- The Infosec Monitor
- Posts
- Major US broadband providers hacked by China’s Salt Typhoon, the Internet Archive hit by major DDoS and data breach, and air-gapped European government systems breached.
Major US broadband providers hacked by China’s Salt Typhoon, the Internet Archive hit by major DDoS and data breach, and air-gapped European government systems breached.
Infosec Monitor: No. 46
No. 46, October 11, 2024
Welcome to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.
In this week's edition of the Infosec Monitor — Major US broadband providers hacked by China’s Salt Typhoon, the Internet Archive hit by major DDoS and data breach, and air-gapped European government systems breached.
Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.
Highlight of the Week
US Broadband providers breached by Chinese hacking group Salt Typhoon
Multiple U.S. broadband providers, including AT&T, Verizon, and Lumen Technologies, were reportedly hacked by the Chinese group Salt Typhoon.
The attack aimed to collect intelligence, potentially accessing U.S. federal government systems for wiretapping requests.
The breach may have occurred for months or longer, with hackers accessing critical network infrastructure.
Do you employees have more questions than answers?
Fragmented apps, too many chats, and not enough answers to your work questions? See how AskJack provides instant work answers. Learn More
News
Marriott agrees to $52 million settlement over data breaches
Marriott and Starwood Hotels will pay $52 million to settle investigations into multiple data breaches affecting millions of customers. The agreement mandates enhanced security practices, including multifactor authentication and better data management, following a series of failures that allowed extensive customer data theft. Cyberscoop
EU Cyber Resilience Act mandates cybersecurity for connected devices
The EU Cyber Resilience Act requires manufacturers to ensure robust cybersecurity for all connected devices before they reach consumers. It aims to enhance consumer choice while covering IoT devices throughout their lifecycle. The law, expected to be fully enforced in three years and complements existing regulations. Cybernews
Australia introduces Cyber Security Bill 2024 for national standards
Australia's Cyber Security Bill 2024 establishes national cybersecurity standards, focusing on ransomware reporting and smart device security. It aims to create a Cyber Incident Review Board, improve government-industry information sharing, and enhance protections for cyber incident victims. Dark Reading
AI & Security
OpenAI disrupts 20 operations misusing its technology
OpenAI has disrupted over 20 operations by nation-states misusing its technology, notably the Iranian group CyberAv3ngers, linked to attacks on U.S. water facilities. U.S. officials stress the need for collaboration on AI cybersecurity while cautioning against the rapid development of AI without adequate security. The Record
MITRE launches AI Incident Sharing initiative for enhanced security
MITRE has launched an AI Incident Sharing initiative to facilitate the exchange of data on real-world AI incidents among organizations. Developed with 15 companies, it enhances knowledge of AI threats and defenses, using the ATLAS framework and STIX data schema for standardized information sharing. SecurityWeek
CISA emphasizes human oversight in AI cybersecurity practices
CISA's chief AI officer, Lisa Einstein, stresses AI's limitations in cybersecurity and the necessity of human oversight. Highlighting concerns about AI replicating past security issues, she advocates for strong human processes and collaboration within the tech sector to mitigate potential threats. Fedscoop
AI’s detection gap opens new vulnerabilities. Axios
Cybersecurity Incidents
Air-gapped European government systems breached using custom malware
GoldenJackal, an APT group, breached air-gapped European government systems using bespoke malware, facilitating data theft via USB drives. Their attacks targeted diplomatic entities and showed capability for advanced espionage through modular, adaptable tools and methods of infiltration. Bleeping Computer
Internet Archive faces ongoing DDoS attacks after data breach impacting 31M
The Internet Archive, affected by a data breach impacting 31 million users, is under sustained DDoS attacks claimed by hackers SN_BLACKMETA. Users' information has been stolen, prompting security concerns and recommendations for password changes. The Record
Star Health confirms data breach affecting 31M customers
Star Health and Allied Insurance confirmed a data breach affecting 31 million customers. Cybercriminals leaked personal health information online. An investigation by independent experts is underway. The company has filed lawsuits against Telegram and Cloudflare. TechCrunch
Cyber attack exposes data of nearly 63,000 Dutch police officers
A cyber attack exposed nearly 63,000 Dutch police officers' information, suspected to be state-sponsored. The breach, discovered on September 26th, primarily involved work-related data. Police implemented security measures and have not revealed how the hackers accessed the information. Cybernews
Fidelity Investments discloses data breach affecting over 77K customers
Fidelity Investments disclosed a data breach affecting over 77,000 customers, occurring from August 17-19. Attackers accessed data through two new accounts. Bleeping Computer
Danish sports tech firm leaks 110TB of sensitive user data
