No. 47, October 18, 2024

Welcome to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — OWASP’s Top-10 LLM vulnerabilities, Cisco probes alleged data breach, and group behind 35,000 DDoS attacks disrupted.

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.

Highlight of the Week

US authorities disrupt Anonymous Sudan hacktivist group behind 35K DDoS attacks

US authorities disrupted Anonymous Sudan, a hacktivist group behind major DDoS attacks. Two Sudanese nationals were indicted for conspiracy and damaging computers. The group conducted over 35,000 attacks globally and sold their tool to other threat actors. Cybersecurity Dive

Do you employees have more questions than answers?

Fragmented apps, too many chats, and not enough answers to your work questions? See how AskJack provides instant work answers. Learn More

News

Pentagon unveils new CMMC rules for contractors

The Pentagon unveiled new cybersecurity rules for government contractors, simplifying the certification process while ensuring robust security. The Cybersecurity Maturity Model Certification (CMMC) reduces assessment levels from five to three, allowing self-assessment for lower levels. SC Media

NIS2 directive expands EU cybersecurity requirements, sets global example

EU's NIS2 Directive expands cybersecurity requirements to 100,000 companies. Key measures include multifactor authentication and rapid incident reporting. Non-compliance risks hefty fines. CSO Online

FBI and CISA seek input on software security improvements

FBI and CISA released guidelines urging tech companies to improve software security. They recommend eliminating default passwords, implementing MFA, and using memory-safe languages. Over 200 firms have committed to secure-by-design practices. Public comments are sought by December 2. Experts warn some changes may require significant investment. Cybersecurity Dive CISA

IT CEO charged with faking datacenter cert for SEC contract. The Register

Alabama man arrested for role in SEC social media hack. Axios

Microsoft loses weeks of customer cloud security logs. Help Net Security

USDoD hacker behind National Public Data breach arrested in Brazil. Bleeping Computer

AI & Security

New York regulator warns banks about AI security risks

NYDFS Superintendent Adrienne Harris cautions banks about AI security risks. As financial institutions increasingly adopt AI, they must maintain robust cybersecurity measures to protect against potential threats. Harris emphasizes the importance of keeping security protocols up-to-date to safeguard against vulnerabilities that could arise from AI implementation. Banking Dive

OWASP releases top 10 LLM vulnerabilities list

OWASP's top 10 LLM vulnerabilities highlight critical security risks in AI applications. Key threats include prompt injections, data poisoning, and model theft. The list aims to raise awareness and improve security practices. Preventative measures focus on input validation, access controls, and monitoring. Over reliance on LLM-generated content remains a significant concern. CSO Online

AI transforms offensive cybersecurity practices

AI is revolutionizing offensive cybersecurity by addressing manpower shortages, automating tasks, and scaling operations. It enables more frequent testing, earlier integration in development, and detection of complex vulnerabilities. CSO Online

AI transforms cybersecurity landscape amid rising threats. SecurityWeek

AI-powered deepfakes fuel cybercrime surge in Asia-Pacific

AI-powered cybercrimes, especially deepfakes, are surging in Asia-Pacific. UNODC reports a 600% increase in deepfake mentions and a 1,500% rise in deepfake crimes. Vietnam and Japan lead in cases, while the Philippines saw the fastest growth. Socioeconomic factors make the region vulnerable. Cybercriminals are leveraging advanced AI tools in underground forums. Dark Reading

ConfusedPilot attack threatens RAG-based AI systems

Researchers uncovered ConfusedPilot, an attack manipulating RAG-based AI systems like Microsoft 365 Copilot. By introducing malicious documents, attackers can compromise AI responses, leading to misinformation and flawed decision-making. The attack affects 65% of Fortune 500 companies, persists after content removal, and bypasses current security measures. Dark Reading

Hong Kong scammers used real-time deepfakes. Dark Reading

Cybersecurity Incidents

Cisco probes alleged data breach as hacker offers stolen info

Cisco is investigating claims of a data breach after threat actor "IntelBroker" offered alleged stolen data on a hacking forum. The purported breach occurred on October 6, 2024, potentially compromising source code and customer information. As of October 16, Cisco found no evidence of system breach but has engaged law enforcement in the ongoing investigation. Bleeping Computer

