No. 37, Aug 2, 2024

Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — More Crowdstrike fallout, a ransomware attack killed a cow and calf, and the Olympics hit by a ransomware attack.

Get The Infosec Monitor every Friday in your inbox

Subscribe 👉 https://infosecmonitor.beehiiv.com

Highlight of the Week

Crowdstrike (of course), Delta suing Crowdstrike, Crowdstrike says Delta should have done better

Delta Air Lines is suing CrowdStrike after a global IT outage caused by a configuration update led to $500 million in losses and over 5,000 canceled flights. Delta claims CrowdStrike didn't offer financial assistance, while CrowdStrike denies negligence, asserting it promptly offered support. The case could set a legal precedent for similar disputes. Axios

Meanwhile, CrowdStrike's root cause analysis reveals that a software update error in its Falcon Sensor led to widespread Windows system crashes. The issue was due to a parameter mismatch in a new template used for detecting novel attacks. The Hacker News

Finally, Crowdstrike incident brings growing pressure for software liability. Legal experts suggest this incident could fuel efforts to impose software liability regulations, despite current protections limiting CrowdStrike's responsibility. The outcome may drive significant legal reforms in software accountability. DarkReading

News

UN passes first global cybercrime treaty

The UN unanimously passed its first global cybercrime treaty, proposed by Russia, creating a legal framework for data access and cybercrime. Despite support from member states, human rights groups and tech companies criticize the treaty for weak human rights safeguards and potential misuse of digital evidence powers. The Record

SEC ends probe into MOVEit flaw; no action against Progress Software

The SEC has ended its investigation into Progress Software’s response to the MOVEit Transfer zero-day flaw, which exposed data from over 95 million people. No enforcement action will be taken. Despite this, Progress Software faces numerous class-action lawsuits due to the breaches. Bleeping Computer

Iranian hackers target US presidential campaign, Microsoft warns

Iranian hackers targeted a U.S. presidential campaign official in June via a spear-phishing attack, following patterns seen in 2020. The attack, linked to the Mint Sandstorm group, reflects a broader trend of aggressive foreign interference as the 2024 election nears. Axios

INTERPOL recovers $41M in Singapore's largest BEC scam

INTERPOL recovered $41 million in the largest-ever BEC scam in Singapore. A local firm was tricked into transferring $42.3 million to a fake account. INTERPOL's I-GRIP mechanism facilitated the recovery of $39 million, with another $2 million recovered following the arrest of seven suspects. The Hacker News

MFA crucial for GDPR compliance warns UK ICO

The UK Information Commissioner’s Office plans to fine Advanced Computer Software Group £6.09 million following a 2022 ransomware attack on the NHS. The attack exposed details of 82,946 patients. The ICO highlighted the lack of multi-factor authentication (MFA) as a key failure, stressing the importance of MFA for GDPR compliance. SecurityWeek

AI & Security

Generative AI risks amplifying software vulnerabilities

Generative AI tools are producing insecure software, exacerbating existing vulnerabilities. Despite AI-assisted code's speed boost, studies show it introduces more errors than human-written code, yet developers mistakenly trust it more. Experts stress the need for dedicated AI tools to fix code, cautioning developers to scrutinize AI-generated code closely. SC Magazine

AI in the Enterprise: Cutting Through the Hype and Assessing Real Risk. SecurityWeek

Cybersecurity Incidents

ADT confirms data breach, says security systems not compromised

ADT, a leading home security company, confirmed a data breach affecting a "small percentage" of its six million customers. The breach exposed customer addresses, emails, and phone numbers, but ADT claims home security systems were not compromised. The breach was revealed after a cybercriminal claimed to have 30,000 customer records for sale. TechCrunch

Russian spies hacked U.K. government systems through Microsoft vulnerability

Russian spies hacked the U.K. Home Office systems through compromised Microsoft services, stealing emails and data. The breach, linked to Russia’s SVR, is part of ongoing cyber activities related to the Ukraine war. The Record

Chinese hackers poison software updates via ISP breach

A Chinese cyber-espionage group, Evasive Panda, compromised an ISP's DNS to poison software updates, installing malware instead of legitimate updates. The attackers redirected update requests to a malicious server, affecting users without their interaction. The malware targeted macOS and Windows, attempting to steal browser cookies and secrets. Cybernews

Ransomware attack on Swiss farm leads to deaths of cow and calf

A ransomware attack on a Swiss farm's computer system disrupted milking robots and blocked access to crucial cattle data. This prevented timely monitoring of a pregnant cow, leading to the death of both the calf and its mother. The farmer refused to pay the $10,000 ransom, resulting in over $7,000 in losses. Cybernews

McLaren hospitals hit by ransomware, affecting IT systems across 13 hospitals

McLaren Health Care's IT systems were disrupted by an INC Ransom ransomware attack, affecting 13 hospitals. Patients are advised to bring detailed information to appointments, and some procedures may be rescheduled. McLaren was last hit in November with a data breach of 2.2M patient records. Bleeping Computer

