In partnership with

No. 53, December 6, 2024

Welcome to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — 8 telcos confirmed breached by Salt Typhoon, NY fines Geico & Travelers for data breaches, and the massive Matrix DDoS attack.

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.

Highlight of the Week

8 telcos hit by Chinese Salt Typhoon campaign

The count is increasing. Chinese hackers breached eight major US telecom companies and dozens of foreign carriers in a two-year campaign dubbed "Salt Typhoon." Attackers remain in networks, accessed communications of senior officials and collected Americans' metadata. White House coordinating response, pushing for new cybersecurity standards. No classified data reportedly compromised. The Record

US urgers citizens to use encrypted messaging apps. siliconAngle

Telcoms struggling to oust Salt Typhoon from their networks. Axios

Interuptions slowing you down?

No more, “Sorry to interrupt…” for you. Save time by using AskJack, your companies internal knowledge base built from your documents and data and not by you. Learn More

News

Stoli blames ransomware attack for pushing US units into bankruptcy

Stoli Group's US subsidiaries filed for bankruptcy after an August ransomware attack crippled operations, forcing manual processes until 2025. The $84M debt crisis was accelerated by the cyber incident, which disabled critical systems. The Record

New York fines Geico, Travelers for pandemic data breaches

New York regulators fined Geico and Travelers a combined $11.3M for data breaches affecting 120,000 people during the pandemic. The auto insurers failed to protect customer accounts from credential stuffing attacks and violated state cybersecurity rules by not implementing proper security measures like multi-factor authentication. Cybersecurity Dive

EU launches cross-border Cybersecurity hub network with new laws

EU enacts two major cybersecurity laws strengthening cross-border defense coordination. The legislation creates an AI-powered threat detection network, emergency response teams, and standardized security service certification. CSO Online

Interpol operation leads to mass cybercrime arrests and $400M seizure. The Hacker News

South Korean CEO arrested over DDoS-enabled satellite receivers. Bleeping Computer

AI & Security

OWASP reveals key changes in LLM security risks

OWASP's updated top 10 LLM vulnerabilities reflect rapid evolution in generative AI risks. Prompt injection remains the primary threat, while new concerns like system prompt leakage emerge. With enterprise AI spending up six-fold to $13.8B in 2024, organizations must implement stronger security controls and oversight. CSO Online

Cybersecurity Incidents

BT confirms attack after Black Basta Ransomware claims breach

British telecom giant BT confirmed a cyberattack attempt on its conferencing platform after ransomware group Black Basta claimed to have stolen corporate data. While BT isolated affected systems and maintains normal operations, the hackers claim to possess employee information and sensitive documents. The Record

Blue Yonder recovers from Thanksgiving ransomware attack, major clients impacted

Supply chain tech company Blue Yonder is recovering from a November 21 ransomware attack that disrupted operations for major clients like Starbucks and Morrisons supermarket. While some customers are back online, others continue working toward full recovery. Cybersecurity Dive

Costa Rica energy company RECOPE shifts to manual operations after ransomware attack

Costa Rica's state energy provider RECOPE suffered a ransomware attack, forcing manual operations for fuel distribution. US experts arrived to assist recovery efforts. While digital payment systems were affected, fuel supply remained stable. The Record

Data broker leaves 600K background checks exposed without password protection

A data broker exposed 713GB of sensitive data including 644,869 background check files containing personal information, criminal records, and property data. The unencrypted database was left accessible without password protection. Cybernews

Indian ID firm Signzy hit by malware attack, major banks claim no exposure

Indian ID verification firm Signzy, serving major financial institutions including India's top banks, confirmed a cyberattack involving information stealer malware. While some customer data reportedly appeared on a cybercrime forum, key clients PayU and ICICI Bank claim no exposure. TechCrunch

Russian hackers breach Pakistani APT group to target South Asian governments

Russian state hackers (Secret Blizzard) compromised Pakistani hacking group Storm-0156's infrastructure, gaining access to 33 command servers. This allowed them to steal sensitive data from Afghan government and Indian military targets, while masquerading as other threat actors. Dark Reading

Development firm Chemonics reports data breach affecting 260,000 People

International development firm Chemonics disclosed a major breach affecting 263,136 people. Attackers accessed systems between May 2023 and January 2024, compromising sensitive personal and financial data. SecurityWeek

Energy contractor ENGlobal reports ransomware attack on IT Systems

Energy contractor ENGlobal Corporation reported a ransomware attack that encrypted data files and restricted IT system access since November 25. The Oklahoma-based defense and energy automation systems provider is investigating the incident while maintaining limited operations. The Record

Italian soccer club Bologna FC hit by RansomHub data leak

Bologna FC confirmed a ransomware attack by RansomHub, resulting in the leak of sensitive data including player medical records, financial documents, and confidential business information. The Italian football club warned that possessing or sharing the stolen data constitutes a criminal offense. RansomHub published the complete dataset after ransom negotiations failed. Bleeping Computer

Gambling tech giant IGT hit by cyberattack, systems taken offline

International Game Technology, a major gambling tech vendor, discovered a cyberattack on November 17 and took systems offline. Cybersecurity Dive

