• The Infosec Monitor
  • Posts
  • FBI disrupts massive botnet, Iranian hackers attempted to influence Biden campaign, and GitHub users face new phishing threat.

FBI disrupts massive botnet, Iranian hackers attempted to influence Biden campaign, and GitHub users face new phishing threat.

Infosec Monitor: No. 44

Author

Bryan Smith
September 20, 2024

September 20, 2024

Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — FBI disrupts massive botnet, Iranian hackers attempted to influence Biden campaign, and GitHub users face new phishing threat.

Highlight of the Week

FBI disrupts Flax Typhoon botnet affecting over 260,000 devices

The FBI successfully disrupted the Flax Typhoon botnet, gaining control over 260,000 compromised devices primarily in the U.S. The threat actor abandoned the botnet upon realizing FBI involvement. Help Net Security

Ready to scale your teams?

Fragmented apps, too many chats, and not enough answers to your work questions? See how AskJack is solving that with AI. Learn More

News

Iranian hackers attempt to influence Biden campaign with stolen Trump information

Iranian hackers attempted to influence Biden's campaign by sending emails with stolen Trump campaign material. The FBI reported this as part of Iran's election interference strategy. None of the recipients engaged, viewing the emails as spam. The Trump campaign confirmed the hack and ongoing Iranian threats. SC Magazine

AT&T to pay $13 million in FCC settlement over data breach

AT&T will pay $13 million to the FCC for failing to adequately protect customer data in a January 2023 breach. The consent decree mandates stronger data governance, vendor oversight, and compliance audits. The FCC emphasizes telecoms' duty to safeguard consumer information amid rising cybersecurity threats. The Record

Authorities Arrest 17 in International Phishing Crackdown

European and Latin American authorities arrested 17 in a phishing crackdown exposing 483,000 victims, mainly Spanish speakers. The operation targeted iServer, a platform aiding phone unlocks for criminals. Coordinated by Europol and local agencies, it showcased successful international law enforcement collaboration. Cyberscoop

Hackers demand $6M From Seattle-Tacoma International airport operator. SecurityWeek

FBI and CISA debunk false claims of hacked US voter data. SecurityWeek

AI & Security

The AI Threat: Deepfake or Deep Fake? Unraveling the True Security Risks

“The big unknown in the security landscape is the adversarial use of AI. It has the potential to upend the current status quo, giving the attackers a new advantage. What we still don’t know is if, when or how this will happen. The real question is whether the AI threat is a deep fake, or whether the deepfake is the AI threat.” SecurityWeek

IT leaders express concerns over AI-induced cyber vulnerabilities

A Flexential survey reveals IT leaders worry that AI investments increase cyber vulnerabilities due to application complexity and skills gaps among security teams. While AI-driven threats remain minimal, most breaches stem from human error. Organizations are encouraged to integrate security into AI adoption strategies moving forward. Cybersecurity Dive

Organizations overlook security risks as AI adoption accelerates

Orca Security’s analysis reveals that a majority of organizations rapidly adopting AI tools are overlooking critical security measures, resulting in exposed data and system vulnerabilities. Common issues include exposed API keys, misconfigured systems, and lack of encryption. CSO Online

Security leaders concerned about AI-generated code risks

A survey reveals 92% of security leaders worry about AI-generated code, with 63% considering bans due to security risks. Despite recognizing its competitive necessity, 66% can’t keep pace with AI-driven devs. Help Net Security

Compliance frameworks and GenAI security challenges emerge. Help Net Security

Cybersecurity Incidents

GoPass data leak exposes nearly 1 million Colombians to identity theft risks

A data leak at Colombian paytech GoPass exposed sensitive information of nearly 1 million users due to an unsecured Google Cloud bucket. The breach includes license plate numbers and personal IDs, increasing risks of identity theft and vehicle cloning. GoPass has closed the leak but has not commented. Cybernews

Providence Public Schools continue to face internet outages amid irregular activity

Providence Public School District is facing ongoing internet outages linked to "irregular activity" since September 11, affecting over 20,000 students. The Medusa ransomware gang claimed responsibility; investigations are underway. Schools remain open with alternative measures, but no timeline for resolution has been provided. The Record

Dr.Web reports cyberattack, ensures no customer impact

Dr.Web reported a cyberattack on September 14, 2024, prompting disconnection of all servers and halting virus database updates. The company claimed no customers were impacted. Updates resumed shortly after, as Dr.Web implemented measures to isolate the threat. Bleeping Computer

Thousands of ServiceNow KBs leak sensitive data despite security updates

Thousands of ServiceNow KBs leaked sensitive data despite security updates, with 45% of instances exposing PII and credentials. Misconfigurations and outdated controls were largely to blame. Dark Reading

3.3M vehicle records exposed in unsecured database

An unsecured Elasticsearch cluster exposed over 3.3 million Lebanese vehicle records, including personal and technical data. Although suspected to belong to a government agency, ownership is unclear. Cybernews