Danish sports tech firm leaked 110TB of data, exposing 31.6M sensitive records, including user information and device details. Discovery by researcher Jeremiah Fowler raises concerns over potential cyberattacks targeting users via phishing and exploitation of device vulnerabilities. Company has yet to respond. Cybernews
American Water shuts down MyWater portal after cybersecurity incident
American Water shut down its MyWater customer portal after detecting unauthorized activity on October 3. The incident is under investigation, but water quality is unaffected. SC Media
Malware campaign infects over 28,000, steals cryptocurrency
A malware campaign has infected over 28,000 people, primarily in Russia, using YouTube and fraudulent GitHub sites to disguise itself as legitimate software. It hijacks system services for persistence, employing payloads for cryptocurrency mining and address clipping, resulting in significant financial theft. Bleeping Computer
Snaphunt data leak exposes over 200,000 CVs
Snaphunt leaked over 200,000 CVs due to an unsecured AWS S3 bucket, exposing sensitive job seeker data and increasing their risk of identity theft and phishing. The breach occurred on August 5, 2024. Cybernews
Casio experiences cyberattack leading to system failures and potential data leak
Casio suffered a cyberattack on October 5, causing major system failures and potential data leaks, including personal info but not credit card details. The company is investigating, following a previous breach that affected 148 countries. The Record
Comcast warns of data breach affecting 237,703 customers due to FBCS ransomware attack
Comcast disclosed a data breach affecting 237,703 customers due to a ransomware attack on third-party FBCS. Initially claiming no compromise in March, FBCS later confirmed stolen data includes personal details. Over 4 million individuals were affected, with multiple organizations also impacted. TechCrunch
CreditRiskMonitor reports data breach affecting employee information
CreditRiskMonitor reported a data breach compromising employee and contractor information detected on July 19. No customer data was affected. The attack's link to ransomware remains unclear, with no claims from cybercrime groups. SecurityWeek
Data leak at BestFin Nigeria exposes 846K users' sensitive info
A data leak at BestFin Nigeria exposed 846,000 users' sensitive data, including private messages and contact lists. This practice allegedly violates Nigerian data privacy laws and raises concerns over identity theft. The database also showed signs of external compromise, emphasizing risks for affected users. Cybernews
LEGO website briefly hacked to promote fake cryptocurrency scam. Bleeping Computer
MoneyGram confirms breach involving SSNs and other customer data. CSO Online
Threat Intel
New Gorilla botnet executes over 300,000 DDoS attacks globally
Cybersecurity researchers discovered the Gorilla botnet, inspired by Mirai, executing over 300,000 DDoS commands from September 4-27, 2024. Targeting more than 100 countries, it uses advanced techniques for persistence and command execution, demonstrating high counter-detection awareness. The Hacker News
Threat actors escalate BEC attacks using SharePoint, OneDrive, and Dropbox
Threat actors are escalating BEC attacks using SharePoint, OneDrive, and Dropbox, employing advanced evasion techniques to exploit restricted files. This results in financial fraud and data theft. Experts urge enhanced multi-layered defenses and monitoring of service accounts to combat these sophisticated threats. SC Media
Censys reports 14,000 unsecured medical devices online. Cyberscoop
Largest Recorded DDoS attack is 3.8 Tbps. Schneier on Security
Interesting Reads
Do the Marriott cybersecurity settlements send the wrong message to CISOs, CFOs?
The big picture: The Marriott cybersecurity settlements with the FTC and state AGs are seen as too lenient, potentially undermining corporate cybersecurity efforts nationwide.
Why it matters: The weak penalties and vague security requirements may give CFOs justification to minimize cybersecurity spending, weakening CISOs' ability to implement robust protections. CSO Online
Ex-Uber CISO Joseph Sullivan requests new trial over jury instruction errors
Joseph Sullivan, ex-Uber CISO, seeks a new trial, claiming jury instructions omitted vital legal requirements for his conviction related to a 2016 data breach coverup. The prosecution asserts his actions unequivocally obstructed justice. Dark Reading
Data & Research
Health Care
92% of healthcare organizations faced at least one cyber attack in the past year
69% reported disruption to patient care due to cyber attacks
Supply chain attacks most likely to affect patient care (68% experienced, 82% disrupted care)
54% believe they're vulnerable to ransomware attacks
Lack of clear leadership as a challenge increased from 14% to 49%
Help Net Security
LLM Attacks
“Attacks on large language models (LLMs) take less than a minute to complete on average, and leak sensitive data 90% of the time when successful, according to Pillar Security.” SC Media
Cybersecurity Mergers, Acquisitions, and Funding
VC Funding
Human Security, digital platform protection, raises $50M in an unknown series. siliconANGLE
Relyance, data regulation compliance, raises $32M in Series B funding. TechCrunch
WatchTowr, attack surface management, raises $19M in Series A funding. SecurityWeek
Harmonic Security, data protection from AI, raises $17.5M in Series A funding. siliconANGLE
Cyrisma, risk management platform, raises $7M in SeriesA funding. SecurityWeek
Prime Security, security design, raises $6M in Seed funding. siliconeANGLE
Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.