Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — Iranian hackers breach US entities for half a decade, NIST can’t keep up with soaring vulnerabilities, and MITRE was breached.

Highlight of the Week

The rise of vulnerabilities and NVD's response

NIST, which runs the National Vulnerability Database, updated its February announcement yesterday. The update still gives few details other than recognizing that the backlog is growing and that NIST is prioritizing resources to address this. In the meantime, they're prioritizing investigations into the most significant vulnerabilities. They again state they're looking for a long-term solution in an industry and government consortium. But say nothing to the sudden collapse seen in February. NIST.gov

News

CISA ransomware notification pilot program a success. Over 800 notifications remediated

"Organizations participating in this no-cost service typically reduce their risk and exposure by 40% within the first 12 months, and most see improvements in the first 90 days." The Ransomware Vulnerability Warning Pilot by CISA has successfully identified and rectified over 800 vulnerabilities since its inception in January 2023. The program was established under the cyber incident reporting legislation signed into law by President Biden in 2022. Most notifications went to government facilities and organizations in the healthcare sector, but the energy, financial services, and transportation sectors were also notified. The Record

Lack of adequate authentication controls behind the Change Healthcare attack

"Attackers "compromised credentials on an application that allows staff to remotely access systems" before infiltrating Change Healthcare's networks." The article doesn't make clear if the system suffered a brute force password attack or stolen credentials. CSO Online

The Pentagon introduces a new vulnerability disclosure program

The DoD's Cyber Crime Center (DC3) is partnering with the Defense Counterintelligence and Security Agency to establish a Defense Industrial Base-Vulnerability Disclosure Program (DIB-VDP). The program, free for companies to participate in, allows independent hackers to find and analyze vulnerabilities in companies' systems. The initiative follows a yearlong pilot in partnership with cybersecurity company HackerOne, where contractors voluntarily exposed their assets and platforms to ethical research analysis and vulnerability threat assessments. Defense Scoop

Iranian hackers infiltrated US government agencies and companies for over 5-years

An unsealed US Justice Department indictment this week revealed the Iranian-based hacks. The indictment claims Iranian state-sponsored hackers infiltrated hundreds of thousands of accounts in US companies and government agencies, including the US State and Treasury Departments, as part of a multiyear cyber espionage campaign. The elaborate operation ran from 2016 to 2021, with targets ranging from defense contractors to hospitality companies. The team used spearphishing and social engineering methods, such as fake romantic interest ploys and a fictitious cybersecurity company. The extent of the data compromise is unknown, and the indicted individuals remain at large. Dark Reading

UnitedHealth confirms it paid a ransom to the Change Healthcare attackers. Cybersecurity Dive

Thank you for reading Infosec Monitor. This post is public so feel free to share it.

AI & Security

What are the three most imminent AI risks?

Malicious use of AI, data privacy, and job loss. SC Magazine

25 cybersecurity AI stats you should know. Help Net Security

Cyber Security Incidents

MITRE breached by nation-state threat actor with Ivanti zero-day vulnerability

An unspecified nation-state threat actor breached MITRE in January. The threat actor exploited two vulnerabilities in Ivanti's Connect Secure VPN devices. The attacker exploited the VPNs, moved laterally into the VMware infrastructure, and exfiltrated data using their C2 infrastructure. Help Net Security

8 LastPass customers have fallen for the master password scam. Dark Reading

A ransomware attack in Sweden is emptying liquor store shelves

A ransomware attack on Skanlog, a Swedish logistics company, is emptying liquor shelves. The attack is believed to originate from North Korea. The Record

Data exposed in phishing attack on Los Angeles County Dept. of Health

23 employees of the LA County agency had their credentials stolen in a successful phishing attack. The employee's email accounts contained PII and health data for numerous patients. Bleeping Computer

Synlab Italia hit by cyberattack

The company facilities, including laboratories, medical centers, and sampling points) were entirely taken down due to a cyber attack on April 18th. It's believed they are suffering a ransomware attack. SC Magazine

Russian-linked hackers claim attack on Indiana water plant

A hacker group called the Cyber Army of Russia has claimed responsibility for a cyberattack on the Tipton Wastewater Treatment Plant in Indiana. The plant maintained operations despite the disruption. The extent of the damage and how the attack took place is unknown. The Record

The streetlight in Leicester, UK, won't turn off due to a cyberattack

Straight out of the 90's movie Hackers. The streetlights in Leicester are not obeying commands due to a cyberattack on the city's "central management system." Dark Reading

CISCO urges immediate upgrades as hackers exploit CISCO's ASAs. CSO Online

Lincoln project loses $35K in business email compromise. SC Magazine

1400 CrushFTP servers are vulnerable to attacks. Bleeping Computer

30K WordPress sites susceptible to a vulnerability in the WP Automatic plugin. Bleeping Computer

Interesting Reads

Smart lock company ignores security researchers and CISA about high severity vulnerability

What do you do when a company ignores vulnerabilities? Well-known security researcher Brian Krebs notified Chirp Systems, a maker of smart access systems, of a "low attack complexity" vulnerability that attackers can execute remotely in 2021. CISA later sent another notification. The response? Nothing. The locks are used in thousands of homes across the US. Tech Crunch

Data & Research

4 out of 5 companies that suffered a cyberattack were not fully covered by cyber insurance. Cybersecurity Dive

Companies who pay ransomware attackers are down to a record low of 28%. Bleeping Computer

However, cyber insurance claims from ransomware are up 13%. SC Magazine

56% of cyber insurance claims are caused by funds transfer fraud and business email compromise. Help Net Security

Median dwell time down to 10 days in 2023 (down from 16 in 2022). Help Net Security

Cybersecurity Mergers, Acquisitions, and Funding

Acquisitions & IPOs

HashiCorp, infrastructure lifecycle management, is being acquired by IBM for $6.4B. SecurityWeek

Coverware, ransomware recovery, acquired by Veeam for an undisclosed sum. siliconANGLE

Rubrick, data security, raises $752M with a 16% jump in IPO. siliconANGLE

VC Funding

VulnCheck, cyber threat intelligence, raises $7.95M in Seed funding. siliconANGLE

BforeAI, predictive security, raises $15M in Series A. SecurityWeek

DropZone, automated breach investigation, raises $16.85M in Series A. siliconANGLE

Nagomi, cybersecurity control gap analysis, raises $30M in Seed funding. Help Net Security

ThreatLocker, endpoint security, raises $115M in Series D. SecurityWeek