RansomHub leaks 487GB of Kawasaki Motors Europe data after ransom refusal

RansomHub leaked 487GB of Kawasaki Motors Europe data as the company opted not to pay a ransom following a cyberattack in September. KME isolated its servers and restored functionality. SC Magazine

Access Sports data breach affects over 88K individuals

Access Sports Medicine & Orthopaedics reports a ransomware attack affecting over 88,000 individuals. Compromised data includes personal and health information. The group Inc Ransom has claimed responsibility, leaking sensitive documents online. SecurityWeek

Threat Intel

New phishing scheme targets GitHub users with PowerShell malware

A new phishing scheme targeting GitHub users involves emails that lure victims with security vulnerability threats. Users are tricked into executing key commands that download Lumma Stealer malware via PowerShell, risking credential theft, especially among less tech-savvy individuals. Krebs on Security

TeamTNT resumes cryptojacking campaign targeting CentOS VPS

TeamTNT has re-emerged, targeting CentOS VPS with a cryptojacking campaign. Using SSH brute force, it deploys a malicious script to disable security features and install a rootkit, allowing persistent access. The group, known for past activities, shows continued evolution despite earlier announcements to cease operations. The Hacker News

Hackers exploit Foundation accounting software vulnerabilities in construction firms

Construction firms are being targeted by hackers through internet-exposed Foundation accounting software. With active intrusions reported in plumbing, HVAC, concrete, and related industries. The attack is occurring through open MSSQL ports and default passwords. Help Net Security

Marko Polo cybercrime group expands global financial fraud operations

The Marko Polo cybercrime group expands its reach, managing over 30 fraud campaigns and using sophisticated malware to compromise thousands of devices. They impersonate brands and target crypto influencers through social media. Millions have been stolen, utilizing social engineering techniques on cybersecurity-aware users. Dark Reading

Microsoft reports Vanilla Tempest hackers targeting U.S. healthcare with INC ransomware. Bleeping Computer

Ivanti warns of another critical CSA flaw exploited in attacks. Bleeping Computer

Temu denies data breach claims from unknown threat actor. Cybernews

Interesting Reads

Port of Seattle official flags a cyber dilemma, ‘one-way street’ with federal agencies

“Currently it’s a one-way street,” Lyttle said. “We’re sending the information [to TSA and CISA] but we’re not getting back in a timely enough manner recommendations of how to improve our infrastructure. That would make a major difference.” Cybersecurity Dive

Boards must enhance cybersecurity governance beyond technical aspects

Julie Ragland stresses boards must enhance their cybersecurity governance beyond technical aspects, focusing on human behavior and risk management. CIOs are responsible for educating boards on prioritizing investments and incident responses. Boards should seek technology-savvy members to balance strategy with security. CIO

5 new cybersecurity regulations businesses should know about. MIT Sloan School

Data & Research

Deep Fakes

  • 15% of executives experienced deepfake-related scams in the past year

  • With another 11% facing multiple incidents

API Security

  • API and bot attacks cost businesses up to $186 billion annually.

  • Companies with revenues over $1 billion experienced 2-3 times more automated API abuse.

  • API incidents rose by 40% in 2022; bot-related incidents surged by 88%.

  • Automated API abuse accounts for $17.9 billion in losses; insecure APIs lead to $87 billion.

Survey reveals 66% of businesses lack 24/7 cybersecurity coverage

A Trend Micro survey reveals that 66% of organizations lack 24/7 cybersecurity coverage, mainly due to staffing shortages. Many leaders see cybersecurity as outside their purview, complicating risk management. SC Magazine

Valid account access leads critical infrastructure attack methods in FY 2023

  • Valid account access was the leading attack method for critical infrastructure in FY 2023.

  • 40% of successful intrusions were facilitated through valid accounts.

  • Spear phishing was the second most common method, used in over 25% of attacks.

  • Compromised credentials were involved in nearly 40% of ransomware attacks.

Cybersecurity Mergers, Acquisitions, and Funding

VC Funding

Picus Security, security validation, raises $45M in Series C funding. TechCrunch

Intezer, autonomous SOC platform, raises $33M in Series C funding. TechCrunch

Aembit, nonhuman identity security, raises $25M in Series A funding. siliconANGLE

EasyDMARC, DMARC email security, raises $20M in Series A funding. siliconANGLE

BlackCloak, digital executive security, raises $17M in Series B funding. SecurityWeek

RunSafe Security, embedded systems security, raises $12M in Series B funding. siliconeANGLE

C/side, browser security, raises $6M in Seed funding. SecurityWeek

Element Security, continuous threat exposure management, raises $5M in Angle funding. SecurityWeek

Hydden, identity security platform, raises $4.4M in Seed funding. SecurityWeek

Opnova, autonomous security workflows, raises $3.75M in pre-seed funding. SecurityWeek

Want SOC 2 compliance without the Security Theater?

  • Oneleet is the all-in-one platform for SOC 2 Compliance & Attestation.

  • Get the automation software, penetration test, 3rd party audit, and vCISO services in one place!

  • Focus on what matters to build real-world security & pass security reviews!