Information Security News 1-8-2024

Mortgage Firm loanDepot Cyberattack Impacts IT Systems, Payment Portal

Article Link: https://www.bleepingcomputer.com/news/security/mortgage-firm-loandepot-cyberattack-impacts-it-systems-payment-portal/

• Recently, one of the largest nonbank retail mortgage lenders in the United States, loanDepot, suffered a cyberattack, causing services such as their phone system and payment portal to be taken offline.
• As a result of the outage, customers began reaching out to loanDepot through other means, such as social media. The company responded, noting that there was a cyber incident in since-deleted replies to the social media posts of concerned customers.
• This incident comes off the heels of another mortgage lender, Mr. Cooper, reporting a cyber incident in November 2023. As the article notes, mortgage lenders hold a significant amount of sensitive data and customers should be aware of potential phishing attacks and identity theft attempts.

29 Malware Families Target 1,800 Banking Apps Worldwide

Article Link: https://www.helpnetsecurity.com/2024/01/03/banking-trojans-mobile-devices/

• According to Zimperium, a mobile security company, threat actors have increased their efforts in targeting mobile banking phone applications with malicious content, such as banking trojans.
• Specifically, Zimperium notes that in their 2022 report, there were approximately 10 prolific malware families targeting 600 banking apps; however, in 2023 29 malware families targeting 1,800 banking apps were uncovered.
• In addition to improving technical capabilities, the report highlighted that threat actors are leveraging sophisticated social engineering tactics as well, such as telephone-based attack delivery which involves follow-up calls to gain trust and eventually download malware.
• Link to Zimperium’s Report: https://www.zimperium.com/resources/zimperiums-2023-mobile-banking-heists-report-finds-29-malware-families-targeted-1800-banking-apps-across-61-countries-in-the-last-year/

Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

Article Link: https://thehackernews.com/2024/01/malware-using-google-multilogin-exploit.html

• According to a report by the security company, CloudSEK, malicious actors are exploiting Google’s MultiLogin capabilities to maintain session persistence, cookie generation, and ultimately retain Google services access even after a password reset.
• Google noted that while it is aware of the exploit, attacks that target cookies and tokens aren’t new. Likewise, stolen sessions can be revoked by signing out of the affected browser or remotely revoking the malicious device within the user’s device page in response to incidents like the MultiLogin exploit.
• Link to CloudSEK’s Report: https://www.cloudsek.com/blog/compromising-google-accounts-malwares-exploiting-undocumented-oauth2-functionality-for-session-hijacking

Hackers Employ Nuanced Tactics to Evade Detection

Article Link: https://www.helpnetsecurity.com/2024/01/02/2023-holiday-attacks/

• As Cequence Security identified, threat actors have evolved their tactics, opting for more nuanced approaches that spread attacks across longer timeframes to blend in with legitimate traffic, especially when it comes to retail fraud during peak holiday shopping times.
• The report noted that many retail organizations prioritize security around their peak times of the year, letting security slip up in-between each peak. As a result, attackers leverage months of planning and complex attack methods to launch their attacks prior to when organizations refocus on security.
• The article digs further into a variety of retail-related cybercrime; however, the essence is that bad actors are prioritizing the long game over short-term fraud attempts.
• Link to Cequence Security’s Report: https://www.cequence.ai/news/cequence-report-reveals-retail-fraud-up-nearly-700-as-cybercriminals-exploit-vulnerable-holiday-shopping-season/

After Injecting Cancer Hospital with Ransomware, Criminals Threaten to Swat Patients

Article Link: https://www.theregister.com/2024/01/05/swatting_extorion_tactics/

• The article highlights how threat actors have dramatically escalated their manipulation tactics in an attempt to force organizations who are ransomware victims to meet the hackers’ ransom demands.
• Specifically, in addition to reaching out to people who have their personal data impacted, some malicious hackers have threated to swat (make fake threatening calls to local police departments causing them to deploy their SWAT teams to certain homes) those with ransomed data in an attempt to force the hand of ransomed organizations.
• While the only known instance of swatting threats occurred following a data breach at Seattle’s Fred Hutchinson Cancer Center in November, threat actors have tried to manipulate organizations into paying ransoms in a variety of other similar and fear-invoking ways.

Why CISOs Need to Make Cyber Insurers Their Partners

Article Link: https://www.darkreading.com/cyber-risk/why-cisos-need-to-make-cyber-insurers-their-partners

• While organizations may see cyber insurance providers as a necessary evil who take advantage of them, offer rising premiums, and require lengthy enrollment applications, this article highlights the importance of CISOs treating their cyber insurance providers as a partner and not a poison.
• A foundational step towards a strong partnership identified in the article is organizations and insurers agreeing on the common goal of risk reduction. From there, a method of quantifying risk that works for both the organization and insurer can be developed and a system to regularly assess the constantly changing risk landscape can be leveraged.
• The article emphasizes that CISOs and insurance companies are on the same team. It is vital to develop a strong relationship and engage in regular dialogue to improve the renewal, claims, and incident response processes.

Consumers Prepared to Ditch Brands After Cybersecurity Issues

Article Link: https://www.helpnetsecurity.com/2024/01/04/consumers-cybersecurity-issue/

• According to Vercara, who surveyed 1,000 adults in the United States, consumers are more likely to stop using a brand if said brand were to have an incident. Additionally, consumers tend to be less aware of their role in an organization’s cyber hygiene.
• Specifically, it was noted that 75% of consumers are ready to sever ties with a brand following any cybersecurity issues and 66% said they would not trust a company that falls victim to a data breach.
• However, 54% noted that they offer a degree of leniency towards smaller organizations, compared to larger entities. Additionally, 35% stated that they believe it is challenging to impersonate large e-commerce brands, among other organizations.
• Link to Vercara’s Report: https://vercara.com/news/vercara-research-75-of-u-s-consumers-would-stop-purchasing-from-a-brand-if-it-suffered-a-cyber-incident

Key Cybersecurity Skills Gap Statistics You Should Be Aware Of

Article Link: https://www.helpnetsecurity.com/2024/01/02/cybersecurity-skills-gap-statistics/

• This article looks at a variety of statistics that highlight the cybersecurity skills gap, according to a variety of surveys from 2023.
• In addition to other cited statistics, this articled discusses how the cloud skills gap is currently a pain point for digital transformation, soft skills are lacking within the cybersecurity industry, and unrealistic expectations further prolong staffing challenges.