Welcome to the Cyber Watch series for today, November 10, 2023. At DigitalXForce, our Cyber Intelligence team curates a list of the latest cybersecurity news to keep you informed of stories that matter every week.
This week’s Cyber Watch top 10 list is a compilation of stories from 50+ relevant news sources across the web – all ranked according to the risk impact. You can read the full story by clicking on each headline. We encourage you to review these stories and take steps to protect your organization.
As QR code usage increases, so do QR code phishing attacks or “quishing”, according to a new study from cybersecurity firm ReliaQuest. Security Magazine reports that analysis of customer incidents revealed a sharp 51% spike in quishing attacks in September 2023 compared to the previous 8 months combined. The study found Microsoft account phishing to be the most prevalent quishing method, tricking users into entering credentials through fake 2FA reset pages in over half of sampled incidents.
Online banking credential phishing was the second most common technique. Additionally, attackers are hiding QR codes in email attachments to bypass security filters. ReliaQuest warns that the significant increase in quishing underscores emerging risks from malicious use of QR codes across phishing emails, text messages, and websites as adoption spreads.
SC Media recently reported that Identity service provider Okta has disclosed details on a breach of its internal support system detected in September 2022. An investigation found attackers exploited a compromised customer service account to access data related to 134 Okta customers over three weeks.
Alarmingly, Okta only became aware of the breach after one of the affected customers, 1Password, reported suspicious activity. Even then, it took Okta 14 additional days to detect the log downloads by attackers, who cleverly avoided case files and instead accessed logs directly.
The U.S. national cybersecurity and emergency management agencies have unveiled a new mission to harden the country’s critical infrastructure against cyberattacks. The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Emergency Management Agency (FEMA) launched their “Shields Ready” campaign this week to prioritize improving the security and resilience of critical systems proactively before disruptions occur.
According to Cyber Wire, Shields Ready aims to take a more strategic, holistic approach to critical infrastructure cybersecurity. Rather than reactive damage control after incidents, the agencies want to drive systemic hardening and cyber readiness across sectors like energy, water, and manufacturing. The campaign complements CISA’s urgent “Shields Up” advisory issued earlier this year at heightened cyber tensions.
FBI Warns of Ransomware Groups Increasingly Targeting Third-Party Vendors, Exploiting Management Tools
An urgent warning from the FBI cyber division reveals that ransomware attackers are targeting third parties and system tools more frequently to infiltrate business networks. The agency cited incidents of casinos being breached via gaming vendors, enabling large scale encryption of systems and theft of employee and customer data.
Additionally, the FBI disclosed that threat actors are exploiting legitimate remote management software to elevate permissions inside target networks according to a recent InfoSecurity Magazine report. By tricking users to install tools via phishing tactics, attackers can deploy ransomware widely across files and servers. See: FBI’s Range of Recommendations
Maryland Insurance Firm Hilb Discloses Major Breach, Phishing Attack Impacts 81,000 People Nationwide
Cybersecurity Magazine reports that Maryland-based insurance company The Hilb Group has reported a widespread data breach after detecting unauthorized access to their systems. The sophisticated phishing attack occurred between December 2022 and January 2023, compromising the personal information of over 81,000 individuals across the country, including 105 Maine residents.
The breach notification issued earlier this month indicates the lengthy period the company’s systems were infiltrated before discovery in October. With threat actors accessing financial account details and other sensitive information, impacted individuals now face serious identity theft and fraud risks. In response, The Hilb Group is providing 12 months of free credit monitoring and identity protection services through TransUnion for affected customers and employees. This aims to help safeguard those impacted by the troubling phishing-enabled intrusion.
Security Week reports that OpenAI faced significant disruption as its ChatGPT and API encountered a major outage due to a distributed denial-of-service (DDoS) attack. The hacker group Anonymous Sudan took credit, citing reasons related to OpenAI’s American identity, alleged collaboration with Israel, and perceived anti-Palestine stance.
This incident highlights the vulnerability of advanced AI systems to malicious activities and emphasizes the intersection of technology, geopolitics, and cybersecurity challenges. The attack raises concerns about the broader security landscape surrounding powerful AI technologies, particularly in the context of geopolitical tensions and cyber conflicts.
A recent report highlights a disturbing evolution in cyber warfare, as Russia’s GRU unit, Sandworm, orchestrates a power grid attack in Ukraine alongside physical missile strikes. This marks the third successful blackout induced by Sandworm, illustrating a sinister convergence of digital and physical warfare tactics.
According to Wired News, Cybersecurity firm Mandiant’s revelation adds a chilling layer to cyber threats. The coordinated blackout and missile strikes demonstrate a new level of aggression and sophistication in hybrid warfare. Notably, the use of a “wiper” malware post-attack indicates an attempt to eliminate traces, showcasing strategic intent and an understanding of forensic analysis.
In a major cybersecurity incident, Cook County Health, a significant healthcare provider in Chicago, discloses a data breach impacting 1.2 million patients. According to a recent Bank InfoSecurity report, the breach emanated from a third-party transcription vendor, Perry Johnson & Associates, prompting CCH to terminate its association and intensify investigations with the FBI and cybersecurity experts.
Patient data, including sensitive details, has been compromised, emphasizing the imperative for heightened cybersecurity measures in the healthcare sector.
Global spending on smart traffic management solutions is poised for remarkable growth, according to a study by Juniper Research. According to IoTTech News, predicting a 75% increase from $10.6 billion in 2023 to $18.6 billion by 2028, the report attributes this surge to heightened government investments in smart city initiatives, where transportation infrastructure plays a pivotal role.
The comprehensive report, titled ‘Global Smart Traffic Management Market 2023-2028,’ delves into trends, growth drivers, and vendor strategies, providing insights into the evolving landscape of urban mobility solutions. See: Juniper Research
According to a Hacker News report, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified and elevated a serious vulnerability in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities list. Tracked as CVE-2023-29552, the flaw poses a significant risk, allowing unauthenticated remote attackers to conduct denial-of-service (DoS) amplification attacks.
The Service Location Protocol, essential for local area network communication, faces active exploitation, and CISA’s move underscores the urgency for mitigation. The flaw, disclosed in April by Bitsight and Curesec, has the potential for high amplification in DoS attacks, enabling under-resourced threat actors to impact targeted networks significantly.
That’s all for today. Stay tuned for our next episode. See you next week!