Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — DoJ expects an upsurge in cybercrime in 2024, is AI eroding cybersecurity, and more major social accounts hijacked

News

SEC, Hyundai, and Netgear accounts were hijacked; seriously, how hard is 2FA, folks?

Seriously, use 2FA for your social accounts. Following last week's Mandiant account takeover, the SEC, Hyundai, and Netgear social accounts were hijacked. The SEC incident has raised the ire of some House Financial Service Committee members, citing that the SEC failed to have 2FA setup, saying they "expect the SEC to hold itself to the same requirements that are imposed on companies throughout the country." The Record Bleeping Computer

US, UK, and Australia infrastructure targeted, 30% of legacy Cisco routers compromised?

The Chinese state-sponsored APT, Volt Typhoon, is ramping up malicious activities against critical infrastructure by systematically targeting legacy Cisco devices. SecurityScorecard's research indicates that Volt Typhoon has compromised a significant portion of end-of-life Cisco routers, using them in a sophisticated botnet which affects critical sectors like water, power, transportation, and communications in the US, UK, and Australia. This campaign leverages vulnerabilities from 2019, exploiting end-of-life devices for their stealth and accessibility. The severe implications highlight the group's technical sophistication and potential for causing widespread disruptions in critical infrastructure. SecurityScoreCard DarkReading

Healthcare firm forced to invest $1.2M in cybersecurity by New York Attorney General

In May 2021, Refuah Health Center was hit by a ransomware attack. New York's investigation revealed Refuah's failure to implement basic cybersecurity practices, such as deactivating inactive accounts and encrypting patient data. The breach occurred through an outdated IT vendor account. Refuah must substantially upgrade its cybersecurity infrastructure, conduct regular security assessments, and extend credit monitoring services to all affected individuals as part of the settlement. Alongside the $1.2M, they must have independent annual audits for the next five years. The Record

DoJ expects an upsurge in cybercrime in 2024

At the 10th International Conference on Cybersecurity, the Department of Justice (DOJ) stated they anticipate an upsurge in cybercrime disruption efforts this year. They highlighted the growing focus on prosecuting cryptocurrency hacks and ransomware gangs and targeting the infrastructure supporting cyber criminals. A worrying trend is the accelerated pace at which hackers exploit vulnerabilities and the decreasing barrier to entry into cybercrime, making it accessible to less skilled individuals. The DOJ emphasizes the significance of disrupting cybercriminal activities even without criminal charges (such as the Snake malware takedown last year). The Record

FBI adds cyber-focused agents to embassies worldwide. Dark Reading

A member of the threat group ShinyHunters was sentenced to three years in prison and $5M in restitution. Bleeping Computer

Thank you for reading Infosec Monitor. This post is public so feel free to share it.

AI & Security

Voice Clone Detection as a Service

ID R&D has launched an API that, they claim, can detect whether a voice is AI with just 3 seconds of recording. This follows last week's announcement by the FTC of their Voice Cloning Challenge to create technologies to detect this form of attack. Help Net Security

Banks' reliance on "Know Your Customer" being undermined by off-the-shelf AI

KYC (Know Your Customer) processes, crucial for verifying customer identities in financial institutions, are threatened by the advent of generative AI (GenAI). GenAI enables attackers to create deepfaked ID images, challenging the authenticity of ID image authentication. Tutorials online demonstrate how tools like Stable Diffusion can be used to generate synthetic images, including those holding ID documents. TechCrunch

A ransomware armageddon is coming, fueled by AI phishing; what must change?

A thoughtful piece highlighting worries many in cybersecurity share. With highly targeted and persuasive AI-created phishing attacks, what anti-phishing tactics must change? Obviously, we can not depend on people any longer. The authors argue for moving away from old 2FA systems and entirely to passwordless ones. The Hacker News

Worries arise for over-sharing as third-party ecosystem begins in OpenAI's GPT Store. Dark Reading

Cyber Security Incidents

Notable cybersecurity incidents for the week. I went with a new, less verbose format. Do you prefer it? Hate it? Hit reply and let me know.

Zero-day in Invanti VPN leads to 10 customers being impacted. The patch will be available at the end of the month. TechCrunch

Ransomware attack in Paraguay "significantly impacts" internet access in the country. The Record

Framework, a laptop designer and manufacturer, breached via phishing and disclosed customers with outstanding balances. Bleeping Computer

LoanDepot was hit by a cyberattack, unknown data compromise, and systems shut down, but it says systems were encrypted to SEC. SC Magazine

Beruit airport disrupted with anti-Hezbollah hack. The Record

AboutCybersecurity is at a crossroads, changing more rapidly than we believed was possible just a few years ago. Stay informed on what's going on, what's happened, and what's coming next.I'm Bryan Smith, the author of the Infosec Monitor. I've spent over a decade pioneering changes in how cybersecurity is managed. From helping create the first cyber risk quantification (CRQ) software to advising how to approach cybersecurity pragmatically and proactively.

Data & Research

World Economic Forums Global Cybersecurity Outlook 2024

Cybersecurity Mergers, Acquisitions, and Funding

SentinelOne acquires PingSafe for over $100M. TechCrunch