Project Hyphae
Search

Information Security News 4-29-2024

Share This Post

Okta Warns of Unprecedented Scale in Credential Stuffing Attacks

Article Link: https://securityaffairs.com/162464/hacking/okta-warned-spike-credential-stuffing-attacks.html

  • Okta recently released an advisory about a sharp increase in credential stuffing attacks tied to a growing availability of residential proxy services (e.g., botnets), compromised credentials, and automation tools for bad actors to use against potential victims.
  • Okta’s advisory noted several services being targeted by the brute force attempts including Checkpoint VPNs, Fortinet VPNs, Ubiquiti services, and more. Okta also provided information specific to Okta’s services that can be leveraged to mitigate potential threats.
  • Okta also offered up several additional authentication recommendations. These include maintaining strong password policies to limit users from selecting poor passwords, enforcing MFA, denying suspicious authentication attempts (by region or reputation), and monitoring for sign in anomalies.
  • Link to Okta’s Advisory: https://sec.okta.com/blockanonymizers

Kaiser Permanente Handed Over 13.4M People’s Data to Third Parties

Article Link: https://www.theregister.com/2024/04/26/kaiser_patient_data/

  • Kaiser Permanente, a healthcare organization, recently announced that it has started notifying 13.4 million current and former members and patients that their personal information may have been exposed to third-party vendors, such as Google and Microsoft, via online technologies on its websites and mobile applications.
  • Kaiser conducted an internal investigation and concluded that the data sent to third parties likely included IP addresses, names, account sign in status, how a user was navigating the website(s) used, and any search terms used.
  • Kaiser indicated that the information likely wasn’t misused, but the issue was reported as an incident and the data collecting technologies have since been removed from their online services.

2023: A “Good” Year for OT Cyberattacks

Article Link: https://www.darkreading.com/endpoint-security/2023-good-year-for-ot-cyberattacks

  • According to a new report from Waterfall Security Solutions and ICS Strive, there were 68 publicly recorded cyberattacks that impacted operational technology (OT) systems. The authors noted that there was a 19% increase between 2022 and 2023, which was lower than expected.
  • The report didn’t include private incident disclosures and looked at OT attacks that had physical downtime and consequences, including accidental OT targeting via precautionary OT network shutdowns, to develop its past statistics and future trends.
  • Of the 68 incidents, 35 were a result of ransomware. The report also suggested that the 2023 results may have been an outlier due to cyber criminals shifting away from system encryption, which can disable OT systems and cause material issues.

Top 10 Physical Security Considerations for CISOs

Article Link: https://www.csoonline.com/article/566635/what-is-physical-security-how-to-keep-your-facilities-and-devices-safe-from-on-site-attackers.html

  • The article highlights that physical security is a key component of information security that is regularly overlooked by many organizations. The bottom line is that information security is meant to protect information in all forms, including physical media.
  • While every organization’s structure differs, the article emphasizes the importance of collaboration between CISOs and physical security decision makers to ensure that an organization’s physical security is robust but also complies with regulatory requirements and pre-established company policies. Additionally, all physical security decisions ultimately come down to budget allowances,
  • Several of the top physical security consideration areas outlined in the article include hardening IT facilities and data centers, potential day-to-day office facility concerns, blocking lateral movement within physical spaces, and the physical-cyber connections to OT environments.

73% of SME Security Pros Missed or Ignored Critical Alerts

Article Link: https://www.helpnetsecurity.com/2024/04/25/73-of-sme-security-pros-missed-or-ignored-critical-alerts/

  • According to Coro Cybersecurity, who surveyed 500 U.S. information security decision makers in organizations with 200 to 2000 employees, 73% of small and medium enterprise (SME) security professionals have missed, ignored, or failed to act on critical security alerts.
  • Other statistics noted included that professionals spend an average of 4 hours and 43 minutes managing their cybersecurity tools every day and they manage an average of 2030 endpoint security agents across 656 endpoint devices. Likewise, 52% noted that the most time-consuming task for them is monitoring security platforms, followed by vulnerability patching.
  • Beyond this, many SME security leaders are looking to consolidate their security toolset within the near future to limit environmental complexity and save resources.
  • Link to Coro Cybersecurity’s Report: https://www.coro.net/blog/key-findings-from-the-coro-sme-security-workload-impact-report-2024
  • Link to Vendor Discussion Tips: https://www.securityweek.com/navigating-vendor-speak-a-security-practitioners-guide-to-seeing-through-the-jargon/

Cyber Insurance Gaps Stick Firms with Millions in Uncovered Losses

Article Link: https://www.cybersecuritydive.com/news/cyber-insurance-gaps-cyberattack/713786/

  • According to cyber risk quantification firm CYE, who analyzed 101 past data breaches across various sectors, 80% of companies that experienced a cyberattack weren’t adequately covered by their cyber insurance policy.
  • CYE stated that organizations incurred an average of $27.3 million in uncovered losses per incident due to each insurance gap leaving an average of 75% of each breach uncovered.
  • Link to CYE’s: https://cyesec.com/inadequacies-in-breach-insurance-coverage-a-data-driven-gap-analysis-pdf

Japanese Police Create Fake Support Scam Payment Cards to Warn Victims

Article Link: https://www.bleepingcomputer.com/news/security/japanese-police-create-fake-support-scam-payment-cards-to-warn-victims/

  • Over the past six months, Japanese police have placed fake payment cards in convenience stores to help protect Japanese citizens targeted by online fraud.
  • The cards are labeled as a “Virus Trojan Horse Removal Payment Card” and “Unpaid Late Fee Payment Card.” When potential victims take the cards to the checkout, the card opens the door for cashiers to inform the buyer that they are likely the victim of a scam.
  • In addition to helping prevent potential victims from becoming victims, the police also reward the cashiers who assist in informing the would-be victims of the scam they are engaging with.

Connecticut Senate Passes Unique Bill on Private Sector AI Use

Article Link: https://statescoop.com/connecticut-senate-ai-legislation-private-sector-2024/

  • Currently, Connecticut is in the process of enacting a bill designed to regulate the private sector usage of AI with specific requirements slated for organizations that develop or use “high-risk” AI systems in consequential decision-making processes, such as criminal cases or application acceptance programs.
  • Among other requirements the AI bill would require protections to prevent bias in AI decision-making systems and would penalize entities for the creation of deep fake content. Additionally, the bill would require developers and organizations that use AI to provide disclosures about how they use AI, what data is used to train the AI model(s) they use and maintain risk management policies.
  • The bill is slated to go through the Connecticut House of Representatives and the governor’s office before it can be enacted. In the bill’s current form, some of the requirements in the novel bill would go into effect on July 1, 2025, and the remaining requirements would begin in 2026.
  • Link to the Bill’s Full Text: https://legiscan.com/CT/bill/SB00002/2024


Reach out to our incident response team for help

More To Explore

CVE-2024-3596 | Attackers Blasting RADIUS

CVE-2024-3596 | CVSS:9.0 A new and emerging attacked named “Blast-RADIUS”, allows a man-in-the-middle attack between the RADIUS client and server to forge a valid protocol

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.