Minnesota Department of Education Hacked in Global Data Breach
Article Link: https://www.startribune.com/minnesota-department-of-education-hacked-in-global-data-breach/600281437/
- The Minnesota Department of Education was one of many organizations, including the BBC, British Airways, and more who were hacked by Russia’s Cl0p ransomware gang who exploited vulnerabilities in MOVEit, a file transfer service.
- The MDE indicated that financial information wasn’t accessed, and malware wasn’t deployed on MDE systems. However, at least 24 files were impacted, including files that outlined the personal information of 95,000 students placed in foster care across Minnesota and several other documents.
- After this article was published, Huntress and Progress Software announced that Cl0p are now exploiting new SQL injection vulnerabilities on MOVEit systems. The MDE hasn’t announced any additional incidents relating to additional exploitation at this time.
- Link to MOVEit Updates: https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability
- Link to Project Hyphae Analysis (with Indicators of Compromise): https://projecthyphae.com/threat/hackers-like-to-moveit-moveit-critical-moveit-transfer-vulnerability/
New ‘PowerDrop’ PowerShell Malware Targets U.S. Aerospace Industry
Article Link: https://www.bleepingcomputer.com/news/security/new-powerdrop-powershell-malware-targets-us-aerospace-industry/
- According to security firm Adlumin, an unknown threat actor is targeting the U.S. aerospace defense industry with a new PowerShell malware script named “PowerDrop.”
- Adlumin noted that there is a lot still unknown regarding PowerDrop, but it was deployed by either an exploit, phishing, or a spoofed download site. It was highlighted that PowerDrop uses PowerShell and Windows Management Instrumentation to create a persistent RAT.
- Link to Adlumin’s Report: https://adlumin.com/post/powerdrop-a-new-insidious-powershell-script-for-command-and-control-attacks-targets-u-s-aerospace-defense-industry/
Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants
Article Link: https://thehackernews.com/2023/06/microsoft-uncovers-banking-aitm.html
- Microsoft reported that banking and financial services are the targets of a new multi-stage adversary in the middle (AitM) phishing and business email compromise (BEC) attack, which features the usage of indirect proxies and residential IP addresses to launch attacks.
- This attack features attackers who are sending spoofed Microsoft sign-on pages to victims, then harvesting passwords and session cookies, and setting up SMS-based MFA to impersonate victims. Bad actors will also respond to and delete any incoming emails to reduce detection.
- Link to Microsoft’s Report: https://www.microsoft.com/en-us/security/blog/2023/06/08/detecting-and-mitigating-a-multi-stage-aitm-phishing-and-bec-campaign/
“Asylum Ambuscade” Cyberattackers Blend Financial Heists & Cyber Espionage
Article Link: https://www.darkreading.com/threat-intelligence/asylum-ambuscade-cyberattackers-financial-cyber-espionage
- Researchers have linked a series of financially motivated attacks and a group of advanced persistent threat (APT)-like espionage activities to a single cybercrime entity, after previously believing the work to be that of two different actors.
- According to ESET, the threat actors known as “Asylum Ambuscade” appear to be simultaneously targeting financial institutions and political entities. The key difference is that the bad actors use custom malware for cyber espionage campaigns and “spray-and-pray”-style malicious Google ads on financial institutions.
- Link to ESET’s Report: https://www.welivesecurity.com/2023/06/08/asylum-ambuscade-crimeware-or-cyberespionage/
Verizon DBIR: Social Engineering Breaches Double, Leading to Spiraling Ransomware Costs
Article Link: https://www.darkreading.com/threat-intelligence/verizon-dbir-social-engineering-breaches-spiraling-ransomware-costs
- Verizon’s annual “Data Breach Investigations” report, which reviewed over 16,000 incidents, was recently published offering statistical insight into cyber threats and data breaches at a macro level.
