June 28, 2024

Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — LockBit hits the Federal Reserve, a new MoveIt critical bug, and new malware increased by 40% in Q1.

Get The Infosec Monitor every Friday in your inbox

Subscribe 👉 https://infosecmonitor.beehiiv.com

Highlight of the Week

LockBit claims Federal Reserve data breach, demands ransom

LockBit claims to have stolen 33TB of sensitive banking data from the Federal Reserve, demanding a ransom by June 25. This would be one of the largest banking hacks in US history if confirmed. The Federal Reserve has not confirmed the breach but is reportedly negotiating with LockBit, with the FBI declining to comment. CSO Online SC Magazine

News

Chinese hackers use ransomware as cover for espionage against Brazil and India

Chinese government hackers, notably the ChamelGang group, are increasingly using ransomware to disguise espionage. Recent attacks targeted Brazil’s presidential office and India’s AIIMS. Researchers warn that misattributing these cyberespionage acts as cybercriminal operations can lead to strategic intelligence gaps and poor risk assessment. The Record

MoveIt again, Progress Software elevates MoveIt bug severity amid hacker attempts

Progress Software has raised the severity of a new MOVEit vulnerability (CVE-2024-5806) to "critical," urging immediate patching as hacker attempts spike. The flaw, found in a third-party component, allows unauthorized data access. Despite no reported exploits yet, increased activity has been observed, affecting thousands globally. Dark ReadingThe Record

Polyfill.io shut down for malware; reopens despite security warnings

Polyfill.io shut down for distributing malware on 100,000+ sites. Owners claim defamation and relaunch on polyfill.com, but Cloudflare and Sansec confirm ongoing risks. Google warns advertisers, urging them to avoid Polyfill's CDN. Security experts recommend using alternatives like Cloudflare and Fastly. Bleeping Computer

CDK Global cyberattack disrupts car dealers, full recovery by June 30

CDK Global is restoring services after a cyberattack disrupted operations for many of its 15,000 car dealership customers. Full recovery is expected by June 30. The BlackSuit ransomware gang is suspected, and major dealers have reported impacts to the SEC. Cybersecurity Drive Axios

Indonesia refuses to pay $8 million ransom after cyberattack on national data center. SecurityWeek

U.S. offers $10 million reward for WhisperGate malware suspect. Help Net Security

AI & Security

Microsoft warns of 'Skeleton Key' jailbreak affecting AI models

Microsoft warns of a new AI jailbreak attack named "Skeleton Key" that can trick generative AI models into ignoring safety guardrails, producing harmful content. The attack affects multiple models from major AI providers. Microsoft has implemented countermeasures and advises continuous vigilance and collaboration to protect against evolving threats. CSO Online

DHS hires first 10 members of AI Corps to boost capabilities

DHS has hired the first 10 members of its new 50-person AI Corps to enhance capabilities in areas like cybersecurity and combating online child exploitation. Over 3,000 applied, reflecting high interest. Members include experts from government, Big Tech, startups, and research. Axios

Is the cybersecurity industry ready for AI? Cybersecurity Dive

Cybersecurity Incidents

WebRecon data leak exposes 150M records

WebRecon leaked over 150 million records, including lawsuit histories, due to a missing password on their MongoDB database. Discovered by Cybernews, the leak risks identity theft and targeted scams, raising concerns about WebRecon's data security. Cybernews

China-sponsored phishing attacks compromise 40,000 corporate users in 90 days

China-sponsored attackers have compromised over 40,000 corporate users through sophisticated credential-phishing campaigns in 90 days. Utilizing advanced evasion tactics like bypassing MFA and URL filtering, these campaigns—LegalQloud, Eqooqp, and Boomer—pose significant threats to various industries and national security. Dark Reading

Designed Receivable Solutions data breach impacts 585K

Healthcare revenue cycle provider Designed Receivable Solutions reported a data breach impacting 585,000 people, with compromised data including sensitive health and personal information. Impacted individuals are being notified and offered 12 months of free identity protection services. No cybercrime group has claimed responsibility. SecurityWeek

Cyberattack hits Croatia’s largest hospital, slows patient processing

Croatia's largest hospital, KBC Zagreb, faces a cyberattack, slowing patient processing. No data breaches reported yet. Unclear if linked to recent DDoS attacks by pro-Russian group NoName057(16) on Croatian institutions. Help Net Security

Australia’s Ticketek breached, affecting 30M users

ShinyHunters breached Ticketek Australia, exposing data of 30 million users through a third-party cloud provider. No accounts or payment info were affected. This mirrors the recent Ticketmaster breach involving Snowflake accounts. Ticketek hasn't confirmed the cloud provider or culprit

South Africa’s health lab hit by ransomware during mpox outbreak

South Africa's National Health Laboratory Service faced a ransomware attack that crippled system operations during a mpox outbreak. With systems down, lab results are manually communicated. Hackers deleted backups, necessitating a system rebuild. The Record

Former Nuance employee breaches Geisinger patient data

A former Nuance Communications employee stole sensitive data of over a million Geisinger patients, including personal and healthcare information. Geisinger and Nuance have taken measures to address the breach, and the ex-employee is now facing federal charges. CSO Online

Supply chain attack targets WordPress plug-ins, creating unauthorized admin accounts

A supply chain attack on WordPress.org has compromised multiple plug-ins, including Social Warfare, creating unauthorized admin accounts and injecting SEO spam. Dark Reading Help Net Security

Evolve Bank & Trust confirms data breach affecting customers and fintech partners