Pro-Russian hackers target Japan's ruling party website amid election campaign

Japan's ruling party website hit by DDoS attack as election campaign began. Pro-Russian hackers claimed responsibility, citing retaliation for Japan-U.S. military exercises. Other Japanese institutions also targeted. Government investigating and emphasizes zero tolerance for election interference. The Record

Globe Life hit by data breach, faces extortion threat

Globe Life faces extortion after hackers stole customer data from its AIL subsidiary. At least 5,000 individuals are affected, with compromised information including personal details and, in some cases, Social Security numbers and health data. TechCrunch

Omni Family Health data breach impacts 470,000 in California

Omni Family Health, a California healthcare provider, suffered a data breach affecting 468,344 individuals. Discovered on August 7, the breach exposed personal and medical information of patients and employees. The Hunters International ransomware gang claimed responsibility. SecurityWeek

German retailer Brillen exposes data of 3.5 million Europeans

German eyewear retailer Brillen exposed personal and order data of 3.5 million European customers due to unsecured Elasticsearch cluster. Discovered on August 8th, the leak puts customers at risk of identity theft and phishing. Brillen faces potential GDPR fines and reputational damage. Extent of data exposure remains unclear. Cybernews

Radiant Capital suffers $50 million crypto theft in sophisticated attack

Radiant Capital, a crypto platform, lost $50 million in digital coins due to a sophisticated attack. Three developers' devices were compromised, allowing access to private keys. Operations are paused, and it's unclear if users will be compensated. This is the platform's second hack this year. The Record

Boston Children's Health Physicians hit by ransomware

BianLian ransomware group claims responsibility for a cyberattack on Boston Children's Health Physicians, compromising personal and medical data of patients and employees. The attack, initiated through an IT vendor, didn't affect electronic medical records. BianLian threatens to leak stolen data. Bleeping Computer

Healthcare providers disclose data breaches impacting 500,000 patients

Gryphon Healthcare and Tri-City Medical Center reported data breaches affecting over 500,000 individuals. Gryphon's August 2024 incident involved a third-party partner, while Tri-City's stemmed from a November 2023 cyberattack. Both compromised personal and medical data. SecurityWeek

Pokémon developer Game Freak hit by major data breach

Game Freak, Pokémon's developer, faced a major data breach affecting over 2,600 employees and partners. The "TeraLeak" potentially exposed insider game info and source code. While the company confirmed the August incident and server rebuild, it hasn't commented on game data exposure. Dark Reading

Casio confirms customer data compromised in ransomware attack.

Over 200 GB of data was stolen, including personal and sensitive company information. Credit card data was unaffected. TechCrunch

Varsity Brands data breach impacts 65,000, ransomware suspected

Apparel giant Varsity Brands reported a data breach affecting 65,000+ people. Detected in May 2024, the breach involved unauthorized access to personal information. While ransomware is suspected, it's unconfirmed. SecurityWeek

Calgary library system hit by cyberattack, services limited

Calgary Public Library faces service disruptions after a cyberattack. All 22 branches reopened with limited technology access. Digital services, WiFi, and online resources remain offline. No timeline for full restoration. The Record

Volkswagen affirms IT infrastructure secure after 8Base ransomware claim

Volkswagen confirms the 8Base ransomware group claims to have stolen data but insists its IT infrastructure remains unaffected. The stolen data includes invoices and personal documents. Volkswagen is monitoring the situation, with no stolen data publicly released yet. SecurityWeek

Threat Intel

North Korean IT workers demand ransom in new threat to Western firms

North Korean IT workers are escalating their tactics, infiltrating Western firms and demanding ransoms for stolen data. This new threat, linked to the Nickel Tapestry group, involves identity theft and insider access. The Hacker News

