Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor —Chinese AI espionage, breach extortions, GTA V stolen source code, and more government compliance guidance.

News

Advanced Spyware Campaign Bypasses Apple's iOS Security Protections

A highly sophisticated spyware campaign, called Operation Triangulation, targeting Apple iOS devices, was discovered by Russian cybersecurity firm Kaspersky. Active since 2019, this campaign used four zero-day vulnerabilities to execute a zero-click attack through iMessage and deploy spyware for data gathering. Notably, one of the vulnerabilities (CVE-2023-38606) enabled a bypass of Apple's hardware-based security protections. The discovery coincides with Apple's warnings about state-sponsored spyware attacks on Indian journalists and politicians, leading to tensions between Apple and the Indian government. The Hacker News Ars Technica DarkReading

NSA releases guidance for managing OSS and Software Bill of Materials

The NSA has released comprehensive guidance for managing security risks in the open-source software ecosystem. This includes creating secure internal OSS repositories, embracing Software-Bills-of-Material (SBOMs) for better transparency and vulnerability management, and adopting strong crisis management plans. The guidance builds upon existing frameworks and emphasizes the critical role of SBOMs in enhancing software supply chain security. It provides detailed recommendations for various stakeholders, including developers, suppliers, and crisis management teams, and underlines the importance of tools like software composition analysis and vulnerability databases. CSO OnlineDefense.gov

NASA releases Space Security Best Practices Guide

NASA's first Space Security Best Practices Guide aims to strengthen cybersecurity across future space missions. Responding to increasing hacker threats to satellite networks and space initiatives, the guide aligns with NIST standards to improve mission security. It addresses critical issues like system access, communication interference, and data integrity. Developed under Space Policy Directive 5, the guide seeks to protect the expanding space economy and provide a framework for organizations in the space sector. NASA plans to update the guide with community feedback, reflecting the evolving nature of space cybersecurity challenges. SC Magazine NASA

The cost of compliance, DoD releases CMMC compliance projections

The Department of Defense has released new projections for the costs associated with implementing its Cybersecurity Maturity Model Certification (CMMC v2) program, impacting over 200,000 defense contractors and subcontractors. The proposed rule, published in the Federal Register, outlines phased implementation details and varying costs based on required security levels. The DoD estimates assessments to cost anywhere from $4k for small entities doing a level 1 assessment to tens of thousands for a level 2 assessment. Level 3 assessments will cost organizations millions. The DoD seeks public feedback on this initiative, balancing the need for robust cybersecurity with the practicalities of implementation for all stakeholders involved. Defense Scoop

More healthcare patient extortion

Integris Health, Oklahoma's largest health network, confirmed a cyberattack in November that resulted in the theft of patient data. Patients are now receiving extortion emails threatening to sell their personal data, including Social Security Numbers and medical information, unless a ransom is paid. This data breach potentially affects over 2 million patients. Integris Health has warned patients not to respond to these emails or click on any links provided. Bleeping Computer

What are the plans of top CISO’s in 2024? DarkReading interviewed 8 CISO’s to find out.

AI & Security

China is stealing AI Secrets for espionage

Great article on the WSJ on the importance of maintaining security on trade secrets. The U.S. is increasingly concerned about China's alleged activities in stealing AI secrets to bolster its spying capabilities. High-profile incidents, like the arrest of a former Apple employee for trade secret theft and significant data breaches linked to China, underscore these worries. U.S. officials believe China could use AI to analyze vast amounts of stolen data, posing a significant national security threat. Despite these challenges, there's a push to use AI defensively to mitigate such espionage risks. This tension highlights the growing role of AI in international cybersecurity and espionage strategies. The Wall Street Journal

It’s time for you to get a generative AI security policy

There’s a compelling read on the need for Gen-AI security policies in CSO Online. “As business use cases skyrocket, the message for CISOs is clear: if you don't have a strong AI security policy specifically pertaining to generative AI you need to make one right away.” The article cites research by Splunk that 79% of public companies and 83% of private have already adopted some AI tooling and that LLM adoption is also growing rapidly. CSO Online