Evolve Bank & Trust confirmed a data breach by the LockBit ransomware gang, exposing personal information on the dark web. The breach impacts Evolve’s retail customers and fintech partners. Debit cards and digital banking credentials are unaffected. Evolve is providing free credit monitoring and new account numbers for some customers. The Record

LA County DHS data breach impacts 47,000 individuals

LA County DHS suffered a data breach affecting 47,000 people due to a push notification spamming attack on an employee’s Microsoft 365 account. Compromised data includes personal and medical information. DHS has taken corrective measures and is offering affected individuals free identity monitoring for one year. SecurityWeek

Hacker selling 30M TEG customer records, Ticketek breach confirmed

A hacker is selling 30M TEG customer records, including names, birthdates, and emails. TEG's Ticketek confirmed a recent data breach, but passwords are encrypted. Suspected cloud provider Snowflake denies platform breaches. TechCrunch

Levi Strauss reports credential stuffing attack affecting 72K accounts

Levi Strauss reported a credential stuffing attack affecting 72,000 customer accounts. Exposed data includes personal details and partial payment card information. The company has reset passwords and advised users to select unique ones. SC Magazine

New Caesar Cipher Skimmer Targets WordPress, Magento, and OpenCart Sites

A new credit card skimmer, "Caesar Cipher Skimmer," is targeting WordPress, Magento, and OpenCart sites, modifying checkout files and mimicking Google services to steal payment info. It uses Caesar cipher encoding and PHP scripts disguised as style sheets. Russian comments in the code suggest the involvement of Russian-speaking threat actors. The Hacker News

AU10TIX exposed personal user info for 18 months, affecting X and TikTok

AU10TIX, an identity verification firm, exposed user data online for 18 months. The leak, affecting major app users, included personal documents and biometrics. Leaked credentials, due to malware, were found on Telegram. AU10TIX's claim of resolving the issue was false. Dark Reading

Hackers steal $2 million from CoinStats wallets, linked to North Korean Lazarus Group

Hackers stole over $2 million from 1,590 CoinStats wallets, attributed to North Korea’s Lazarus Group. Only wallets created within CoinStats were affected. CoinStats resumed activity with limited functionalities and is investigating further. Some users received phishing messages prior to the hack. SecurityWeek

LivaNova USA data breach impacts 130,000

Medical device maker LivaNova USA reported a data breach affecting 130,000 individuals, discovered in November 2023. The LockBit ransomware gang claimed responsibility, stealing 2.2 terabytes of data. Compromised information includes personal and medical details. LivaNova is providing two years of identity protection and credit monitoring, and incurred $2.6 million in costs due to the breach. SecurityWeek

JAXA targeted in multiple cyberattacks, sensitive data unaffected

Japanese space agency JAXA has faced multiple cyberattacks since last year, with hackers targeting general business operations and possibly breaching communications with external partners. Sensitive data on rockets and satellites remain unaffected. Investigations and preventive measures are underway as Japan faces increased cyber threats, particularly from China. The Record

Neiman Marcus says 64,000 affected by breach of Snowflake customer account. The Record

Nearly 150,000 ASUS routers exposed to critical vulnerability. Cybersecurity Dive

Interesting Reads

Google disrupts over 10,000 DRAGONBRIDGE activities in Q1 2024

Google's Threat Analysis Group disrupted over 10,000 instances of PRC-linked DRAGONBRIDGE activity in Q1 2024. Despite high content production, DRAGONBRIDGE sees minimal authentic engagement. They increasingly use AI to create spammy content pushing pro-PRC views and targeting US social issues, Taiwan, and major news events. Google

Companies boost cyber defense to lower insurance premiums, yet gaps remain in coverage

Three-quarters of companies invest in cyber defense to qualify for better cyber insurance terms. Despite this, ransomware recovery costs averaging $2.73 million per incident still exceed insurance payouts. Insurance providers link premiums to maintained defense standards, but significant coverage gaps remain. Cybersecurity Dive

Inside the Mind of a CISO: Survey and Analysis SecurityWeek

Why it took the U.S. nearly 10 years to ban a Russian cyber vendor. Axios

CDK Attack: Why Contingency Planning Is Critical for SaaS Customers. Dark Reading

7 open source security tools too good to ignore. CSO Online

Data & Research

New malware increased by 40% in Q1

New malware increased by 40% from January to March, with 60% of attacks targeting critical infrastructure. Commercial enterprises saw a 10% rise in new malware. Most attacks were in the US, exploiting severe vulnerabilities. Active ransomware groups include LockBit and Hunters International. CSO Online

70% of organizations targeted by BEC attacks in the past year. siliconANGLE

75% of new vulnerabilities exploited within 19 days. Help Net Security

“LockBit attacks saw a massive resurgence in May, increasing by 655% compared to April. LockBit attacks accounted for 37% of all ransomware attacks globally last month.” SiliconANGLE

Cybersecurity Mergers, Acquisitions, and Funding

Acquisitions & Mergers

Jana Partners acquires stake in Rapid 7. siliconANGLE

VC Funding

PortSwigger, maker of BurpSuite, raises $112M in Private Equity round. TechCrunch

Odaseva, enterprise encryption and backups, raises $54M in Series D funding. siliconANGLE

KarmaCheck, background checks, raises $45M in Series B funding. siliconANGLE

AuthZed, permissions management, raises $12M in Series A funding. siliconANGLE

Get The Infosec Monitor every Friday in your inbox

Subscribe 👉 https://infosecmonitor.beehiiv.com