Kursk region hit by massive DDoS attack amid Ukraine's advance

Russia's Kursk region faced a massive DDoS attack, disrupting critical online services amid Ukraine's cross-border offensive. The attack, generating over 100,000 junk requests per second, was linked to IP addresses in Germany and the U.K. Despite the disruption, Russia reported no significant damage or data breaches. Ukraine hasn't claimed responsibility. The Record

Cybercriminals target Canadian hospitality with Chameleon malware

Cybercriminals targeted a Canadian restaurant chain and hospitality workers in Canada and Europe with Chameleon malware, disguised as a CRM app. The malware, capable of stealing business banking credentials, bypasses Android security and uses keylogging. Chameleon has previously targeted institutions in Australia, Italy, Poland, and the UK. The Record

Cyberattack hits Grand Palais during Olympic events

The Grand Palais Rmn in France, currently hosting Olympic events, suffered a ransomware attack on August 3, 2024. Although operations at the museum continue normally, systems were shut down to prevent further spread. French authorities were notified, and investigations revealed no data exfiltration. The attackers left a ransom note, but the culprits remain unidentified. Bleeping Computer

Cyberattack disrupts Mobile Guardian, wiping 13K student devices globally

A cyberattack on Mobile Guardian, an educational device management provider, led to global outages and wiped thousands of student devices, particularly affecting 13,000 students in Singapore. Mobile Guardian confirmed the breach but has not provided detailed responses to inquiries. TechCrunch

Over 40K internet-exposed ICS devices found in US (Black Hat). Security Week

Threat Intel

North Korean hackers target university staff with phishing attacks

North Korean cyber group Kimsuky is targeting university staff through spear-phishing campaigns. The group uses compromised hosts to deploy web shells like Green Dinosaur, which facilitate phishing attacks to steal credentials. Targets include universities and researchers, with phishing-resistant MFA recommended to mitigate risks. The Hacker News

Browsers on macOS and Linux vulnerable to 0.0.0.0 flaw for 18 years

A critical flaw in macOS and Linux browsers, unaddressed for 18 years, allows malicious websites to exploit the 0.0.0.0 IP address, bypassing security measures to access local network services and potentially execute remote code. Safari, Firefox, and Chrome are working on fixes, with Chrome implementing changes by version 133. Cybernews

New flaws in Sonos smart speakers enable remote eavesdropping (Black Hat)

Researchers found critical vulnerabilities in Sonos smart speakers that allow remote attackers to eavesdrop on users. The Hacker News

Interesting Reads

Crowdstrike outage was a warning for critical infrastructure, says CISA director (Black Hat)

CISA Director Jen Easterly described last month's CrowdStrike outage, caused by a software error, as a "dress rehearsal" for potential critical infrastructure disruptions, particularly from China-linked threats. Cybersecurity Dive

Ascension attack reveals gaps in cyber insurance risk management

“A disparity in how some big insurance cases are handled can muddy the takeaways for CISOs gauging their own insurance needs.” CSO Online

NIS2: Innovation Catalyst or Regulatory Burden?

The NIS2 Directive, expanding cybersecurity regulations across Europe, could spark innovation by increasing demand for advanced cybersecurity solutions. However, critics argue it may stifle creativity, forcing compliance over tailored approaches. Despite concerns, NIS2’s broad scope and uniform standards may drive significant advancements in cybersecurity technologies and practices. Help Net Security

Phishers have figured out that everyone is afraid of HR. CSO Online

Security bugs in ransomware leak sites helped save six companies form paying hefty ransoms. Tech Crunch

Insured loss impact could reach $1B following Crowdstrike outage. Cybersecurity Dive

Inherent disadvantage: Why hackers have the upper hand in the cloud. SC Magazine

Data & Research

Email attacks up by 293% in first half of 2024.

• Ransomware detections increased by 32% from Q4 2023 to Q1 2024.

• 10 new ransomware groups identified in Q1 of 2024, with 84 cyberattacks globally.

• Malware attacks decreased from 11% in H1 2023 to 4% in H1 2024.

Help Net Security

Cyberattack cost more than $17 million, Key Tronic tells regulators.

$2.3M of that was expenses related to the attack and $15M was lost revenue. The Record

Ransomware attack cost LoanDepot $26.9M

$25M of this was connected to class action litigation. SecurityWeek

Cybersecurity Mergers, Acquisitions, and Funding

Mergers & Acquisitions

EQT acquires majority stake in Acronis, cybersecurity and backups, pays an undisclosed sum valuing Acronis at $3.5B. siliconANGLE

Crowstrike is interested in Action1, cloud-based patch management and vulnerability remediation, for $1B. CSO Online

VC Funding

Abnormal Security, AI-native human behavior security, raises $250M in Series D funding. siliconANGLE

Get The Infosec Monitor every Friday in your inbox

Subscribe 👉 https://infosecmonitor.beehiiv.com