Information Security News 6-24-2024

Share This Post

CDK Global Cyberattack Impacts Thousands of US Car Dealerships

Article Link: https://www.bleepingcomputer.com/news/security/cdk-global-cyberattack-impacts-thousands-of-us-car-dealerships

  • CDK Global, a company that offers software as a service to automobile dealers, experienced a significant cyberattack leading to system shutdowns and operational disturbances for its customers.
  • CDK Global’s software supports various car dealership activities such as customer relationship management, financing, payroll, inventory, and back-office operations. It is utilized by more than 15,000 car dealerships in North America.
  • CDK has informed dealerships to disable their always-on VPNs due to security concerns. There is a worry that attackers could exploit the VPNs to infiltrate dealership networks, especially since CDK software has administrative access to dealership devices, increasing the potential threat.
  • Users have experienced difficulties logging in, leading dealerships to switch to manual processes or send employees home due to the disruptions. BlackSuit ransomware is allegedly to blame for the outage, including backups. CDK is currently investigating the incident and working to restore systems, which could take several days. CDK has already brought back CDK Phones, DMS, and Digital Retail.
  • Link to Additional Information: https://www.reuters.com/technology/cybersecurity/cdk-global-begins-restore-systems-after-cyber-hack-bloomberg-news-reports-2024-06-23/

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining

Article Link: https://thehackernews.com/2024/06/new-malware-targets-exposed-docker-apis.html

  • A recent malware campaign is focusing on publicly exposed Docker API endpoints to distribute cryptocurrency miners and other harmful payloads. The attackers are utilizing various tools, including a remote access tool for downloading and running additional malware, as well as a utility for spreading malware through SSH.
  • The campaign exhibits tactical resemblances to a previous operation known as Spinning YARN, which focused on exploiting misconfigured services for crypto-jacking.
  • The attack commences by focusing on Docker servers with open ports, conducting reconnaissance, privilege escalation, and exploitation.
  • Shell scripts play a crucial role in this malware campaign by executing remote access, installing tools, and achieving command and control. They facilitate payload retrieval, environment setup, and maintain control over compromised systems, ensuring continued access and further exploitation.
  • Link to Datadog Report: https://securitylabs.datadoghq.com/articles/attackers-deploying-new-tactics-in-campaign-targeting-exposed-docker-apis/

ONNX Phishing Service Targets Microsoft 365 Accounts at Financial Firms

Article Link: https://www.bleepingcomputer.com/news/security/onnx-phishing-service-targets-microsoft-365-accounts-at-financial-firms

  • A new phishing-as-a-service platform, called ONNX Store, uses QR codes in PDF attachments to target Microsoft 365 accounts, with a focus on financial institutions. The platform uses Telegram bots to operate and targets Office 365 and Microsoft 365 accounts. It also has 2FA bypass techniques.
  • In February 2024, the ONNX attacks started with the distribution of phishing emails. These emails included PDF attachments that carried malicious QR codes.
  • The QR code scanning bypasses anti-phishing measures, which then leads victims to counterfeit Microsoft 365 login pages. This enables the capture of login details and 2FA tokens in real-time, providing attackers with the ability to take over accounts.
  • The service offers four different subscription levels with a range of options, such as personalized redirects, dynamic codes, and 2FA cookie interception.
  • Link to the Report: https://blog.eclecticiq.com/onnx-store-targeting-financial-institution

CISA Conducted First-Ever AI Security Incident Response Drill

Article Link: https://www.bankinfosecurity.com/cisa-conducts-first-ever-ai-security-incident-response-drill-a-25540

  • CISA is creating a structure to manage reactions to security incidents related to AI. The first AI security incident tabletop exercise for the federal government was led by CISA, involving more than 50 experts.
  • The exercise was designed to aid in the creation of a playbook for AI Security Incident Collaboration. The leadership for this initiative and the planning of upcoming exercises are being undertaken by CISA’s Joint Cyber Defense Collaborative (JCDC.AI).
  • The individuals involved comprised government entities such as the FBI and NSA, as well as key players in the industry like Microsoft, IBM, and Amazon Web Services. In 2024, the JCDC is focusing on identifying and addressing AI-related threats to critical infrastructure.