- According to Verizon, 74% of all data breaches included the human element with people being involved either via error, privilege misuse, use of stolen credentials, or social engineering. Additionally, social engineering accounted for 17% of the initial 74% of data breaches.
- Additionally, Verizon shared that the median cost of ransomware attacks has doubled over the past year. Likewise, ransomware accounted for 24% of all incidents, in line with last year’s numbers.
- Link to Verizon’s Report: https://www.verizon.com/business/resources/reports/dbir/
How to Improve Your API Security Posture
Article Link: https://thehackernews.com/2023/06/how-to-improve-your-api-security-posture.html
- Artificial programming interfaces (APIs) are a popular target for attackers due to the level of access an exploited API can provide. As such, it is vital to have a robust API security posture.
- API posture management refers to the process of monitoring and managing the security posture of your APIs. This involves identifying potential vulnerabilities and misconfigurations and remediating them. Additionally, posture management assists in classifying sensitive data and ensuring compliance with applicable regulations.
- The article notes four steps to API posture management. These include discovery, assessment, remediation, and monitoring. The article also provides six steps that enhance the security posture of APIs. These are using secure authentication and authorization mechanisms, implementing role-based access control, using SSL/TLS encryption, implementing rate limiting, monitoring and logging API activity, and conducting regular API security audits.
Employee Cybersecurity Awareness Takes Center Stage in Defense Strategies
Article Link: https://www.helpnetsecurity.com/2023/06/09/employees-cybersecurity-knowledge/
- According to a report from Fortinet, who surveyed over 1,800 IT and cybersecurity decision makers, 81% of organizations faced malware, phishing, and password attacks within the last year. Additionally, 85% of those surveyed say they have security awareness and training programs, yet over 50% believe their employees still lack cybersecurity knowledge.
- The report also highlighted that 93% of those surveyed indicated that their board of directors are asking about the organization’s cyber defenses and strategy. With many attacks targeting users, cybersecurity awareness training either already is or will be part of the “defense equation” when cybersecurity and IT decision makers communicate with their boards.
- Link to Fortinet’s Report: https://www.fortinet.com/de/corporate/about-us/newsroom/press-releases/2023/fortinet-research-finds-over-80-perfect-of-organizations-experience-cyber-attacks-that-target-employees
CEO Guilty of Selling Counterfeit Cisco Devices to Military, Govt Orgs
Article Link: https://www.bleepingcomputer.com/news/security/ceo-guilty-of-selling-counterfeit-cisco-devices-to-military-govt-orgs/
- A Florida man has pleaded guilty to importing and selling counterfeit Cisco networking equipment to various organizations, including education, government agencies, healthcare, and the military through numerous fraudulent company aliases sourced to a company called Pro Network Entities.
- According to the Department of Justice, Pro Network Entities imported old, used, or low-grade network equipment from China and Hong Kong, having the exporters modify the equipment so they appeared as genuine, brand-new Cisco devices. Pirated versions of Cisco software were also loaded onto the devices and Cisco documentation was provided to increase legitimacy.
- The man in charge of the scheme made over $100 million between 2014 and 2022. The maximum sentence for the man is 6.5 years in prison and the forfeiture of $15 million, given as restitution to victims of the scam. People or businesses that bought products from the various shops are encouraged to follow instructions provided on a dedicated webpage, which includes emailing a questionnaire to a Homeland Security email address.
- Link to DoJ’s Restitution Information: https://www.justice.gov/usao-nj/united-states-v-onur-aksoy-pro-network
Feds Find Information Security Flaws at Minnesota VA Medical Center
- The Department of Veterans Affairs’ Office of Inspector General found that the St. Cloud, MN medical center did not meet federal information security guidelines in configuration management, contingency planning and access controls. Other issues included missing security patches for several devices, no accurate inventory of St. Cloud’s IT assets and no video surveillance in its data center.
- The inspector general made several recommendations to the facility in an attempt to shore up its cybersecurity defenses.
