North Korean Hacker Got Hired by U.S. Security Vendor, Immediately Loaded Malware
Article Link: https://arstechnica.com/tech-policy/2024/07/us-security-firm-unwittingly-hired-apparent-nation-state-hacker-from-north-korea/
- KnowBe4, a U.S. security firm, hired what is believed to be a North Korean hacker to be a software engineer by mistake. KnowBe4’s CEO, Stu Sjouwerman, shared the story as a warning and noted that no illegal access happened, and no data was stolen.
- The hacker used a stolen U.S. identity and an AI photo to pass background checks and video interviews. Despite several interviews and reference checks, the fake ID went unnoticed.
- Suspicious activities showed up soon after the fake employee received their workstation as the threat actor tried to install malware on their device. KnowBe4’s Security Operations Center (SOC) investigated and quickly contained the incident.
- The FBI is currently investigating this case and believe that the hacker might be associated with North Korea’s government. KnowBe4 told cybersecurity experts about it, stressing better hiring processes to avoid such incidents again.
Most CISOs Feel Unprepared for New Compliance Regulations
Article Link: https://www.helpnetsecurity.com/2024/07/26/cisos-compliance-regulations-preparedness/
- The role of CISOs is shifting from a technical focus to a strategic one, driven by new regulations like the SEC’s cybersecurity disclosure rules in the USA and the EU’s Digital Operational resilience Act (DORA). Onyxia surveyed over 200 CISOs across various U.S. industries. Sixty-seven percent feel unprepared for compliance, and 52% lack knowledge on reporting cyber-attacks to the government.
- Developing effective incident response strategies remains a challenge, with 56% of CISOs uncomfortable with current approaches and 67% struggling to gain C-suite buy-in for security strategies.
- AI is seen as a key tool for enhancing risk management, with 97% of CISOs believing it can identify security gaps, redundancies, and automate risk reporting.
- Basic security measures like multi-factor authentication (MFA) and strong passwords are lacking, with 11% of user accounts having weak passwords and 13% lacking MFA, underlining a need for improvement.
- Link to Onyxia’s Report: https://www.onyxia.io/blog/new-research-report-the-voice-of-the-ciso-2024
Ransomware and BEC Make Up 60% of Cyber Incidents
Article Link: https://www.infosecurity-magazine.com/news/ransomware-bec-cyber-incidents/
- Ransomware and business email compromise (BEC) attacks were the most common types of cyber incidents in the second quarter of 2024, accounting for 60% of all reported incidents observed by Cisco Talos. Technology companies were the most targeted sector, with a 30% increase in attacks compared to the previous quarter.
- Compromised credentials on valid accounts were the most common methods of initial access, representing a 25% rise from the second quarter. Vulnerable or misconfigured systems and a lack of proper multifactor implementation, both up by 46% from Q2 2024.
- Ransomware attacks increased by 22% in the second quarter, with attackers using novel tactics such as leveraging valid tools and sending harassing messages to victims.
- Still posing a threat, BEC attacks fell to 30% of all incidents, down 20% from the first quarter of the year. Attack methods, such as smishing, phishing, and creating fake login pages to illicit credentials continue to be favorite common tricks.
- Link to Cisco Talos’ Q2 2024 Report: https://blog.talosintelligence.com/ir-trends-ransomware-on-the-rise-q2-2024/
Data Pilfered from Pentagon IT Supplier Leidos
Article Link: https://www.theregister.com/2024/07/24/leidos_data_leak/
- Internal documents from Leidos Holdings, a top IT services provider for the U.S. government, have recently surfaced on the Dark Web. While these documents do not include confidential customer data, they emphasize the fundamental need for strong security measures.
- The leak is traced back to a 2022 breach at Diligent Corporation, a software provider used by Leidos. Although the breach was known, the leaked information has only now been discovered.
- The stolen data largely comprises of Leidos’ internal information, such as employee reviews and complaints, rather than sensitive government details.
- This incident could lead to increased scrutiny from clients and may prompt Leidos to reevaluate its security standards for handling third-party relationships. Given their role with U.S. agencies and a new NASA contract, addressing the breaches fallout is significant.
Largest Trial Court in the U.S. Closes After Ransomware Attack
Article Link: https://www.reuters.com/legal/government/los-angeles-court-closed-after-ransomware-attack-2024-07-22/
- After discovering a ransomware attack on Friday, July 19, 2024, Los Angeles Superior Court, the largest unified trial court in the U.S., was forced to close all 36 of its locations.
- This attack resulted in disruptions to the court’s network systems, prompting a temporary shutdown in order to repair and secure the affected systems.
- While essential functions, such as the jury duty portal and case management system were affected, preliminary investigations suggest no user data was compromised.
- The court resumed operations on Tuesday, July 23, 2024, but delays and limited functionality remain anticipated as efforts to fully restore systems continue.
Patch Management Still Seemingly Abysmal Because No One Wants the Job
Article Link: https://www.theregister.com/2024/07/25/patch_management_study/
- Despite the importance of keeping software up to date to prevent security vulnerabilities, many organizations struggle to effectively address all potential threats. According to Forrester principal analyst Andrew Hewitt, most organizations only manage to handle 75-85% of identified vulnerabilities, leaving their systems vulnerable to malware attacks and compliance issues.
- With the increasing number of third-party applications and intricate natures of modern IT systems, it becomes challenging for IT teams to keep up with necessary updates. Unclear ownership of patching responsibilities only adds to the problem, creating gaps in coverage that can be exploited by malicious actors.
- To combat these risks, experts recommend improved collaboration between IT and security teams, as well as the implementation of automation tools to streamline and enhance the patching process. However, many organizations hesitate to make these changes due to concerns about technical debt and operational challenges.
- Link to Adaptiva’s Study: https://adaptiva.com/resources/report/state-of-patch-management
Google Has Changed Its Mind About ‘Killing’ Third-Party Tracking Cookies
https://mashable.com/article/google-backtracks-on-killing-cookies
- Four years ago, Google said it would phase out third-party cookies. Privacy advocates cheered this move, as it was meant to stop tracking and protect user data better. However, Google has revised its stance on third-party cookies in Chrome, shifting from its initial goal of eliminating them to simply enhancing optional user privacy controls.
- Google announced that it will retain third-party cookies as a default feature while also offering user-privacy focused options as an alternative method for Privacy Sandbox users. This approach aims to balance the competing interests of maintaining advertising functionality and addressing privacy concerns.