No. 46, October 11, 2024

Welcome to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — Major US broadband providers hacked by China’s Salt Typhoon, the Internet Archive hit by major DDoS and data breach, and air-gapped European government systems breached.

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.

Highlight of the Week

US Broadband providers breached by Chinese hacking group Salt Typhoon

• Multiple U.S. broadband providers, including AT&T, Verizon, and Lumen Technologies, were reportedly hacked by the Chinese group Salt Typhoon.

• The attack aimed to collect intelligence, potentially accessing U.S. federal government systems for wiretapping requests.

• The breach may have occurred for months or longer, with hackers accessing critical network infrastructure.

Bleeping Computer Schneier on Security

Do you employees have more questions than answers?

Fragmented apps, too many chats, and not enough answers to your work questions? See how AskJack provides instant work answers. Learn More

News

Marriott agrees to $52 million settlement over data breaches

Marriott and Starwood Hotels will pay $52 million to settle investigations into multiple data breaches affecting millions of customers. The agreement mandates enhanced security practices, including multifactor authentication and better data management, following a series of failures that allowed extensive customer data theft. Cyberscoop

EU Cyber Resilience Act mandates cybersecurity for connected devices

The EU Cyber Resilience Act requires manufacturers to ensure robust cybersecurity for all connected devices before they reach consumers. It aims to enhance consumer choice while covering IoT devices throughout their lifecycle. The law, expected to be fully enforced in three years and complements existing regulations. Cybernews

Australia introduces Cyber Security Bill 2024 for national standards

Australia's Cyber Security Bill 2024 establishes national cybersecurity standards, focusing on ransomware reporting and smart device security. It aims to create a Cyber Incident Review Board, improve government-industry information sharing, and enhance protections for cyber incident victims. Dark Reading

AI & Security

OpenAI disrupts 20 operations misusing its technology

OpenAI has disrupted over 20 operations by nation-states misusing its technology, notably the Iranian group CyberAv3ngers, linked to attacks on U.S. water facilities. U.S. officials stress the need for collaboration on AI cybersecurity while cautioning against the rapid development of AI without adequate security. The Record

MITRE launches AI Incident Sharing initiative for enhanced security

MITRE has launched an AI Incident Sharing initiative to facilitate the exchange of data on real-world AI incidents among organizations. Developed with 15 companies, it enhances knowledge of AI threats and defenses, using the ATLAS framework and STIX data schema for standardized information sharing. SecurityWeek

CISA emphasizes human oversight in AI cybersecurity practices

CISA's chief AI officer, Lisa Einstein, stresses AI's limitations in cybersecurity and the necessity of human oversight. Highlighting concerns about AI replicating past security issues, she advocates for strong human processes and collaboration within the tech sector to mitigate potential threats. Fedscoop

AI’s detection gap opens new vulnerabilities. Axios

Cybersecurity Incidents

Air-gapped European government systems breached using custom malware

GoldenJackal, an APT group, breached air-gapped European government systems using bespoke malware, facilitating data theft via USB drives. Their attacks targeted diplomatic entities and showed capability for advanced espionage through modular, adaptable tools and methods of infiltration. Bleeping Computer

Internet Archive faces ongoing DDoS attacks after data breach impacting 31M

The Internet Archive, affected by a data breach impacting 31 million users, is under sustained DDoS attacks claimed by hackers SN_BLACKMETA. Users' information has been stolen, prompting security concerns and recommendations for password changes. The Record

Star Health confirms data breach affecting 31M customers

Star Health and Allied Insurance confirmed a data breach affecting 31 million customers. Cybercriminals leaked personal health information online. An investigation by independent experts is underway. The company has filed lawsuits against Telegram and Cloudflare. TechCrunch

Cyber attack exposes data of nearly 63,000 Dutch police officers

A cyber attack exposed nearly 63,000 Dutch police officers' information, suspected to be state-sponsored. The breach, discovered on September 26th, primarily involved work-related data. Police implemented security measures and have not revealed how the hackers accessed the information. Cybernews

Fidelity Investments discloses data breach affecting over 77K customers

Fidelity Investments disclosed a data breach affecting over 77,000 customers, occurring from August 17-19. Attackers accessed data through two new accounts. Bleeping Computer

Danish sports tech firm leaks 110TB of sensitive user data

Danish sports tech firm leaked 110TB of data, exposing 31.6M sensitive records, including user information and device details. Discovery by researcher Jeremiah Fowler raises concerns over potential cyberattacks targeting users via phishing and exploitation of device vulnerabilities. Company has yet to respond. Cybernews

American Water shuts down MyWater portal after cybersecurity incident

American Water shut down its MyWater customer portal after detecting unauthorized activity on October 3. The incident is under investigation, but water quality is unaffected. SC Media