UK Ministry of Defence finds 600 stolen passwords on dark web

UK Ministry of Defence discovered 600 employee portal login credentials exposed on the dark web since 2020, with 124 compromised this year. While the non-classified portal uses MFA, most breached accounts came from personal devices. Russian state-sponsored actors are suspected, though evidence remains circumstantial. CSO Online

Major firms hit as hacker leaks 760,000 Employee Records from MOVEit breach

A threat actor leaked 760,000 employee records from major firms including Bank of America, Koch, and Nokia on a hacking forum. The data, containing names, emails, and job details, originated from the 2023 MOVEit breach. Security experts believe the leak came from previously stolen Cl0p ransomware data. SecurityWeek

Japanese crypto platform DMM Bitcoin closes after $308 Million Theft

Japanese crypto platform DMM Bitcoin is shutting down after a devastating $308 million hack in May. The company, which took massive loans to cover losses, will transfer all accounts to SBI VC Trade by March 2025. Investigators found serious security flaws, with evidence pointing to North Korea's Lazarus Group. The Record

Two UK hospitals hit by separate cyber attacks

Two UK hospitals faced separate cyberattacks last week. Alder Hey Children's Hospital confirmed a ransomware attack by Inc group, exposing patient records dating to 2018. Wirral University Teaching Hospital isolated systems after detecting suspicious activity, disrupting medical services. The incidents appear unrelated and investigations are ongoing. Dark Reading

OnePoint Patient Care data breach impact doubles from 800K to 1.7M. SecurityWeek

Threat Intel

Attackers breach Solana web3.js npm registry in supply chain attack

Attackers compromised Solana's web3.js npm account, publishing malicious library versions that could steal private keys from decentralized apps. The attack lasted 5 hours on December 2. While major wallets weren't affected, developers using versions 1.95.6-1.95.7 should immediately update and rotate security keys. Help Net Security

Chinese hackers target U.S. Firm in four-Month Email Server Attack

Symantec uncovered a sophisticated four-month cyberattack against a major U.S. organization with Chinese operations. The attackers, likely Chinese-backed, compromised multiple systems including Exchange servers for email harvesting. The campaign used DLL side-loading and various exfiltration tools, suggesting targeted data theft. Initial access vector remains unknown. The Hacker News

Threat actor Matrix launches massive DDoS campaign targeting IoT devices

A massive DDoS campaign by threat actor "Matrix" has targeted 35 million devices globally using Mirai botnet and public scripts. The operation monetizes through a Telegram store, using Discord bots for command execution. China and Japan are primary targets due to their high IoT device concentration. siliconANGLE

Russian hackers target UK hospitals in new wave of attacks. TechCrunch

Rise in macOS malware signals new era of Apple security threats. CSO Online

FBI warns of rising AI-powered fraud schemes, shares defense tips. Bleeping Computer

Ten-year-old Cisco ASA vulnerability sees active exploitation. Dark Reading

Interesting Reads

UnitedHealth CISO details complete System rebuild after Change Healthcare attack

UnitedHealth Group's CISO revealed the company completely rebuilt its infrastructure following February's Change Healthcare ransomware attack, keeping only the original cables. The ALPHV/BlackCat attack, which netted criminals $22 million, required months of recovery work. Cyberscoop

CISOs need more authority to match accountability. CSO Online

Companies shift data breach costs to customers as CISOs see budget opportunity. CSO Online

Hackers shift focus from Ransomware to System Destruction attacks. Axios

Data & Research

Phishing attacks using Cloudflare domains surge in 2024

• Phishing attacks using Cloudflare domains increased by over 100% from 2023 to 2024

• Cloudflare Pages incidents rose from 460 in 2023 to 1,370 by mid-October 2024

• Cloudflare Workers abuse increased 104%, from 2,447 incidents in 2023 to nearly 5,000 in 2024

SC World

Open Source lacks proper maintenance

• 70% of open-source components are poorly maintained or unmaintained

• 34% of contributions come from US, 13% from Russia, with smaller percentages from other countries

• 20% of US open-source contributions are anonymous, higher than Russia and China

• 5-8% of open-source components have unknown or dubious origin

• 51% of vulnerabilities across all CVE levels have no known fixes

• Well-maintained open-source is 1.8 times more vulnerable than unmaintained code

Help Net Security

Employee cyber habits

• 80% access work apps from unsecured personal devices

• 40% regularly download customer data

• 33% can modify sensitive data without controls

• 30% can approve large financial transactions independently

• 49% reuse login credentials across work applications

• 36% use same credentials for work and personal apps

• 65% bypass cybersecurity policies for convenience

Dark Reading

Cybersecurity Mergers, Acquisitions, and Funding

Mergers and Acquisitions

• Adlumin, XDR, acquired by N-able for $266M in cash and shares deal. siliconANGLE

VC Funding

• Upwind, cloud security, raises $100M in Series A funding. siliconANGLE

• Tuskira, AI-powered security mesh, raises $28.5M in Series A funding. SecurityWeek

• System Two Security, cyberattack detection, raises $7M in an unknown venture round. siliconANGLE

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.

There’s a reason 400,000 professionals read this daily.

Join The AI Report, trusted by 400,000+ professionals at Google, Microsoft, and OpenAI. Get daily insights, tools, and strategies to master practical AI skills that drive results.

Sign up now for free and work smarter, not harder.