U.S. Bans Kaspersky Software, Citing National Security Risks

Article Link: https://thehackernews.com/2024/06/us-bans-kaspersky-software-citing.html

  • The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) has prohibited Kaspersky Lab’s U.S. subsidiary from providing its security software in the United States. This ban also applies to Kaspersky’s affiliated companies, subsidiaries, and parent companies related to national security concerns attributed to the Russian organization.
  • The BIS has indicated that the prohibition is essential as Kaspersky’s software creates opens the door to potentially accessing sensitive U.S. data and installing harmful software. As of July 20th, Kaspersky is prohibited from marketing its software to American consumers and businesses. However, the company can provide updates to existing customers until September 29th.
  • Current customers need to find new options within 100 days to prevent security vulnerabilities. Kaspersky disagrees with the move, stating that it is influenced by political factors and hypothetical worries, and cautions that it might aid cybercrime by hindering global collaboration.

FCC Tackles Router Vulnerabilities with New Cybersecurity Push

Article Link: https://incompliancemag.com/fcc-tackles-router-vulnerabilities-with-new-cybersecurity-push/

  • The FCC has put forward new regulations to bolster the security of internet routers and protect against cyber threats. Broadband providers will be required to share confidential strategies with the FCC outlining their plans to enhance security using border gateway protocol (BGP).
  • It is necessary for these plans to contain strategies that make use of the resource public key infrastructure (RPKI) to ensure BGP security.
  • The FCC requires quarterly progress reports from the top nine broadband providers on their efforts to reduce BGP-related risks.
  • The purpose of these regulations is to guarantee that the FCC and national security allies receive prompt updates on initiatives aimed at securing internet routing.
  • Link to the FCC Reporting Requirements: https://www.fcc.gov/document/fcc-proposes-internet-routing-security-reporting-requirements-0

Minnesota Passes the Consumer Data Privacy Act

Article Link: https://www.jdsupra.com/legalnews/minnesota-passes-the-consumer-data-3852180

  • Minnesota has passed the Minnesota Consumer Data Privacy Act, which will go into effect on July 31st, 2025. This law applies to businesses operating in Minnesota or marketing to Minnesota consumers and is based on certain data criteria.
  • It provides individuals with entitlements including the right to access, correct, delete, and transfer their data. It also allows them to opt out of targeted ads and the sale of their personal information. At the same time, it places responsibilities on data controllers in terms of limiting data collection, being transparent, and safeguarding the data.
  • It is mandatory for controllers to perform Data Protection Impact Assessments for specific data processing activities. The Minnesota Attorney General’s Office will enforce this requirement, and there will be penalties of up to $7,500 per violation after January 31st, 2026.
  • Link to the Full Text: https://www.house.mn.gov/members/Profile/News/15517/39462



Reach out to our incident response team for help

More To Explore

Information Security News – 2/3/2025

Phishing Campaign Baits Hook with Malicious Amazon PDFs Article Link: https://www.darkreading.com/cyberattacks-data-breaches/phishing-campaign-malicious-amazon-pdfs Cybersecurity Crisis in Numbers Article Link: https://www.helpnetsecurity.com/2025/01/29/data-breach-notices/ Google Forced to Step Up Phishing Defenses

Information Security News – 1/27/2025

Ransomware Attackers Are “Vishing” Organizations Via Microsoft Teams Article Link: https://www.helpnetsecurity.com/2025/01/21/ransomware-attackers-are-vishing-organizations-via-microsoft-teams-email-bombing/ FTC Orders GM to Stop Collecting and Selling Driver’s Data Article Link: https://www.bleepingcomputer.com/news/legal/ftc-orders-gm-to-stop-collecting-and-selling-drivers-data/ Brave

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.