• The Infosec Monitor
  • Posts
  • $2.7B US personal records leaked, a $60M BEC scam, and burnout in cybersecurity.

$2.7B US personal records leaked, a $60M BEC scam, and burnout in cybersecurity.

Infosec Monitor: No. 39

Author

Bryan Smith
August 16, 2024

No. 39, August 16, 2024

Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor â€” $2.7B US personal records leaked, a $60M BEC scam, and burnout in cybersecurity.

Get The Infosec Monitor every Friday in your inbox

Subscribe 👉 https://infosecmonitor.beehiiv.com

Highlight of the Week

2.7 billion U.S. personal records leaked, including Social Security numbers

A hacker named "Fenice" leaked 2.7 billion records containing U.S. residents' personal data, including Social Security numbers and addresses, on a hacking forum. The data was allegedly stolen from National Public Data, a company that compiles information for background checks. The leak has prompted lawsuits and heightened concerns about identity theft. Bleeping Computer

News

Pentagon advances CMMC 2.0 with new contract rule proposal

The Pentagon advanced its Cybersecurity Maturity Model Certification (CMMC) 2.0 program by proposing a new rule that integrates cybersecurity requirements into all defense contracts involving controlled unclassified information. The rule will phase in over three years, mandating CMMC compliance for contractors and subcontractors. The public comment period ends on October 15, 2024. Defense Scoop

White House announces $11M plan to boost open source software security

The Biden administration, via DHS, is investing $11 million to enhance open source software security, a focus of its national cybersecurity strategy. The funds will support the Open Source Software Prevalence Initiative, aiming to secure software in critical infrastructure. Cybersecurity Dive

Student raised security concerns in Mobile Guardian MDM weeks before cyberattack. TechCrunch

Enzo Biochem to pay $4.5 million after data breach exposed 2.5 million. The Record

NIST announces first quantum-safe encryption standards. Network World

AI & Security

MIT launches risk repository of 700+ AI risks

MIT's CSAIL launched the AI Risk Repository, consolidating over 700 AI risks into a comprehensive, freely accessible database. The tool aims to aid decision-makers by filling gaps in current AI risk assessments. Misinformation is notably under-addressed compared to issues like AI safety and discrimination. ZDNet

Google study maps generative AI misuse, highlights emerging threats

New research categorizes generative AI misuse into exploitation (e.g., scams) and system compromise (e.g., jailbreaking), with a significant case of $26M lost to an AI-generated imposter. Despite emerging threats, traditional manipulation methods remain dominant. Google and Jigsaw aim to improve public AI literacy and enhance safeguards. Google

Phishing attacks surge as AI and PhaaS drive rapid adaptation to current events. The Hacker News

DARPA awards $14M to advance AI-driven cybersecurity solutions. The Record

Cybersecurity Incidents

3AM ransomware leaks data of 464,000 Kootenai Health patients

3AM ransomware breached Kootenai Health, stealing and leaking sensitive data of 464,000 patients, including SSNs, medical records, and more. The attack began in February 2024, with data leaked in a 22GB archive on the darknet. No ransom was paid. Kootenai Health offers identity protection to affected individuals. Bleeping Computer

Orion loses $60 million in BEC scam

Orion, a Luxembourg-based carbon black supplier, lost $60 million in a business email compromise (BEC) scam after an employee was tricked into making multiple fraudulent wire transfers. The company is investigating the theft and seeking to recover the funds. The Record

DNC credentials compromised by Telegram bot

The Democratic National Convention (DNC) faces a major cybersecurity threat as the "IntelFetch" Telegram bot aggregates stolen credentials from DNC websites, including delegate logins. ZeroFox researchers warn of significant risks, as these credentials could allow unauthorized access to sensitive systems, threatening the security and operations of the DNC. Dark Reading

Trump campaign claims hack by Iran after Microsoft report on election interference

The Trump campaign alleges a hack by Iran after Microsoft revealed Iranian targeting of the 2024 U.S. election. Politico received internal Trump communications from a potential hack source. Microsoft linked the breach to an Iranian group. Trump confirmed the link and criticized the government's response. siliconANGLE

Sumter county, Florida sheriff’s office hit by ransomware, gang demanding $423K

Rhysida ransomware attacked the Sumter County Sheriff’s Office, threatening to leak sensitive data. Despite ongoing investigations, law enforcement services remain operational. Rhysida demands 7 bitcoin (~$423,000) and has a history of targeting critical infrastructure with high ransoms. SC Magazine

Killeen, TX hit by ransomware as well. The Record

Musk claims DDOS attack disrupted Trump interview on X platform

Elon Musk's interview with Donald Trump on X was delayed by what Musk claimed was a massive DDOS attack, disrupting the livestream. Some users questioned whether the issue was due to overwhelming traffic, while others suggested nation-state involvement. The incident follows recent claims of a hack on Trump’s campaign. SecurityWeek

