Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — $25M stolen via AI driven deepfake video phishing, ransomware payments hit new records, and Ivanti STILL.

Highlight of the Week

Deepfake video call convinces employee to wire $25M

AI isn't going to; it is rocking phishing. Attackers used AI in an elaborate phishing attack. The first contact was via an email, which raised the employee's suspicions. But it was followed up by a convincing (enough?) video conference call, which convinced the employee to follow through with an incredible $25M (HKD 200M) transfer. But unknown to the employee, he was the only real person on the video call. The others, including his CFO and coworkers, were all AI deepfakes. SC Magazine DarkReading

News

Ransomware payments surpass $1B in 2023

The total ransomware payments surpassed $1 billion last year for the first time. It was nearly double the amount paid of $567 million in 2022. The reasons for the significant increase include threat groups continuing their "big game hunting" strategy and the expansion of Ransomware-as-a-Service. This is quite interesting in the face of last week's study that showed companies were far more likely not to pay compared to previous years (down to 29% from a high of 85%). The Record

Five years — That's how long Chinese hacking groups have been in US critical infrastructure

CISA has issued a report stating that the Volt Typhoon group has been focused on US critical infrastructure for five years. "The US authoring agencies have confirmed that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations." CISA urges the cited organizations to apply the mitigations in the advisory and to hunt for similar malicious activity. CISA.gov DarkReading CSO Online

Ivanti is vulnerable to yet another bug (seriously, another?)

In the ongoing vulnerability nightmare, that is Ivanti VPN appliances and software. New vulnerabilities have been found and are already being exploited in the wild. Incredible. SC Magazine

Office of National Cyber Director, looking to hold accountable those who "rush code to market"

Speaking at a summit, the US National Cyber Director Harry Coker said US national strategy needs to hold those accountable when they rush insecure code to the market. Coker said nothing specific about what he meant by accountability other than exploring "different liability regimes" and working with academic and legal experts. WhiteHouse.gov

CISA using regional inspectors to bolster election security CSO Online

Thank you for reading Infosec Monitor. This post is public so feel free to share it.

AI & Security

US Dept. of Commerce launches AI Safety Consortium

The new consortium is part of NIST's AI Safety Institute and has over participating companies and organizations. "The job of the consortia is to ensure that the AI Safety Institute's research and testing is fully integrated with the broad community." The public-private cooperation is seen as a way to ensure the US government does not operate in a bubble when it oversees AI safety. Fedscoop

FCC bans AI-generated voice cloning in robocalls

This shouldn't be surprising to anyone. The FCC is no fan of robocalls, and banning deceptive practices is a key point in many of their rulings. So, the only surprise here is that it has yet to be banned. This decision came after the New Hampshire call, where President Joe Biden's voice was cloned and urged voters not to turn out for the election primaries. The Record

Cyber Security Incidents

33M impacted - French health insurers breached

Nearly half the population of France is being impacted by a breach of two health insurance providers, Viamedis and Elmer's. No medical history data was exposed. However, the breach did include other sensitive data such as name, dates of birth, and social security numbers. Details on how the breaches were accomplished have yet to be shared. The Record

2M impacted - Personal data stolen across 65 job boards

ResumeLooters, a threat group, used SQL Injection and XSS attacks to breach 65 job board sites to exfiltrate personal data on over 2M job seekers. BleepingComputer

155K impacted - Driver data from HopSkipDrive

Driver data, including names, addresses, and license numbers, was stolen from HopSkipDrive, the ride-share service for children and teenagers. The breach occurred in June, but broader notification only recently went out. TechCrunch

66K impacted - Two US insurers breached by SIM swapping attack

A SIM swapping attack hit Bankers Life and Casualty Company and Washington National Insurance Company. The attack was against a senior officer in the company(s?). Past SIM swapping attacks have led to follow-on ransomware attacks. SC Magazine

63K impacted - Internal access to employee records at Verizon

The breach is only internal to Verizon. An employee gained unauthorized access to a file containing personal records for nearly half of Verizon's workforce. While the breach required notification to Maine's attorney general, the breach is being considered inadvertent and non-malicious. SC Magazine

Californian union hit by ransomware The Record

Interesting Reads

How Midnight Blizzard gained access to Microsoft's corporate network

The Wiz blog has an excellent write-up on how the Chinese APT group gained access to Microsoft's corporate network. Wiz

Buying Spying: How the commercial surveillance industry works and what can be done about it. Google

10 must-read cybersecurity books. I'll be reading #1 and #10 Help Net Security

Data & Research

Execs see 42x more quishing attacks than the average employee

I don't know what this says about how attackers view execs. But heads up. Dark Reading

Cybersecurity Mergers, Acquisitions, and Funding

Onfindo, identify verification will be acquired for up to $650M by Entrust. SiliconAngle

Ionix, attack surface reduction, increases Series A from $27M to $42M. TechCrunch

NinjaOne, endpoint management, raises $231.5M in Series C. TechCrunch

ZeroFox, external cybersecurity solutions, is being acquired by PE firm Haveli Investments for $350M. SecurityWeek

Kontra, application security training, acquired by Security Compass for an undisclosed sum. BusinessWire