Sophos warns of sophisticated 'Quishing' attacks targeting corporate credentials

Sophos alerts to rising 'quishing' attacks using QR codes to steal corporate credentials. A recent campaign targeting Sophos employees successfully compromised one account. These attacks, becoming more common and sophisticated, bypass traditional security measures by using mobile devices to scan QR codes leading to phishing pages mimicking Microsoft365 logins. Cybernews

CISA confirms Veeam vulnerability exploited in ransomware attacks

CISA confirms ransomware gangs are exploiting a critical Veeam vulnerability (CVE-2024-40711) in backup products. The bug allows full system control and data manipulation. Sophos reports attacks deploying Fog and Akira ransomware. Experts warn of potential double-extortion scenarios. The Record

India-linked SideWinder APT expands global reach with new StealerBot malware

India-based APT group SideWinder has expanded its cyberattacks globally, targeting various sectors across Asia, Africa, the Middle East, and Europe. Using spear-phishing emails, the group deploys a new post-exploit tool called StealerBot, a modular malware for espionage. Despite using public exploits, SideWinder's capabilities are more advanced than previously thought. Dark Reading

New ClickFix campaign exploits fake Google Meet errors to spread malware. CSO Online

Interesting Reads

Where organizations invest after data breach

Data breach costs rose 10% to $4.88M, with 2/3 of firms passing costs to consumers. Recovery takes 100+ days. Post-breach investments focus on tech and training but often neglect holistic security. Cybersecurity Dive

Entry point vulnerabilities in open-source ecosystems expose supply chain risks

Researchers reveal software supply chain vulnerabilities in open-source ecosystems. Entry points can be exploited for command-jacking and rogue plugins. Stealthy techniques like command wrapping pose significant risks. Malicious packages in open-source ecosystems have increased by 156% since November 2023, highlighting the need for improved security measures. The Hacker News

Casio struggles with ransomware attack aftermath, data breach

Casio's systems remain unusable two weeks after a ransomware attack, affecting orders and shipments in Japan. TechCrunch

UK cyber watchdog: MFA no longer enough for enterprise security

UK's cyber watchdog warns MFA alone isn't enough for enterprise security. Attackers now bypass MFA using updated social engineering tactics. NCSC advises companies to reassess MFA implementation, focusing on proper user authentication and education. New guidelines emphasize selecting appropriate MFA solutions and minimizing user friction. SC Media

CISO Conversations: Julien Soriano (Box) and Chris Peake (Smartsheet). SecurityWeek

Survey reveals widespread cloud security vulnerabilities, calls for urgent action. Infoworld

Lawmakers probe China-linked attacks on U.S. telecom networks. Cybersecurity Dive

Be aware of these eight underrated phishing techniques. SecurityWeek

'Nationally significant' cyberattacks are surging, warns the UK's new cyber chief. The Record

Data & Research

Ransomware severity spikes as insurers urge stronger cybersecurity measures

Ransomware severity spiked 68% in early 2024, with average demands reaching $1.3 million. Despite this, average losses decreased to $353,000. Business email compromise is rising, and exposed login panels significantly increase claim risks. Cybernews

Microsoft reveals ransomware attacks against its customers nearly tripled last year. Cybersecurity Dive

CISOs struggle with breach detection despite high security spending

• Global information security spending projected to reach $215 billion in 2024

• 44% of CISOs unable to detect data breaches in the last 12 months

• 70% of CISOs say existing tools are ineffective due to limited visibility

• 81% agree cloud security depends on complete visibility into data-in-motion

Help Net Security

Zero-day Vulnerabilities

• 70.3% of exploited vulnerabilities in 2023 were zero-days

• 138 vulnerabilities were disclosed as actively exploited in 2023

• Record 56 vendors impacted by actively exploited flaws in 2023

• Time to exploit (TTE) dropped to 5 days in 2023

Bleeping Computer

Cybersecurity Mergers, Acquisitions, and Funding

Mergers & Acquisitions

Trail Security, data loss prevention, acquired by Cyera for $162M. SecurityWeek

VC Funding

Stoïk, cyber insurance, riases $27M in Series B funding. TechCrunch

DeNexus, OT cyber risk management, raises $17.5M in Series A funding. siliconANGLE

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.