Microsoft Confirms Azure, Outlook Outages Caused by DDoS Attacks
Article Link: https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-azure-outlook-outages-caused-by-ddos-attacks/
- Microsoft has confirmed that outages to Outlook, OneDrive, and Azure web portals on June 7th, 8th, and 9th, respectively, resulted from Layer 7 distributed denial-of-service (DDoS) attacks against the company’s services.
- Microsoft attributed the attack to a group known as Storm-1359, or Anonymous Sudan; however other researchers suggest that the attackers are linked to Russia as opposed to Sudan. The hackers demanded Microsoft pay $1 million to stop the DDoS attacks.
- Following these attacks on Microsoft, the group also threatened to attack banking transfer systems, such as SWIFT, in collaboration with several Russian threat actor groups.
- Link to Microsoft’s Report and DDoS Tips: https://msrc.microsoft.com/blog/2023/06/microsoft-response-to-layer-7-distributed-denial-of-service-ddos-attacks/
US Energy Department, Other Agencies Hit in Global Hacking Spree
Article Link: https://www.reuters.com/world/us/us-government-agencies-hit-global-cyber-attack-cnn-2023-06-15/
- The U.S. Department of Energy and several other federal agencies were hit in a global hacking campaign that exploited a vulnerability in the MOVEit file-transfer software, CISA officials said on Thursday. A variety of other organizations have either self-reported similar incidents or been named by the threat actors.
- According to a TechCrunch article, the threat actor behind the attacks, Cl0p, announced on its leak site that the compromised data of governments, cities, or police services were erased from Cl0p’s systems.
- Additionally, on June 15th another vulnerability was discovered within the MOVEit Transfer system, marking the third significant vulnerability found in the MOVEit system within the last month.
- Link to the TechCrunch Article: https://techcrunch.com/2023/06/15/moveit-clop-mass-hacks-banks-universities/
- Link to Third Vulnerability Information: https://www.darkreading.com/vulnerabilities-threats/third-moveit-transfer-vulnerability-progress-software
St. Margaret’s Health is the First Hospital to Cite a Cyberattack as a Reason for Its Closure
Article Link: https://securityaffairs.com/147430/cyber-crime/st-margarets-health-closes-cyberattack.html
- In February 2021, a ransomware attack hit the St. Margaret’s Health in Spring Valley, Illinois and forced the organization to shut down IT infrastructure and payment systems for several months to contain the threat.
- In addition to staff shortages and the Covid-19 pandemic, the ransomware incident has forced the hospital to close, leaving a healthcare gap in a relatively rural part of Illinois.
Attackers Set Up Rogue GitHub Repos with Malware Posing as Zero-Day Exploits
Article Link: https://www.csoonline.com/article/3699710/attackers-set-up-rogue-github-repos-with-malware-posing-as-zero-day-exploits.html
- A hacker has been setting up rogue GitHub repositories that claim to host zero-day exploits for popular applications, but actually deliver malware. Additionally, the attacker created a fake cybersecurity company called “High Sierra Cyber Security,” fake GitHub and Twitter accounts posing as security researchers, and even used real photos of researchers from well-known cybersecurity firms.
- The fake accounts were used to contact other, real researchers and invite them to collaborate. The fake accounts send Visual Studio projects with proof-of-concept code, but they also include malicious DLL’s that deploy on victims’ machines.
- Link to VulnCheck’s Report: https://vulncheck.com/blog/fake-repos-deliver-malicious-implant
How Popular Messaging Tools Instill a False Sense of Security
Article Link: https://www.darkreading.com/cloud/how-popular-messaging-tools-instill-a-false-sense-of-security
- An increasing number of organizations are taking advantage of messaging and collaboration tools, like Teams or Slack. That said, these apps can instill a false sense of security, putting millions of users at risk for cyberattacks or data exposure.
- Threats for these tools range from impersonating other users for phishing purposes to stealing access tokens and other attacks that abuse the trust of users. As such, it is recommended that organizations consider building messaging security into their strategy instead of hyper focusing on email phishing.
- The article provides four awareness tips for the users of messaging platforms. These include not accepting federated access with everybody, considering the intentions and legitimacy of the messages other users send, being mindful of executables being sent, and having administrators leverage tools to review behavioral analytics.
Cyber Liability Insurance vs. Data Breach Insurance: What’s the Difference?
Article Link: https://www.csoonline.com/article/3698297/cyber-liability-insurance-vs-data-breach-insurance-whats-the-difference.html
- Companies across the globe have looked to cyber insurance as a means of protecting themselves from cyber events and incidents. As the article highlights, the terms “cyber liability insurance” and “data breach insurance” are often used interchangeably despite having different meanings in the US.
- In the United States, cyber liability insurance tends to cover any direct cyber incident expenses and legal fees. However, data breach insurance is a subset of cyber liability insurance and will only cover some aspects of cyber incident losses. Additionally, this varies from region to region with the United Kingdom and Australia specifically noted as having differences in this article.
- The bottom line is that companies who are purchasing cyber insurance should ensure that the coverage they purchase is understood and appropriate for their needs.
WISP Required! Key Components in Your Firm’s Written Information Security Plan
- This article provides a brief overview of the FTC Safeguards rule’s updated requirements that were rolled out on June 9, 2023. Specifically, it looks at key components of the required Written information Security Plan (WISP).
- The six key features of the WISP include designating a WISP leader or representative, conducting a risk assessment, implementing “enterprise-grade” security safeguards or controls, conducting regular testing and monitoring of cyber safeguards, running employee cybersecurity education programs, and preparing an incident (or breach) response plan ensuring that cyber insurance is adequately in place.
- Link to FRSecure’s FTC Brief: https://frsecure.com/blog/ftc-safeguards-rule-what-you-need-to-know/
EU Passes Landmark Artificial Intelligence Act
Article Link: https://www.infosecurity-magazine.com/news/eu-passes-landmark-ai-act
- On June 14, 2023, the European Union passed the negotiating position (foundational version) of its Artificial Intelligence Act, which aims to develop relatively strict regulations for AI-based services.
- As the Act currently stands, the plan is to fully ban AI for biometric surveillance, emotion recognition, and predictive policing. Likewise, generative AI systems must identify that content was AI generated. The act prescribes additional regulatory actions relating to AI. Noncompliance is set to follow similarly with the EU’s GDPR with fines having a maximum of $32 million or 6% of global profits.
- While other nations or governing bodies have yet to consider regulations for AI, the European supranational organization is hoping to pioneer regulatory requirements in a similar vein to that of the GDPR and privacy regulations as a whole.
- Link to the EU’s Press Release: https://www.europarl.europa.eu/news/en/press-room/20230609IPR96212/meps-ready-to-negotiate-first-ever-rules-for-safe-and-transparent-ai
