on July 15, led to system shutdowns and initiated standard response protocols. The investigation is ongoing, with the full impact undetermined. Possible ransomware involvement, but no group has claimed credit. SecurityWeek

Tunisian ISP, TopNet, leak exposes data of 442,000 customers, 972 employees

A TopNet data leak exposed data of 442,000 customers and 972 employees due to poor security. Risks include scams, phishing, and further breaches. TopNet, a major Tunisian ISP, has not responded to the issue. Experts warn that ISPs' poor security poses significant risks. Cybernews

Hamster Kombat targeted by malware, 250 million players at risk

Hamster Kombat, a game with 250 million players, is being exploited by cybercriminals through fake apps and websites distributing spyware and malware. Malicious campaigns on Telegram and GitHub target users seeking the game, spreading threats like Ratel spyware and Lumma Stealer. Only access the game via its official Telegram channel. Bleeping Computer

BreachForums v1 members' data leaked, exposing 212,414 users' info. Bleeping Computer

Interesting Reads

Supreme Court ruling complicates Biden's cybersecurity regulation efforts

The Supreme Court's recent decision to overturn the Chevron doctrine complicates the Biden administration's push for stricter cybersecurity regulations. This ruling undermines the legal basis for many existing and proposed cybersecurity measures, making them susceptible to legal challenges and potentially limiting federal agencies' regulatory authority. Cyberscoop

How attackers evade EDR/XDR systems

Attackers evade EDR/XDR systems by exploiting gaps in telemetry collection, detection logic, and response processes. Improving these systems involves enhancing telemetry sources, refining detection rules, and strengthening response procedures to ensure comprehensive threat detection and elimination. CSO Online

Coast Guard's maritime cybersecurity efforts hindered by staffing and authority issues

The Coast Guard's efforts to secure the US maritime supply chain are hampered by inadequate staffing, training, authority, and cyber expertise. Only 36% of maritime organizations use their free cybersecurity assistance. Rising cyber threats, including a 111% increase in reported incidents, highlight the urgent need for improved cybersecurity measures. Dark Reading

EU's DORA: strengthening financial cyber resilience by 2025

The EU’s Digital Operational Resilience Act (DORA) aims to bolster financial institutions' cyber resilience by January 17, 2025. It mandates comprehensive risk management, incident response, and third-party risk management. CISOs face challenges in meeting these requirements, emphasizing the need for prioritization and collaboration across departments. DORA's influence may extend globally and to other sectors. CSO Online

Wiz’s letter to employees after turning down Google’s $23B acquisition offer. TechCrunch

How cyber insurance coverage is evolving Cybersecurity Dive

Magento sites targeted with sneaky credit card skimmer via swap files The Hacker News

Data & Research

GenAI data risks prompt increased use of data loss prevention controls

A Netskope study reveals that regulated data shared with GenAI apps poses significant breach risks, leading 75% of businesses to block at least one GenAI app. Despite this, 96% of enterprises use GenAI, with data loss prevention controls rising from 24% to 42% in a year. Effective user coaching mitigates some risks. Help Net Security

Data breach victims in the US up 409% y/y. SC Magazine

One third of dev professionals unfamiliar with secure coding practices. Help Net Security

Cybersecurity Mergers, Acquisitions, and Funding

Acquisitions & Mergers

Wiz turns down $23B acquisition offer from Google. TechCrunch CSO Online

VC Funding

Vanta, security and compliance, raises $150M in Seires C funding. SecurityWeek

Chainguaurd, supply chain security, raises $140M in Series C funding. SecurityWeek

Ctera, cloud data management, raises $80M in Equity funding. SecurityWeek

Dazz, AI-automated cloud security remediation, raises $50M in equity funding. TechCrunch

Linx, identity management, raises $33M in Seed funding. TechCrunch

Lakera AI, GenAI threat detection, raises $20M in Series A funding. siliconANGLE

Protexxa, AI-powered security for SMB, raises $10M in Series A funding. SecurityWeek

Heeler Security, application security, raises $8.5M in Seed funding. siliconANGLE

Zest Security, cloud risk mitigation, raises $5M in Seed funding. SecurityWeek

Get The Infosec Monitor every Friday in your inbox

Subscribe ???https://infosecmonitor.beehiiv.com