No. 42, September 6, 2024

Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — DOJ exposes ‘Doppelganger’ election disinformation campaign, FBI warns of imminent North Korean crypto theft wave, and Halliburton confirms data theft in cyber attack.

Highlight of the Week

DOJ exposes Russian 'Doppelganger' disinformation targeting 2024 election

The DOJ uncovered the Russian "Doppelganger" disinformation campaign targeting the 2024 U.S. election. Seizing 32 domains used for fake news and social media manipulation, the campaign leveraged AI tools and influencers to spread propaganda. Efforts now include AI solutions like GPTZero to counteract disinformation. SC Magazine

Get The Infosec Monitor every Friday in your inbox

Subscribe 👉 https://infosecmonitor.beehiiv.com

News

Columbus sues researcher over ransomware breach claims

Columbus, Ohio, faced a ransomware attack in July, acknowledging stolen data in August. The city sued researcher David Ross, who claimed the breach was more severe and involved sensitive data. The city alleged Ross colluded with attackers, seeking a restraining order, which was temporarily granted by a judge. Dark Reading

Congress to hold first hearing on CrowdStrike outage and supply chain security

Congress will hold its first hearing on CrowdStrike’s global outage on Sept. 24. The House Homeland Security subcommittee will examine the implications of the incident, which impacted 8.5 million Windows devices due to a faulty security update. The hearing will also consider broader supply chain security concerns. Axios

White House launches program to address cybersecurity job vacancies

The White House launched "Service for America" to fill 500,000 cybersecurity job openings. Aimed at non-traditional candidates, the initiative is part of a broader national effort to address cybersecurity skills gaps and industry burnout. Cybersecurity Dive

CISA launches secure portal to speed up breach disclosures

CISA launched a secure cyber incident reporting portal to enhance the speed and thoroughness of breach disclosures. This tool promotes quicker, more robust sharing of information about malicious attacks and critical vulnerabilities, aiming to improve cybersecurity responses. Cybersecurity Dive

CISA, TSA respond to airport security bypass vulnerability Security Week

White House unveils roadmap to tackle BGP routing security Network World

AI & Security

Employee AI usage surges, raising security and privacy risks

GenAI usage in the workplace is booming, with employees averaging 8.25 apps monthly. However, 30.8% of these apps train on sensitive customer data, heightening privacy risks. Key uses include content creation and software engineering. Organizations should adopt regular audits, clear policies, employee training, and content training opt-outs to safeguard data. SecurityWeek

Cybersecurity Incidents

Halliburton cyber incident, data was stolen

Halliburton confirmed data was stolen in a cyberattack causing operational disruptions. Despite no major financial impact, the company incurred response costs. Its stock fell 3.8%. Halliburton, a key fracking operator with 49,000 employees, is among several oil and gas firms targeted by hackers. G7 leaders are pushing for better sector cybersecurity. The Record

Microchip Technology systems hacked; employee data stolen by Play ransomware gang

Microchip Technology, a major semiconductor manufacturer, was hacked by the Play ransomware gang, leading to the theft of employee contact information and hashed passwords. Operations, disrupted on August 18, are mostly restored. The company found no evidence of compromised customer or supplier data and is investigating the incident. The Record

Planned Parenthood of Montana confirms cyberattack, RansomHub claims responsibility

Planned Parenthood confirmed a late-August cyberattack, prompting it to disable parts of its IT systems. The RansomHub group claims responsibility, threatening to leak 93GB of data. The FBI is involved. The breach poses significant patient privacy risks. Bleeping Computer

CBIZ discloses breach affecting 36,000 clients

CBIZ disclosed a data breach affecting nearly 36,000 individuals, resulting from a vulnerability exploited between June 2 and June 21, 2024. Data compromised includes Social Security numbers and health information. Bleeping Computer

German air traffic control reports cyberattack, operations unaffected

German air traffic control agency Deutsche Flugsicherung confirms a cyberattack on its administrative IT systems but assures that flight operations are unaffected. Suspected to be the work of APT28, linked to Russia's GRU, the BSI is handling the incident. The Record

UK staffing agency GigtoGig exposes 217K sensitive files, risks severe fraud and phishing

UK staffing agency GigtoGig exposed over 217,000 sensitive files, including passports and visas, creating severe identity theft and fraud risks. Despite securing the data, the delay in communication exposes gig workers to targeted phishing and doxxing threats. Cybernews

