The SURF Security Lifeguard Report

Keeping you afloat in dangerous times

Welcome to the first Surf Lifeguard Report, a roundup of the top cybersecurity stories of the past fortnight. Below you’ll find news and context to improve situational awareness and help craft your organisation’s security strategy.

Remember to subscribe to receive every report. Here we go:

Mandiant: Snowflake breach victims didn’t have MFA enabled

Google-owned Mandiant has released more details of a major extortion campaign against customers of data cloud firm Snowflake. Around 165 customers have had their accounts breached by threat group UNC5537 – primarily via credentials previously stolen by infostealer malware, Mandiant said. The customers in question did not have multifactor authentication (MFA) enabled.?

It may surprise you to hear that enforcing MFA at login can be done extremely easily via an advanced enterprise browser.

https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion

Phishing attacks on EU/US organisations double

The volume of phishing attacks targeting European organisations surged by 112% between April 2023 and April 2024, and by 92% in the US, according to Abnormal Security. It highlights the enduring popularity of email-borne social engineering attacks as a primary initial attack vector. Phishing can be used either to harvest credentials for network intrusion, or to install malware on endpoints.

Your organisation can eliminate the human risk factor through multi-layered protection in SURF Security's browser or extension, including reputation, domain, and SSL certificate checks.

https://www.infosecurity-magazine.com/news/phishing-attacks-us-europe-double/

Employee malware download led to massive breach

A ransomware breach at one of America’s largest healthcare providers started when an employee mistakenly downloaded a malicious file onto a company device. The incident forced the provider to halt non-emergent elective procedures, tests and appointments and divert emergency patients elsewhere. The staffer was tricked into clicking on a malicious link in a phishing email.

Both the initial phishing email and subsequent malware download could have been blocked.

https://www.bleepingcomputer.com/news/security/ascension-hacked-after-employee-downloaded-malicious-file/?

Phishing email led to credential theft and breach of 200,000 LA citizens

Los Angeles County Department of Public Health (DPH) has revealed a data breach impacting? over 200,000 citizens. Highly sensitive and regulated information including social security numbers, financial details, names and dates of birth were compromised after 53 employees had their logins stolen via a phishing email.

https://www.infosecurity-magazine.com/news/los-angeles-health-data-breach/

Infostealer malware spread via Vortax fake meeting software?

Threat actors are finding clever new ways to spread malware. The latest is a campaign in which they hide infostealer malware in fake meeting software dubbed ‘Vortax”, and lure users to download it via social media posts. The campaign, which is designed to steal crypto account credentials, was legitimised via a fake Vortax blog site on Medium populated by AI-generated content.

There is a way to block malicious downloads at the browser level.

https://go.recordedfuture.com/hubfs/reports/cta-2024-0617.pdf

Lack of MFA to blame for massive health insurer breach

An absence of MFA enabled hackers to access the IT systems of an Australian health insurer and compromise the personal data of nearly 10 million customers, the country’s data protection regulator has claimed. The breach was one of Australia’s biggest when it happened in 2022. Specifically, the insurer didn’t require employees to log-in to their VPN using MFA.

https://therecord.media/medibank-hack-australian-government-report-mfa

Prompt injection flaw could enable AI leakage from EmailGPT

A new vulnerability has been discovered in Google Chrome extension EmailGPT which could enable hackers to force the system to divulge sensitive information and perform other unauthorised actions. Worryingly, the security researchers received no response from the software’s developers within their 90-day disclosure period, prompting them to advise customers to remove it.

Your organisation can place granular restrictions on what users can access and download via a secure browser like SURF.

https://www.infosecurity-magazine.com/news/emailgpt-exposed-prompt-injection/

Ready to take your browser security to the next level?

Talk to us at SURF Security to learn how our enterprise browser can help you secure your endpoints and protect your business.

[email protected] or www.surf.security

Remember to subscribe to receive every report.

#cybersecurity #endpointsecurity #enterprisebrowser #zerotrust