Malware campaign infects over 28,000, steals cryptocurrency

A malware campaign has infected over 28,000 people, primarily in Russia, using YouTube and fraudulent GitHub sites to disguise itself as legitimate software. It hijacks system services for persistence, employing payloads for cryptocurrency mining and address clipping, resulting in significant financial theft. Bleeping Computer

Snaphunt data leak exposes over 200,000 CVs

Snaphunt leaked over 200,000 CVs due to an unsecured AWS S3 bucket, exposing sensitive job seeker data and increasing their risk of identity theft and phishing. The breach occurred on August 5, 2024. Cybernews

Casio experiences cyberattack leading to system failures and potential data leak

Casio suffered a cyberattack on October 5, causing major system failures and potential data leaks, including personal info but not credit card details. The company is investigating, following a previous breach that affected 148 countries. The Record

Comcast warns of data breach affecting 237,703 customers due to FBCS ransomware attack

Comcast disclosed a data breach affecting 237,703 customers due to a ransomware attack on third-party FBCS. Initially claiming no compromise in March, FBCS later confirmed stolen data includes personal details. Over 4 million individuals were affected, with multiple organizations also impacted. TechCrunch

CreditRiskMonitor reports data breach affecting employee information

CreditRiskMonitor reported a data breach compromising employee and contractor information detected on July 19. No customer data was affected. The attack's link to ransomware remains unclear, with no claims from cybercrime groups. SecurityWeek

Data leak at BestFin Nigeria exposes 846K users' sensitive info

A data leak at BestFin Nigeria exposed 846,000 users' sensitive data, including private messages and contact lists. This practice allegedly violates Nigerian data privacy laws and raises concerns over identity theft. The database also showed signs of external compromise, emphasizing risks for affected users. Cybernews

LEGO website briefly hacked to promote fake cryptocurrency scam. Bleeping Computer

MoneyGram confirms breach involving SSNs and other customer data. CSO Online

Threat Intel

New Gorilla botnet executes over 300,000 DDoS attacks globally

Cybersecurity researchers discovered the Gorilla botnet, inspired by Mirai, executing over 300,000 DDoS commands from September 4-27, 2024. Targeting more than 100 countries, it uses advanced techniques for persistence and command execution, demonstrating high counter-detection awareness. The Hacker News

Threat actors escalate BEC attacks using SharePoint, OneDrive, and Dropbox

Threat actors are escalating BEC attacks using SharePoint, OneDrive, and Dropbox, employing advanced evasion techniques to exploit restricted files. This results in financial fraud and data theft. Experts urge enhanced multi-layered defenses and monitoring of service accounts to combat these sophisticated threats. SC Media

Censys reports 14,000 unsecured medical devices online. Cyberscoop

Largest Recorded DDoS attack is 3.8 Tbps. Schneier on Security

Interesting Reads

Do the Marriott cybersecurity settlements send the wrong message to CISOs, CFOs?

• The big picture: The Marriott cybersecurity settlements with the FTC and state AGs are seen as too lenient, potentially undermining corporate cybersecurity efforts nationwide.

• Why it matters: The weak penalties and vague security requirements may give CFOs justification to minimize cybersecurity spending, weakening CISOs' ability to implement robust protections. CSO Online

Ex-Uber CISO Joseph Sullivan requests new trial over jury instruction errors

Joseph Sullivan, ex-Uber CISO, seeks a new trial, claiming jury instructions omitted vital legal requirements for his conviction related to a 2016 data breach coverup. The prosecution asserts his actions unequivocally obstructed justice. Dark Reading

Data & Research

Health Care

• 92% of healthcare organizations faced at least one cyber attack in the past year

• 69% reported disruption to patient care due to cyber attacks

• Supply chain attacks most likely to affect patient care (68% experienced, 82% disrupted care)

• 54% believe they're vulnerable to ransomware attacks

• Lack of clear leadership as a challenge increased from 14% to 49%

Help Net Security

LLM Attacks

“Attacks on large language models (LLMs) take less than a minute to complete on average, and leak sensitive data 90% of the time when successful, according to Pillar Security.” SC Media

Cybersecurity Mergers, Acquisitions, and Funding

VC Funding

Human Security, digital platform protection, raises $50M in an unknown series. siliconANGLE

Relyance, data regulation compliance, raises $32M in Series B funding. TechCrunch

WatchTowr, attack surface management, raises $19M in Series A funding. SecurityWeek

Harmonic Security, data protection from AI, raises $17.5M in Series A funding. siliconANGLE

Cyrisma, risk management platform, raises $7M in SeriesA funding. SecurityWeek

Prime Security, security design, raises $6M in Seed funding. siliconeANGLE

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.