Information Security News 7-10-2023

Microsoft Denies Data Breach, Theft of 30 Million Customer Accounts

Article Link: https://www.bleepingcomputer.com/news/security/microsoft-denies-data-breach-theft-of-30-million-customer-accounts/

• On July 2^nd, Anonymous Sudan, who is responsible for recent service disruptions to a number of organizations including Microsoft, stated that they successfully hacked a Microsoft database with the account information of over 30 million Microsoft accounts. Anonymous Sudan announced they were selling the information for $50,000 to interested parties.
• In the past Microsoft admitted to the service disruptions; however, they have come out and denied that Anonymous Sudan compromised any data. Additional lack of clarity suggests that Anonymous Sudan hasn’t truly gained access to any data.

Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks

Article Link: https://thehackernews.com/2023/07/cybersecurity-agencies-sound-alarm-on.html

• U.S. and Canadian cybersecurity agencies released an alert on new variants of the TrueBot malware, which exploits vulnerabilities in Netwrix Auditor servers and associated agents.
• Once the Netwrix vulnerabilities are exploited, a remote access trojan (RAT) and Cobalt Strike beacons are deployed. From there, data can be exfiltrated or encrypted. In some instances, the TrueBot malware has also used Raspberry Robin, IcedID, and Bumblebee malware strains.
• Organizations who use Netwrix Auditor services are encouraged to have updates installed, deploy MFA, look for indicators of compromise (IOCs), and swiftly respond to potential IOCs.
• Link to CISA’s Advisory: https://www.cisa.gov/news-events/alerts/2023/07/06/cisa-and-partners-release-joint-cybersecurity-advisory-newly-identified-truebot-malware-variants

One Third of Security Breaches Go Unnoticed by Security Professionals

Article Link: https://www.helpnetsecurity.com/2023/07/03/hybrid-cloud-security-breaches/

• According to a report by Gigamon, which surveyed 1,020 IT and security leaders globally, 94% of respondents stated that their tools and processes provide them with complete visibility and insight into their IT infrastructure.
• Despite this visibility, a third of security breaches aren’t spotted by IT and security professionals and 56% of respondents identified unexpected environment blind spots as a key stressor. Although many believe they have good oversight on their IT infrastructure, anywhere from 35% to 70% of respondents reported lacking some level of visibility on hybrid cloud infrastructure.
• The article also highlighted the importance of a zero-trust model and deep environment observability as key strategic initiatives for organizations looking to manage security-related stressors.
• Link to Gigamon’s Report: https://www.gigamon.com/company/news-and-events/newsroom/gigamon-survey-hybrid-cloud-security-2023.html

Spyware Gamed 1.5M Users of Google Play Store

Article Link: https://www.darkreading.com/threat-intelligence/spyware-gamed-1-5m-users-of-google-play-store-

• Two separate malicious file manager apps, made by the same developer, loaded with spyware were found lurking in the Google Play Store with a combined estimated 1.5 million impacted users.
• While many malicious apps require users to actively engage with the apps, the two apps in question relied on users giving the app elevated access immediately upon download, acting in a similar manner to “no click” malware.
• The article highlights how bring your own device (BYOD) policies make malicious apps more dangerous. Not only do the bad actors gain access to personal data, but they can access corporate data as well. As such, researchers recommend having controls that prevent the download of unapproved apps, like certain file manager or junk cleaner apps.

Ex-Amazon Manager Jailed for Stealing $10M Using Fake Vendor Invoices

Article Link: https://www.theregister.com/2023/07/06/amazon_manager_fraud/

• A now-former Amazon manager described by prosecutors as the “mastermind” behind a nearly $10 million scheme to steal money from Amazon using fake invoices has been sentenced to 16 years behind bars in federal prison.
• The manager recruited a loss prevention employee and senior human resources employee, both also employed by Amazon, to assist in the fraud. All three former employees provided names and Social Security numbers based on friends and family to create fake vendor accounts.
• In addition to going to jail, the former manager must pay $9.5 million in restitution, and already forfeited $2.7 million as well as several luxury vehicles (including a Lamborghini, Tesla, and Porsche).

How to Cultivate a Culture of Continuous Cybersecurity Improvement

Article Link: https://www.helpnetsecurity.com/2023/07/06/cybersecurity-improvement/

• Achieving compliance does not create an impenetrable fortress against threats, it merely creates a baseline defense. Compliance does not equal security.
• The article looks at balancing real time security practices, such as network traffic and log reviews, with periodic security practices, like penetration tests and risk assessments, to build a culture of continuous cyber improvement.
• A key element to striking this balance lies in investing in and maintaining a robust vulnerability management strategy, utilizing services like a SIEM solution and EDR tools to supplement vulnerability management with dynamic threat intelligence.

75% of Consumers Prepared to Ditch Brands Hit by Ransomware

Article Link: https://www.helpnetsecurity.com/2023/07/05/consumers-data-protection-request/

• According to a survey by Object First who surveyed 1,000 U.S. adult consumers, 75% of consumers are likely to shift to alternate companies following ransomware incidents. Likewise, 55% favor organizations with comprehensive data protection measures.
• The report also identified that 81% of consumers report feeling “very scared or worried” about their data being held by organizations lacking robust resilience against ransomware. Additionally, 33% demand evidence of resilient backup and recovery strategies to prove proper data stewardship.
• Link to Object First’s Report: https://objectfirst.com/resources/analyst-reports/research-ransomware-significantly-affects-customer-loyalty/

Cybersecurity Starts in the C-Suite: Why Every Role Matters

Article Link: https://businesschief.com/leadership-and-strategy/cybersecurity-what-all-c-suite-roles-should-know

• While an organization’s CISO leads cybersecurity efforts, all C-suite roles play a part in creating a cyber-resilient culture. The responsibility of cyber risk should be a collective effort among the C-suite and board members.
• As the article states, CEOs should be the ultimate champions for security culture. Not only should CEOs promote awareness, but also push for accountability and secure the necessary resources.
• In addition to other organizational leaders, general employees should be empowered and educated to support security initiatives as well. The bottom line is that everyone has a role to play in an organization’s security posture.