Information Security News 7-22-2024

Share This Post

U.S. Data Breach Victim Numbers Increase by 1,000%, Literally

Article Link: https://www.darkreading.com/cyberattacks-data-breaches/us-data-breach-victim-numbers-increase-1000

  • The number of U.S. data breach victims surged by over 1,000% in the first half of 2024 compared to the previous year, as reported by the Identity Theft Resource Center (ITRC) in their “ITRC H1 2024 Data Breach Analysis” report.
  • Although the number of breaches decreased by 12%, the victim count skyrocketed due to several large-scale data breaches, including those at Prudential Financial and Infosys McCamish System, affecting companies like Fidelity and Bank of America.
  • In the first six months of 2024, over 1 billion individuals were affected by data breaches, a 490% increase from the same period in 2023. This figure excludes the significant Change Healthcare breach.
  • Eva Velasquez, ITRC president, emphasized the need for heightened data and identity protection for individuals, businesses, institutions, and government agencies in light of these alarming statistics.
  • Link to the ITRC’s Report: https://www.idtheftcenter.org/publication/itrc-h1-data-breach-analysis/

Tech Outage Eases After Widespread Disruption

Article Link: https://www.reuters.com/technology/global-cyber-outage-grounds-flights-hits-media-financial-telecoms-2024-07-19/

  • Recently, a defective cybersecurity update from CrowdStrike caused a widespread outage, impacting millions of Windows PCs. The technical incident led to significant disruptions across various industries leading to the grounding of flights, halting of broadcasters, and disruption of other organizations like banks, hospitals, and 911 dispatch centers.
  • According to CrowdStrike, a workaround has been published to resolve this problem and Microsoft is collaborating with CrowdStrike to provide ongoing updates and support. Despite implementing fixes, CrowdStrike noted that restoring the estimated 8.5 million affected Windows devices will likely take time.
  • The incident raised concerns about the susceptibility of interconnected technologies and organizational readiness, prompting CrowdStrike’s CEO to apologize for the impact the issue caused. As a result, experts emphasize the need for better contingency plans and backups.
  • Link to Workaround: https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3353

Threat Actors Ramp Up Use of Encoded URLs to Bypass Secure Email

Article Link: https://www.darkreading.com/cyberattacks-data-breaches/threat-actors-ramp-up-use-of-encoded-urls-to-bypass-secure-email

  • Secure email gateways (SEGs) guard against malware and phishing; however, they can be tricked to let bad emails through. Researchers from Cofense recently saw a surge in attacks where SEGs hid harmful URLs and were sneaking past email checks.
  • SEGs change URLs in emails to check if they are safe, but some SEGs wrongly think encoded URLs are okay, letting dangerous links slip by without proper checking. This occurs when SEGs do not scan encoded URLs or only see the sender’s SEG domain.
  • Attackers used SEG encoding more this year, especially in the second quarter. SEGs operated by vendors like VIPRE, Bitdefender, Hornet Security, and Barracuda were exploited repeatedly.
  • Most SEGs cannot ignore other SEG encoding very well. The best defense is teaching users to spot phishing emails even with SEG-encoded URLs.
  • Link to Cofense’s Report: https://cofense.com/blog/seg-vs-seg-how-threat-actors-are-pitting-email-security-products-against-each-other/

Disney Suffers Massive Internal Communications Data Leak After Cyberattack

Article Link: https://www.csoonline.com/article/2517985/disney-suffers-massive-internal-communications-data-leak-after-cyberattack.html

  • Recently, the Walt Disney Company was allegedly hit with a large data breach, where internal chats from their Slack channels were leaked online. The hacker group NullBulge took credit for it, claiming to have exfiltrated and released over a terabyte of data. This includes details about ad campaigns, studio equipment, and job interviews.
  • The Wall Street Journal reported that the leaked data goes back to 2019. Likewise, the data covers Disney’s website management, software development, and hiring processes. Cybersecurity experts believe stolen or leaked Slack Application Programming Interface (API) keys caused this breach.
  • API keys can be found on sites like GitHub, which easily give access to public Slack channels. Security missteps or weak third-party tools may also help attackers replicate their tactics on more organizations.

