Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — AI face swapping attacks, 100 Romanian hospitals hit by ransomware, and DoJ recommends stiffer penalties for AI use in cybercrimes

Highlight of the Week

AI Face Swapping Attacks

"Deepfake technology has caught up to biometric authentication mechanisms." New malware is circulating in Asia, which scams users into scanning their faces. The scans are then used to create deepfakes to fool the person's banking biometrics. At least one person has been a victim so far: an elderly man in Vietnam who lost $40,000. SC Magazine DarkReading

News

Updated FCC rule requires telecom and VOIP providers to issue data breach notifications

I was surprised to find out they were not already required. The rule also states that they must disclose the breach to the FCC, FBI, and Secret Service within 7-days. The rule expands on a previous rule that required disclosure of Customer Proprietary Network Information (CPNI) data. This extends it to include PII. SC Magazine

Russian military botnet disrupted by FBI

In January, the FBI disrupted and was able to delete data stolen by the "Moobot" botnet. Both criminal and state-sponsored actors were using the botnet. The botnet was deployed across hundreds of the popular Ubiquiti Network Edge routers, often used in small and home office applications. nHelp Net Security

It's not just US critical infrastructure that China-backed Volt Typhoon is targeting

There's been a lot of focus on the US-based infrastructure-focused attacks by the Volt Typhoon in the past few weeks. New research finds that African electrical grid systems have also been targeted. Dark Reading

Thank you for reading Infosec Monitor. This post is public so feel free to share it.

AI & Security

Depart of Justice says using AI in a cybersecurity attack will lead to severe penalties

Speaking at the Munich Cyber Security Conference, Lisa Monaco, the DoJ's Deputy Attorney General, equated using AI in a cyberattack to using a gun in a violent crime. Violent crimes that use a gun face stiffer penalties than those without. And according to Lisa, US prosecutors are being directed to do the same for cyber crimes involving AI. The Record

OpenAI shuts down accounts related to known nation-state hacking groups

Not surprising that hackers are attempting to use AI products to gain an advantage. Microsoft and OpenAI are well aware and released a report stating how they're trying to prevent it. Dark Reading

Cyber Security Incidents

100 Romanian hospitals forced to go offline due to ransomware attack

25 hospitals confirmed that they already had information encrypted, and 75 went offline as a precaution. All 100 hospitals used the same information system called Hipocrate Information Systems. Most hospitals report they have recent backups to restore from, except one with backups from 12 days ago. BleepingComputer

UK utility, Southern Giant, breach impacts 235K-470K customers

The utility, which has 4.7M customers, was attacked in January and now confirms that anywhere from 5-10% of its customers were impacted. Curiously, they are not revealing what type of customer data was compromised. TechCrunch

German battery maker forced to halt production due to cyber attack

Unclear if it's a ransomware attack yet, the attack, hitting IT production systems, has forced VARTA to take its manufacturing offline. BleepingComputer

Bank of America breached through vendor

Bank of America is warning customers that it was breached via a partner vendor. The vendor, Infosys McCamish Systems, has said it was hacked and disclosed to Maine's attorney general that 57k customers were impacted. Bank of America has not confirmed if all of those were its customers. Security Magazine

Meta marketplaces hacked? 200k user records leaked

There is no word yet from Meta, but BleepingComputer was able to verify some of the leaked records. BleepingComputer

Prudential Financial breached

In an 8-K filing, the financial firm reported that they had been breached on February 5th. They confirmed that IT systems and user accounts had been impacted. The scope is currently unknown and is being investigated. BleepingComputer

Hacker steals private keys and mints nearly $290M of crypto

PlayDapp, a crypto gaming platform, had private keys stolen, leading to a massive $290M in crypto being fraudulently minted. This has led to the suspicion of major crypto exchanges like Coinbase. Crypto.News

LockBit has claimed responsibility for the Fulton County ransomware attack. BleepingComputer

Willis Lease Financial Group has 910GB of data stolen from ransomware. Dark Reading

Integris Health's November breach impacted 2.4 million people. BleepingComputer

Data & Research

According to research by Picus Security, hunter-Killer malware usage is up 333%. CSO Online

Shadow SaaS, MFA bypassing, forgotten tokens, and shadow AI are the most common ways hackers in research by Wing Security are targeting SaaS. The Hacker News

Cybersecurity Mergers, Acquisitions, and Funding

Seel Security, vulnerability remediation, raises $7.4M seed round. TechCrunch

BucCrowd, bug bounties, raises $102M in Series E from General Catalyst. Reuters

Nucleus Security, attack surface monitoring, raises $43M in Series B. Help Net Security

Clarity, deepfake protection, raises $16M seed round. CTech

Permit.io, authorization, raises $8M Series B. SecurityWeek