David
CISA and EPA Launch Water Sector Cyber Toolkit – February 2nd
CISA and EPA Launch Water Sector Cyber Toolkit Amid the recent string of critical water infrastructure cyber attacks, the Cybersecurity
Telegram: The New “Epicenter for Cybercrime” – February 1st
A report released by cybersecurity researchers at Guardio Labs called attention to the emergence of Telegram as the 'epicenter for cybercrime'. The Guardio researchers attribute the rise of Telegram for cybercrime to the "democratization" of the phishing ecosystem enabled by the messaging platform, allowing threat actors to initiate a mass attack for as low as $230.
Schneider Electric Confirms Data Breach from Ransomware Attack – January 31st
Schneider Electric announced that they were hit by a ransomware attack on January 17th, resulting in a data breach exposing their customer's information. The 'Cactus' ransomware group claimed the ransomware attack. Schneider has since informed the affected customers of the breach, which include Hilton, Pepsico, and Walmart. The attack also caused Schneider to shut down several division-specific systems.
Critical Sectors Faced 13 Cyber Attacks per Second in 2023 – January 30th
A Forescout Research - Vedere Labs report disclosed that over 420 million attacks were recorded between January and December 2023 in the medical, power, communications, waste, manufacturing, and transportation equipment sectors, amounting to 13 attacks per second. Forescout's report "2023 Global Threat Roundup” states that despite the ongoing surge in cyber attacks, the cybersecurity landscape remains optimistic considering proceedingly enhanced visibility and proactive defense strategies in the affected sectors.
Trello Data Breach Exposes 15M Users – January 29th
Initially noted by the 'Have I Been Pwned?' breach notification service, user data of 15 million Trello users are now exposed, and peddled on Dark Web hacking forums. Atlassian, Trello's parent company commented on the attack, claiming they've taken significant steps to prevent such data scraping attacks. They will continue to investigate and mitigate the situation surrounding the cyber attack.
Government Vulnerabilities Grow by 151% – January 26th
According to a Bugcrowd report, no other sector saw as much vulnerability growth as the government sector, which saw a 151% surge and a 58% rise in critical vulnerabilities. Following the government sector were the retail (+34%), corporate services (+20%), and computer software (+12%) sectors.
The UK Warns on AI-Generated Malware from Nation-States – January 25th
According to the UK's National Cyber Security Centre (NCSC), AI-generated malware built to avoid detection could be a serious threat inflicted by nation-state threat actors this year. The NCSC further stated that based on their investigations, they believe nation-state groups hold repositories of malware large enough to effectively train an AI model to bolster ransomware attack capabilities.
26 Billion Stolen Record Database Discovered – January 24th
Security Discovery researchers and the Cybernews team discovered the largest data leak ever recorded, containing 26 billion records predominantly stolen from major social media platforms and government agencies. Dubbed "The Mother of All Breaches", the 12 terabytes of compromised records were stolen most notably from Tencent QQ (1.5B), Weibo (504M), MySpace (360M), Twitter (281M), LinkedIn (251M), AdultFriendFinder (220M), among government agency data from the United States, Brazil, Germany, the Philippines, Turkey, among others.
Exfiltrated Info Automatically Spread on Discord Bot Channel – January 23rd
On an analysis published by Trellix security researcher Gurumoorthi Ramanathan, the "NS-STEALER" malware distributed via a hidden ZIP file could lead to captured data automatically displayed on the Discord bot channel "EventListener". The hidden malware "NS-STEALER" when deployed onto a user's system, can automatically collect screenshots, cookies, credentials, autofill data, and system information from web browsers.
Russia-Backed Hackers Infiltrate Microsoft’s Corporate Email System – January 22nd
Microsoft announced on a blog post that the email intrusion attack began in November 2023 and was discovered on January 12th, 2024. Microsoft deduced that the attack originated from a Russian nation-state hacking group. The Microsoft blog post stated the attack gained access to a small percentage of Microsoft corporate email accounts, consisting of Microsoft leadership, security, and IT team members. The incident is still under investigation and reported to the SEC, Microsoft vowed to take any further necessary action while being as transparent as possible.
Cybersecurity Experts Question ‘Cyber Scam Warning’ Effectiveness – January 19th
The concern of official cyber scam warnings potentially being ineffective was raised by cybersecurity firms, Praxis Labs, eSentire, stemming from Dubai and Ghana cyber and law enforcement agency reports. After multiple cyber scam warnings issued by the Dubai Police and the Cyber Security Authority of Ghana, reports of victims continuously poured in for these “search engine scams”. Following the incidents, researchers at Praxis Labs and eSentire released statements on human behavior corresponding to cyber, by being on "default mode" and for search engines, the issuance of "implicit trust".
JP Morgan Chase Combats 45 Billion Cyber Attacks Daily – January 18th
On Wednesday, January 17th, JPMorgan Chase's asset and wealth management division head, Mary Callahan Erdoes, said during the World Economic Forum in Davos that the firm faces a staggering 45 billion breach attempts daily. Mary explained on a panel session that they have more security engineers than Google and Amazon, out of necessity, as threat actors increasingly get "smarter, savvier, quicker, more devious and mischievous."
CISA and FBI Release IOCs Associated with Androxgh0st Malware – January 17th
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint cybersecurity advisory (CSA) containing the Indicators of Compromise (IOC) associated with the Androxgh0st malware. The joint CSA also contained the dangerous Androxgh0st malware tactics, techniques, and procedures associated with the malware's threat actors. The malware establishes a botnet for victim identification, exploits vulnerable networks, targets the theft of sensitive data, and may lead to remote code execution.
77% of CEOs Believe AI More Risk Than Reward in Cyber – January 16th
Despite the hype of AI in cybersecurity, a PwC survey revealed that 77% of CEOs still believe AI increases the risk of breaches rather than boosts cybersecurity. The PwC survey interviewed 4,700 executives globally, the majority of whom are CEOs. The survey also found that 63% of respondents believed AI to be a misinformation risk, causing a barrier for legal and reputational damage stemming from generative AI.
Ukrainian Hacks Accounts to Mine $2M in Crypto – January 15th
A now arrested Ukrainian-based hacker infiltrated cloud-computing accounts to create over 1M virtual servers to mine $2M worth of cryptocurrencies, Europol announced. The Europol investigation shed light on the dangers behind cloud computer hijacking campaigns used for large-scale illicit crypto mining.