Ransomware Recovery in Energy, Water Sectors Hits $3 Million, Quadrupling in One Year

Article Link: https://cybernews.com/news/ransomware-recovery-energy-water/

  • In a survey by Sophos, involving 5,000 tech leaders worldwide, it was found that dealing with cyberthreats like ransomware cost the energy and water sectors a hefty $3 million, accentuating the serious financial impact of such attacks.
  • 49% of these attacks start with a weak access/entry point being exploited, highlighting the need for stronger security controls. Only 20% of companies restored their systems within a week in 2024, down from 41% in 2023.
  • CISOs within the energy and water sectors need to act now and understand that their organizations are targets. Likewise, CISOs need to be prepared for threats by ensuring their organization has set up an adequate level of monitoring, developed incident response plans, and created information security plan strategies.
  • Link to Sophos’ Report: https://news.sophos.com/en-us/2024/07/17/the-state-of-ransomware-in-critical-infrastructure-2024/

Automated Threats Pose Increasing Risk to the Travel Industry

Article Link: https://thehackernews.com/2024/07/automated-threats-pose-increasing-risk.html

  • As summer travel and big European sports events come, the travel industry is seeing more malicious bots. European cybersecurity firm, Imperva, a Thales company, warns about this rise. These bots cause trouble by stealing fares, spinning seats, and taking over accounts.
  • Fare-scraping bots take pricing information without asking. This makes costs go up and data wrong. Seat spinning bots book and then cancel reservations to fake scarcity, tricking customers into paying more. Account takeovers steal user info for fraud and identity theft.
  • Imperva suggests that organizations within the travel and entertainment industries fight these threats via advanced traffic checks, real-time bot spotting, and layered defenses. Additionally, organizations should block old browsers, limit access from bulk IP centers, watch for weird traffic patterns, and use behavior analysis to differentiate good users from bad ones.

AT&T’s Massive Breach of Metadata is a Criminal Treasure Trove – As Spy Agencies Know

Article Link: https://www.csoonline.com/article/2516887/atts-data-breach-isnt-trivial-especially-to-spy-agencies.html

  • Between April 14 and April 25, 2024, hackers stole AT&T call data records (CDRs) via a third-party cloud platform. This breach, detailed in an SEC 8k filing, included customer call and text records from May 1 to October 31, 2022, and January 2, 2023.
  • While CDRs are often utilized in criminal cases to establish connections between victims and perpetrators, their potential extends beyond this, offering valuable information such as geolocation, service providers, and usage patterns to nations, criminal organizations, and competitors.
  • Tools for analyzing CDRs are widely available, aiding in geo-fencing, network mapping, and behavioral pattern recognition. Advanced AI enhances these capabilities, revealing relationships and patterns that are useful for legitimate and illicit purposes.
  • The AT&T breach stresses the need to protect CDRs from theft and misuse. Nation-states like China have targeted telecom companies for CDR data, as seen in APT10 and APT31 hacks. Companies must prioritize strong information security measures to protect this sensitive data.
  • Link to AT&T’s SEC 8K Filing: https://investors.att.com/financial-reports/sec-filings

Navigating Insider Risks: Are Your Employees Enabling External Threats?

Article Link: https://thehackernews.com/2024/07/navigating-insider-risks-are-your.html

  • Insider attacks, from employees unaware of security best practices or prioritizing efficiency, pose a serious threat by potentially inviting external threats, leading to financial losses, reputation damage, operational disruptions, and intellectual property theft.
  • To reduce unintended insider attacks, companies should educate employees on security, promote a culture of security, monitor user activity, and use reconstruction technology to protect content and backups.
  • Organizations like Carnegie Mellon’s Software Engineering Institute (SEI), MITRE, the National Insider Threat Task Force, and CISA have offered strategies for leaders and HR teams to manage employees and implement technical measures to prevent accidental and intentional insider security breaches.


Reach out to our incident response team for help

More To Explore

Information Security News 9-30-2024

NIST Drops Password Complexity, Mandatory Reset Rules Article Link: https://www.darkreading.com/identity-access-management-security/nist-drops-password-complexity-mandatory-reset-rules Hacker Plants False Memories in ChatGPT to Steal User Data in Perpetuity Article Link: https://arstechnica.com/security/2024/09/false-memories-planted-in-chatgpt-give-hacker-persistent-exfiltration-channel/

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.