Swiss Manufacturer Schlatter Hit by Likely Ransomware Attack

Swiss industrial manufacturer Schlatter Industries suffered a cyberattack, likely ransomware, disrupting IT services. The attackers are attempting to blackmail the company, possibly demanding ransom for encrypted or stolen data. Schlatter is investigating the breach, with experts working to limit damage and authorities notified. The attack appears financially motivated. siliconANGLE

Australia’s Evolution Mining hit by ransomware attack

Australian gold miner Evolution Mining suffered a ransomware attack on August 8, impacting its IT systems. The company, working with cyber forensic experts, has contained the incident and does not expect any significant operational impact. Dark Reading

DPRK hackers steal key data on South Korean tanks and spy planes

North Korean hackers stole sensitive data on South Korea's K2 tanks and key spy planes, raising fears of military surveillance evasion. Bleeping Computer

Malware campaign hits 300,000 Chrome and Edge users via rogue extensions

A malware campaign affecting over 300,000 Chrome and Edge users is installing rogue extensions via trojans distributed through fake websites. These extensions hijack searches, steal data, and execute commands. The trojan, active since 2021, uses malvertising to trick users into downloading malicious software, leading to significant security risks. The Hacker News

CSC ServiceWorks breach exposes personal data of over 35,000 individuals

CSC ServiceWorks revealed a data breach affecting over 35,000 individuals, caused by a 2023 cyberattack that went undetected for months. Exposed information includes personal, financial, and health data. Bleeping Computer

Over 200k impacted by EVIT data breach, sensitive information compromised

The East Valley Institute of Technology (EVIT) notified over 200,000 individuals of a data breach that compromised sensitive personal and health information. The breach occurred in January 2024, with the LockBit ransomware group claiming responsibility. SecurityWeek

Chilling app exposes sensitive user data for nine months, 100K users impacted. Cybernews

Threat Intel

Radar/Dispossessor ransomware operation disrupted

Authorities in the US, Germany, and the UK have disrupted the Radar/Dispossessor ransomware operation, dismantling 24 servers and 9 domains. Active since 2023, the group targeted over 43 organizations worldwide. Key figures have been identified, with an international arrest warrant issued for one suspect in Germany. SecurityWeek

New ransomware gang "Mad Liberator" targets AnyDesk users with social engineering

A new ransomware group, "Mad Liberator," is using social engineering to exploit AnyDesk remote-access users, focusing on data theft rather than encryption. They trick victims into accepting connection requests, leading to data exfiltration and ransom demands. At least eight companies across different sectors have been targeted so far. Cybernews

Microsoft patches six 0-day vulnerabilities in August 2024 patch. Krebs on Security

Interesting Reads

No one is ready for Google’s 90-day TLS certificate transition

Google's planned reduction of TLS certificate lifespans to 90 days is causing concern among companies. A Venafi survey shows 94% of IT security leaders are worried about more failures and management challenges, especially as TLS certificate use is growing rapidly. Most companies lack automation, exacerbating the issue. CSO Online

Cybersecurity burnout: 85% of professionals struggle due to poor leadership, hiring practices

A survey reveals 85% of cybersecurity professionals face burnout, driven by resource shortages and monotonous tasks. The stress is exacerbated by leadership's lack of understanding and poor hiring practices. Solutions include better leadership involvement and improved tools to reduce repetitive work. Cybernews

How leading CISOs build business-critical cyber cultures. CIO

It’s time to stop thinking of threat groups as supervillains, experts say. Cybersecurity Dive

How a cybersecurity researcher doxed LockBit’s leader. TechCrunch

How CIOs, CTOs, and CISOs view cyber risks differently. Help Net Security

Data & Research

Like the new format for data and research? Let me know.

TLS Certificates

  • Only 8% of companies fully automate TLS management

  • The average company manages 3,730 TLS certificates, expected to rise by 39% by 2026

Ransomware

  • 74% of ransomware victims were attacked multiple times in the same year.

  • 83% of organizations surveyed were targeted by ransomware, with many paying ransoms multiple times.

  • 87% of attacks led to business disruptions, including data loss and system outages.

  • 35% of those who paid ransom did not receive working decryption keys.

  • Only 27% of organizations had dedicated Active Directory (AD)-specific backup systems.

DDOS

  • DDoS attacks jumped 46% in the first half of 2024, with 445,000 incidents recorded.

  • Peak attack power increased to 1.7 Tbps.

  • The gaming and gambling industry faced nearly half of these attacks, while the tech sector saw its share double to 15%.

Cybersecurity Mergers, Acquisitions, and Funding

VC Funding

Kiteworks, secure email communications, raises $456M from Private Equity funding. TechCrunch

Get The Infosec Monitor every Friday in your inbox

Subscribe 👉 https://infosecmonitor.beehiiv.com