Toronto school board confirms student data breach by LockBit

The Toronto District School Board confirmed a ransomware attack involving student data from the 2023/2024 school year. The LockBit gang claimed responsibility, asking for ransom. TDSB assured minimal risk and no public data exposure, having improved security and reported it to authorities. The Record

Cyberattack disrupts Tewkesbury Borough Council near GCHQ

Tewkesbury Borough Council in Gloucestershire, near GCHQ's headquarters, has been hit by a cyberattack, disrupting services. The council has shut down systems and advises minimal contact. The attack's nature and data compromise are unknown. The Record

TfL announces cyber security incident affecting backroom systems

Transport for London (TfL) is facing a cyber security incident primarily affecting corporate headquarters but not disrupting transport services or compromising customer data. Help Net Security

Hackers compromise Cisco store, steal customer credit card info

Hackers compromised Cisco's merchandise store with obfuscated JavaScript, stealing credit card and login info during checkout. Likely a CosmicSting attack (CVE-2024-34102) affecting Adobe Commerce. Cisco took the site offline and notified impacted users. No employee credentials were compromised. Bleeping Computer

Database leak exposes 762,000 China-based car owners' sensitive information

A database leak exposing 762,000 China-based vehicle owners' personal and car details was discovered by Cybernews. The sensitive data, online for at least 48 hours, poses significant identity theft and security risks, highlighting the need for stringent data protection. Ownership of the leaked data remains unknown. Cybernews

Threat Intel

FBI warns of imminent North Korean crypto theft wave

The FBI warns that North Korean cyber actors, including groups like Lazarus and Kimsuky, are preparing a wave of targeted attacks aimed at stealing cryptocurrency. They will use deceptive social engineering tactics to gain trust and deploy malware. Dark Reading

Global tax authority phishing campaign deploys Voldemort backdoor for espionage

A cyberespionage campaign, impersonating global tax authorities, uses phishing to deploy the Voldemort backdoor. Over 20,000 messages targeted 70+ organizations across 18 sectors, mainly insurance. The attack uses rare techniques like DLL hijacking via Cisco tools for intelligence gathering, not financial theft. CSO Online

Hackers targeting macs with AMOS, iOS next Cybernews

Infineon security chip flaw enables YubiKey cloning, Yubico updates firmware Cybernews

GitHub Actions typo risks threaten software supply chain CSO Online

New LiteSpeed Cache flaw puts 6M WordPress sites at risk of takeover Bleeping Computer

Malvertising campaign targets Lowe's employee portal via Google ads Dark Reading

'Revivial hijack' poses new malware threat on PyPI Dark Reading

Interesting Reads

Franklin Project inspires volunteer hackers to safeguard critical infrastructure

Cybersecurity projects inspired by Benjamin Franklin's revolutionary volunteer fire department aim to bolster the defenses of critical infrastructure. The Franklin Project and UnDisruptable27, both supported by the Craig Newmark Foundation, enlist volunteer hackers to protect water systems, schools, and hospitals from cyber threats, amid growing concerns over national resilience. Cyberscoop

How RansomHub went from zero to 210 victims in six months

An interesting breakdown of how the new ransomware-as-a-service rapidly grew. Help Net Security

Colorado leads in per capita cyberattacks with $104M in losses SC Magazine

Adobe evolves its risk management strategy with homegrown framework CSO Online

How to ensure cybersecurity strategies align with the company’s risk tolerance CSO Online

Data & Research

SaaS Security

• 31% of organizations experienced a SaaS data breach this year, a 5% increase from last year.

• 49% of Microsoft 365 users underestimate their connected applications, with actual numbers averaging over 1,000 connections.

• 90% have policies for sanctioned apps, but 34% acknowledge these rules aren't strictly enforced, up 12% from the previous year.

Help Net Security

Infosec Spending

• Global infosec spending is projected to reach almost $212 billion in 2025, a 15% increase from 2024.

• Security software, including endpoint protection platforms, will see spending rise by 15% to nearly $101 billion.

• Security services spending is forecasted to jump 15.6% to over $86 billion, and network security spending to grow by 13% to almost $25 billion.

Cybersecurity Dive

Cybersecurity Mergers, Acquisitions, and Funding

Mergers & Acquisitions

Palo Alto Networks closes deal to buy IBM’s QRadar NetworkWorld

VC Funding

Acuvity, Gen-AI Governance, raises $9M in Seed funding. SecurityWeek