Cyber Security Incidents

Chinese hacker exploits new zero-day vuln in Barracuda’s email security gateway

The attack, attributed to UNC4841, involved sending malicious Excel attachments to trigger arbitrary code execution. Barracuda has issued a security update and patched compromised appliances, with Mandiant and Google Cloud observing widespread impact across multiple countries. The persistence and adaptability of UNC4841 indicate the potential for more diversified future attacks. The Hacker News

Source code for Rockstar Games’ Grand Theft Auto 5 leaked

The source code for Grand Theft Auto 5, leaked on Christmas Eve, appears to be a fallout from the 2022 hack of Rockstar Games by the Lapsus$ group. The leak was shared on various channels including Discord, a dark web site, and a Telegram channel, which had previously been used to leak Rockstar data. The Lapsus$ group, notorious for their social engineering and SIM swapping skills, had previously claimed to have stolen GTA 5 and 6 source codes and assets. The authenticity of the leaked GTA 5 code hasn’t yet been independently verified. Bleeping Computer

EasyPark breached again, unknown number of users

EasyPark, a Swedish parking app developer, has announced a data breach affecting an unknown number of its users. The breach, discovered on December 10, 2023, primarily impacts European users and compromises personal information including names, phone numbers, addresses, email addresses, and partial credit card or IBAN numbers. This incident follows a 2021 breach of ParkMobile, an EasyPark subsidiary, which exposed data for 21 million customers. Bleeping Computer

Cyber Attacks Target Albanian Government and Major Telecom, Iranian Hacker Group Claims Responsibility

The National Authority for Electronic Certification and Cyber Security (AKCESK) in Albania disclosed recent cyber attacks on the country's Assembly and the telecom company One Albania. One Albania's services remained operational. The Iranian hacker group "Homeland Justice" claimed responsibility, continuing a pattern of attacks that previously led to U.S. sanctions against Iranian intelligence entities for similar cyber activities. The Hacker News

Eagers Automative, in Australia, halts trading due to cyber attack

Eagers Automotive, a leading car dealership network in Australia and New Zealand, has suspended trading on the stock exchange following a cyberattack that disrupted its IT systems. The company, which reported significant revenues and employs thousands, is investigating the incident with external experts. There are concerns about the potential exposure of sensitive customer data, though no specific data breach has been confirmed. Bleeping Computer Reuters

Ohio Lottery takes key systems offline due to cyberattack

The Ohio Lottery suffered a cyberattack, prompting the disconnection of several vital systems. This incident impacted the payment of some prizes and the availability of winning numbers for games like KENO and EZPLAY Progressive jackpots. The organization is investigating the attack, which is still in its early stages. The DragonForce hacking group claimed responsibility for this attack, part of a series of cyberattacks targeting Ohio-based organizations. Jonathan Greig, a journalist with experience in cybersecurity, reported this news. The Record

1.3 million people impacted at Loan Care in further fallout of Fidelity breach

LoanCare, a prominent mortgage servicing firm, has alerted 1.3 million borrowers of a data breach stemming from a cyberattack on its parent company, Fidelity National Financial. The breach compromised sensitive customer information, including names, addresses, Social Security Numbers, and loan numbers. Bleeping Computer

AboutCybersecurity is at a crossroads, changing more rapidly than we believed was possible just a few years ago. Stay informed on what's going on, what's happened, and what's coming next.I'm Bryan Smith, the author of the Infosec Monitor. I've spent over a decade pioneering changes in how cybersecurity is managed. From helping create the first cyber risk quantification (CRQ) software to advising how to approach cybersecurity pragmatically and proactively.

Data & Research

Healthcare breaches up 60% y/y as of October

Hackers stole $2 billion in crypto in 2023

Cybersecurity Mergers, Acquisitions, and Funding

Mend.io acquired by Atom Secuirty for undisclosed sum CTech

Thank you for reading Infosec Monitor. This post is public so feel free to share it.