Threat Actors Leaked 70 Million Records Allegedly Stolen From AT&T
Article Link: https://securityaffairs.com/160627/data-breach/70m-att-records-leaked.html
- According to security researchers at vx-underground, hackers have released files that contain over 70 million records, which the researchers claim to be legitimate data.
- While the data was leaked recently, the data is sourced from a 2021 data breach, which the threat actors claim was stolen from AT&T. However, AT&T denies that the data specifically belongs to them.
- Regardless of the data source, researchers noted that the leaked data includes victim names, phone numbers, physical addresses, email addresses, Social Security numbers, and date of birth.
Former Telecom Manager Admits to Doing SIM Swaps for $1,000
Article Link: https://www.bleepingcomputer.com/news/security/former-telecom-manager-admits-to-doing-sim-swaps-for-1-000/
- According to a recent U.S. federal court filing, a former telecommunications store manager plead guilty for SIM swapping to assist a bad actor in exploiting user devices in 2021.
- As the article notes, the former manager abused his role and circumvented security measures to conduct the SIM swapping. It was highlighted that providers have since updated their security policies to include authorization from the account owners before SIM data is changed.
- The former manager reportedly made $1,000 per swap ($5,000 total) and a percentage of any ill-gotten profits. As a result, the culprit faces a maximum of five years in federal prison and a fine of up to $250,000 or twice the financial gain or loss from the crime.
- Link to the DoJ’s Report: https://www.justice.gov/usao-nj/pr/former-telecommunications-company-manager-admits-role-sim-swapping-scheme
Key MITRE ATT&CK Techniques Used by Cyber Attackers
Article Link: https://www.helpnetsecurity.com/2024/03/15/2023-attck-techniques/
- This article looks at analysis from Red Canary that notes top attack techniques used by bad actors, mapped to the MITRE ATT&CK framework. The data is derived from Red Canary’s review of almost 60,000 threats and 216 petabytes of customer telemetry data.
- In addition to common techniques, such as the usage of PowerShell and credential dumping, the data highlighted that attacks leveraging email forwarding rules and cloud accounts both drastically rose in frequency between 2022 and 2023.
- Interestingly, Red Canary also stated that while adversaries typically use the same 10-20 techniques, certain attack methods are more prominent in certain industries. Specifically, visual basic and Unix shell techniques were more likely to be leveraged by Healthcare organizations, email forwarding and rule hiding for Education, replication through removable media for Manufacturing, and “less obvious” techniques like HTML smuggling and attacking DCOM systems within Financial Services.
- Link to Red Canary’s Report: https://redcanary.com/threat-detection-report/
Law Firm Sues MSP Over Black Basta Ransomware Attack
Article Link: https://www.msspalert.com/news/msp-sued-by-law-firm-over-black-basta-ransomware-attack
- Recently, a lawsuit was filed against a managed service provider (MSP) by a California law firm, who claims that the MSP failed to protect the firm from a Black Basta ransomware attack.
- As the article notes, the lawsuit claims that the MSP and law firm had an oral agreement where the MSP was to provide monitoring services, advice, installation, the selling of a cloud backup, and the picking and selling of software and hardware for the firm.
- In essence, the law firm had connectivity issues, the MSP claimed to resolve the issues, and then the issues turned into a major outage and, eventually, ransomware, which the firm blames the MSP for.
- In addition to a variety of key points of advice, the article highlights the importance of establishing a strong contract that clearly states information security roles and responsibilities, outlining cyber incident liability, talking with clients about cyber risk, and more.
In The Rush to Build AI Apps, Please, Please Don’t Leave Security Behind
Article Link: https://www.theregister.com/2024/03/17/ai_supply_chain/
- The article discusses that AI has primarily been developed by academic researchers and large companies with a main focus on making AI work as opposed to making AI secure.
- Much like other software, AI is susceptible to the same software supply chain attacks as non-AI software that leverages code components from public repositories. Essentially, malicious code could be accidentally deployed or otherwise end up in AI tools.
- In addition to attacks on the supply chain, the data set used by the AI tool in question could be malicious or outdated and contain old security issues. As such, the results returned by AI helper tools could provide users with something that works but is broken, leading to unforeseen issues.
CISA, OMB Release Secure Software Development Attestation Form
Article Link: https://fedscoop.com/cisa-omb-secure-by-design-software-attestation-form/
- Recently, CISA and the Office of Management and Budget (OMB) released a secure software development attestation form that is required for nearly all organizations that provide software to the U.S. federal government.
- As the documentation provided notes, software requires attestation if it was developed after September 14, 2022, if the software was developed prior to September 14, 2022 but has had major version changes after September 14, 2022, or if the producer delivers continuous code changes (i.e., SaaS solutions). Additionally, the attestation doesn’t apply to software developed by other Federal agencies, open-source or otherwise public software, or third-party components that may be incorporated in a software end product.
- In addition to a handful of other topics, vendors must attest that their software is developed and built in a secure environment, MFA and conditional access are in place, and data is encrypted.
- Link to CISA’s Self-Attestation Form: https://www.cisa.gov/resources-tools/resources/secure-software-development-attestation-form
Google Chrome Gets Real-Time Phishing Protection Later This Month
Article Link: https://www.bleepingcomputer.com/news/google/google-chrome-gets-real-time-phishing-protection-later-this-month/
- Google announced that they will be releasing an update to their Safe Browsing service, which will conduct real-time checks against a server-side list of malicious websites, extensions, and downloads. This will be a change from their current process, which leverages a local list that checks in with Google servers every 30 to 60 minutes.
- Google noted that they will flag websites that may pose risk to users or their devices, akin to how the process currently works. However, Google expects to block 25% more phishing attempts.
- Additionally, Google stated that they will be leveraging APIs that use Fastly Oblivious HTTP (OHTTP) relays to obfuscate the URLs of websites visited to maintain user privacy.
- Link to Google’s Blog Post: https://security.googleblog.com/2024/03/blog-post.html
