The Score: This Week's Global Cyber Conflict Chronicles

The Score: This Week's Global Cyber Conflict Chronicles

As we wrap up another week, the global cyber wars have been intensifying significantly. Amidst this escalating conflict, SecurityScorecard stands vigilant on the front lines, equipped with the collective expertise to defend against these escalating threats. Let's explore the latest developments and how we are uniquely positioned to navigate the battlefield.

There was a LOT of action this week and this edition of The Score will encapsulate as much of it as possible.

In SecurityScorecard News:

  • Energy Sector Under Siege:? Our Threat Intelligence team, led by Ryan Sherstobitoff off, has released a startling report revealing that 90% of energy companies have experienced a third-party breach. This alarming statistic was uncovered after a comprehensive analysis of over 2,000 entities. This is a very unsettling statistic, considering the current uptick of state-sponsored cyberattacks against critical infrastructure systems: ? Read the Report | Read the Announcement
  • 2024 Cybersecurity Landscape Predictions: Our CISO Steve Cobb shares his insights in this Help Net Security video on what the cybersecurity landscape might hold in 2024. Watch the Video

In Global News:

  • China's Cyber Army Targets U.S. Critical Infrastructure Services: The Washington Post reports on China's increasing cyber activities against critical U.S. services and infrastructure, with successful breaches against dozens of ports, oil and gas services, and other critical entities. Read More
  • White House Aide on Iran's Hack of Water System: CBS News reports on the top White House cyber aide's call for tightened cybersecurity following Iran's recent hack on a water system while also mentioning the recent uptick of hospital ransomware attacks. ?Read More
  • Major Cyberattack on Ukrainian Mobile Operator: Ukraine's largest mobile operator, Kyivstar, suffered a significant cyberattack, disrupting regional air raid warning services and banking services. This attack, one of the most impactful on Ukrainian critical infrastructure since Russia's invasion, seems to be growing with intensity. The incident led to outages in the northern Sumy region and forced Kyivstar to shut down network connections to contain the breach. Ukraine’s Security Service (SBU) is investigating the attack, with suspicions that Russian special services may be involved.? Read More…
  • Australia Reports Surge in APT Activity: Australia is facing an alarming increase in state-sponsored groups targeting its critical infrastructure. The Australian Cyber Security Centre's annual threat report revealed a 23% surge in cybercrime reports, totaling over 94,000 incidents in the financial year to June. The government's response includes setting up a new agency for coordinating hack responses and overhauling federal cyber laws. Read More…
  • Breaches by Iran-affiliated hackers spanned multiple U.S. states: A series of breaches across multiple U.S. states by Iran-affiliated hackers has raised significant concerns for the federal government. The hackers, targeting a specific Israeli-made industrial control device, have compromised various organizations, including water utilities. The FBI, EPA, CISA, and Israel’s National Cyber Directorate have issued an advisory highlighting the widespread nature of these attacks. The Municipal Water Authority of Aliquippa in Pennsylvania was one of the victims, prompting a temporary halt in pumping operations. These incidents demonstrate the increasing cyber threats to critical infrastructure and the need for enhanced cybersecurity measures across various sectors, including energy, food and beverage manufacturing, and healthcare. The advisory also points out that the hackers, known as "Cyber Av3ngers," are affiliated with Iran's Islamic Revolutionary Guards Corps and have been targeting these devices since at least November 22. ?Read More
  • Hackers in Iran Attack Vero Utilities: Vero Beach also disclosed they were victims of a cyberattack by Iranian hackers targeting the same Israeli-made industrial control device as the one in the Pennsylvania incident. Read More
  • Iran-Linked Hackers Develop New Malware Downloaders: A cyber-espionage group linked to the Iranian government, known as OilRig or APT34, has developed several new malware downloaders targeting organizations in Israel. The group has been focusing on Israel during its ongoing war with Hamas, with recent attacks on the healthcare sector, a manufacturing company, and a local governmental organization. Read More
  • Russian Cybergroup Star Blizzard Unleashes Global Spear-Phishing Attack: FOX News reports that Star Blizzard, a Russian APT group, has launched a global spear-phishing campaign targeting various organizations and individuals. This attack is part of a broader pattern of Russian cyber activities aimed at gathering intelligence. Read More
  • Hackers had access to patient information for months in New York hospital cyberattack: A group of New York hospitals and health care centers, including HealthAlliance Hospital, Margaretville Hospital, and Mountainside Residential Care Center, experienced a cyberattack that allowed hackers to access patients' private information for two months. The breach, which affected the facilities operating under the Westchester Medical Center Health Network, involved unauthorized access to the parent company's IT network. The compromised data may have included names, addresses, dates of birth, Social Security numbers, diagnoses, lab results, medications, treatment information, health insurance details, provider names, and financial information. HealthAlliance has begun notifying patients and is offering free credit monitoring and identity theft protection services. Read More
  • Russian Hackers Exploiting JetBrains in a Mass Exploitation Operation: U.S. officials, including the National Security Agency, the FBI, and CISA, have warned that Russian hackers, sometimes known as Cozy Bear or APT29, are targeting servers hosting outdated versions of JetBrains software. The hackers aim to access software developers' source code, potentially allowing them to tamper with its compilation or deployment. This technique mirrors the SolarWinds cyberespionage campaign that led to serious breaches across the U.S. government in 2019. JetBrains, based in Prague, has fixed the vulnerability in its TeamCity collaborative software building tool and is urging customers to update. The U.S. statement, co-signed by Britain’s National Cyber Security Centre and Poland’s Military Counterintelligence Service, notes that the compromised companies had outdated and vulnerable versions of JetBrains exposed to the internet, suggesting opportunistic rather than targeted attacks. Read More | CISA Advisory
  • Microsoft Warns of OAuth Exploitation for Cryptocurrency Mining and Phishing: Microsoft has issued a warning about adversaries exploiting OAuth applications to deploy virtual machines for cryptocurrency mining and launch phishing attacks. These threat actors compromise user accounts to create or modify OAuth applications, granting them high privileges to conceal malicious activities. The misuse of OAuth allows attackers to maintain access to applications even if they lose access to the initially compromised account. One such adversary, identified as Storm-1283, has been using compromised accounts to create OAuth applications for cryptomining. Additionally, unidentified actors have been compromising user accounts and creating OAuth applications to launch email phishing attacks, employing adversary-in-the-middle (AiTM) phishing kits to steal session cookies and bypass authentication measures. Read More

In Crypto News

  • Supply Chain Attack Targets Ledger Crypto Wallet Users: Ledger, a popular crypto hardware and software wallet maker, experienced a supply chain attack resulting in a compromised version of its Ledger Connect Kit. The attack began with a phishing incident involving a former Ledger employee, leading to unauthorized access to their NPMJS account. Hackers used this access to publish a malicious version of the Ledger Connect Kit, which rerouted funds to a hacker wallet using a rogue WalletConnect project. The malicious file was live for about five hours, with a two-hour window where funds were drained. Ledger responded quickly, deploying a fix within 40 minutes of becoming aware of the hack and coordinating with WalletConnect to disable the rogue project. The company is actively engaging with affected customers and believes it has identified the hackers' wallet. Read More

As we go into the weekend…

Let's carry with us a sense of purpose and determination as we face these escalating global cyber challenges head-on. Our expertise, #SecurityDNA, and #OneScorecard mission is what keeps us ahead of the curve. Stay informed, stay resilient, and let's continue to make the world a safer place. Have a great weekend, and remember, ALWAYS KEEP HACKING THE PLANET!

要查看或添加评论,请登录

社区洞察

其他会员也浏览了