Information Security News 7-8-2024

Share This Post

Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers

Article Link: https://www.recordedfuture.com/caught-in-the-net-using-infostealer-logs-to-unmask-csam-consumers

  • Researchers at Recorded Future, in collaboration with the World Childhood Foundation (WCF) and Anti-Human trafficking Intelligence Initiative (ATII), have identified thousands of users on darknet child abuse websites using credentials stolen by infostealer malware.
  • The study demonstrates how infostealer malware data can be used to recognize consumers of child sexual abuse material (CSAM) on the dark web.
  • Law enforcement agencies are actively using this data to identify and investigate potential criminals. According to the report, approximately 3,300 unique users were identified, with 4.2% having credentials for multiple CSAM sources, indicating a higher likelihood of criminal behavior.
  • The inclusion of case studies where individuals were identified and linked to potential crimes against children made the issue more tangible and pressing, while also uncovering the evolving tactics in cybercrime.

TeamViewer Cyber-Attack Attributed to Russian APT Midnight Blizzard

Article Link: https://www.infosecurity-magazine.com/news/teamviewer-attack-russian-apt/

  • TeamViewer, widely used in important areas like factories, hospitals, and government offices, recently suffered a cyber-attack linked to the Russian group Midnight Blizzard/APT29.
  • The attack was contained within their corporate IT environment, and there’s no evidence that customer data was impacted.
  • The attackers used a compromised employee account to access sensitive employee information, such as names, contact details, and encrypted passwords. However, the company reassured the public that their products and services remain secure and unaffected.
  • The US Health Information Sharing and Analysis Center (H-ISAC) issued a warning to healthcare organizations about the active exploitation of TeamViewer, recommending healthcare organizations take steps like turning on two-factor authentication and using lists to control who can access their systems.
  • Link to H-ISAC Alert: https://www.aha.org/news/headline/2024-06-27-bulletin-alerts-health-sector-cyberthreat-exploits-teamviewer

A CISO’s Guide to Avoiding Jail After a Breach

Article Link: https://www.darkreading.com/cybersecurity-operations/a-cisos-guide-to-avoiding-jail-after-a-breach

  • Joe Sullivan, former Uber CSO, went from a top cybersecurity expert to researching prison life after mishandling a major data breach in 2016.
  • The U.S. federal government is increasingly holding security leaders accountable for cyberattacks, often targeting individuals within companies to set examples.
  • The threat of legal action is making top cybersecurity professionals hesitant to take on CISO roles, potentially lowering the quality of cybersecurity leadership.
  • To avoid legal trouble, CISOs should focus on clear communication, collaboration, and involving other board members in cybersecurity decisions.

Euro 2024 Becomes the Latest Sporting Event to Attract Cyberattacks

Article Link: https://www.darkreading.com/cloud-security/euro-2024-becomes-latest-sporting-event-to-attract-cyberattacks

  • Over 15,000 Union of European Football Associations (UEFA) customer credentials have been exposed on underground forums, with an additional 2,000 accounts for sale on the Dark Web.
  • Major sporting events, like Euro 2024, are prime targets for cyberattacks, with threats including DDoS attacks, phishing, and credential theft.
  • Past major sporting events, like the 2018 Winter Olympics and the 2022 World Cup, have also encountered significant cyber threats.
  • The upcoming 2024 Summer Olympics in Paris is expected to experience similar digital threats, with attackers likely to shift their focus toward the global event.
  • Industry professionals encourage people to avoid using work emails for non-business services and ensure passwords are strong and unique to guard against cyberattacks.

500% Surge in Ransomware Losses

Article Link: https://thehackernews.com/2024/07/how-mfa-failures-are-fueling-500-surge.html

  • A recent survey of 5,000 IT and cybersecurity leaders from 14 countries reveals that ransomware payments have skyrocketed by 500% in the past year, with average payments now hitting $2 million. This dramatic increase is 5-fold over last year’s $400,000 price tag.
  • The most significant factor contributing to this trend [the 500% rise] is a broad reliance on twenty-year-old, legacy multi-factor authentication (MFA).
  • Cybercriminals are using advanced AI to create convincing fake emails that trick people into giving away their security details, targeting organizations with outdated security systems that can’t defend against modern attacks, and demanding high ransom payments by causing major disruptions.
  • To combat these threats, organizations should adopt next-generation MFA solutions that use biometrics like fingerprints and facial recognition for better security.
  • Sophos Report: https://news.sophos.com/en-us/2024/04/30/the-state-of-ransomware-2024/

Evil Twin Wi-Fi Attacks Uncovered at Airports and on Flights

Article Link: https://secalerts.co/news/evil-twin-wifi-attacks-uncovered-at-airports-and-on-flights/2sGrf7qLnEbpDgBcpM40kq

  • A 42-year-old Australian man faces nine charges for allegedly setting up multiple fake free Wi-Fi access points at airports and on flights to capture personal data.
  • The plot was uncovered after airline employees reported a suspicious Wi-Fi network, leading to an Australian Federal Police (AFP) investigation.
  • The man allegedly used a portable wireless device to create networks mimicking legitimate ones, tricking travelers into providing personal information.
  • AFP advises against entering personal details on public Wi-Fi and recommends using a VPN for security. Organizations should limit what wireless streams users can access and/or require VPN usage holistically.

Hackers Abused API to Verify Millions of Authy MFA Phone Numbers

Article Link: https://www.bleepingcomputer.com/news/security/hackers-abused-api-to-verify-millions-of-authy-mfa-phone-numbers/

  • Twilio revealed a security flaw that exposed millions of Authy users’ phone numbers, making them vulnerable to phishing and SIM swapping attacks, with the hacker group ShinyHunters leaking a file containing 33 million phone numbers.
  • The potential risks of leaked phone numbers can be used for smishing and cleverly cross-referencing data from other breaches to perform SIM swapping attacks to crack into accounts on cryptocurrency exchanges.
  • Twilio has secured the API endpoint and is urging all Authy users to update their apps and stay vigilant against phishing attacks, yet it remains unclear how this security update helps to protect users from threat actors using the scraped data in the attacks.
  • Organizations should regularly check and secure the data storage services they use from other companies to prevent similar breaches.
  • In what is presumably an unrelated incident, Twilio also recently started sending data breach notifications related to a third-party’s unsecured AWS S3 bucket leaking SMS-related data sent through the company between January 2024 and May 2024.

.



Reach out to our incident response team for help

More To Explore

Information Security News – 2/3/2025

Phishing Campaign Baits Hook with Malicious Amazon PDFs Article Link: https://www.darkreading.com/cyberattacks-data-breaches/phishing-campaign-malicious-amazon-pdfs Cybersecurity Crisis in Numbers Article Link: https://www.helpnetsecurity.com/2025/01/29/data-breach-notices/ Google Forced to Step Up Phishing Defenses

Information Security News – 1/27/2025

Ransomware Attackers Are “Vishing” Organizations Via Microsoft Teams Article Link: https://www.helpnetsecurity.com/2025/01/21/ransomware-attackers-are-vishing-organizations-via-microsoft-teams-email-bombing/ FTC Orders GM to Stop Collecting and Selling Driver’s Data Article Link: https://www.bleepingcomputer.com/news/legal/ftc-orders-gm-to-stop-collecting-and-selling-drivers-data/ Brave

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.