Cyber Watch – November 24, 2023

Welcome to the Cyber Watch series for today, November 24, 2023. At DigitalXForce, our Cyber Intelligence team curates a list of the latest cybersecurity news to keep you informed of stories that matter every week.  

Cyber Watch | DigitalXForce

This week’s Cyber Watch top 10 list is a compilation of stories from 50+ relevant news sources across the web – all ranked according to the risk impact. You can read the full story by clicking on each headline. We encourage you to review these stories and take steps to protect your organization. 

Cellular Roaming for Low-Power IoT Devices Predicted to Increase Fivefold by 2028

As Juniper Research reports, the rapid proliferation of internet-enabled devices across borders signals a new roaming revolution for mobile network operators worldwide. Over the next five years alone, the firm forecasts cellular roaming from NB-IoT and LTE-M systems to balloon nearly 500% – from 90 million connections today to a staggering 490 million by 2028.

Fueled by increasingly versatile bilateral deals between telecoms, tiny sensors embedded in cross-border shipments, vehicles, machinery, and infrastructure will unleash a deluge of data, unlocking game-changing visibility and efficiencies for global supply chains.

North Korean Hackers Strike Downstream Targets with CyberLink Supply Chain Attack

Tech giant Microsoft sounds the alarm on a North Korean state-backed hacker collective going by the codename Diamond Sleet. The elusive cyber spies have snuck malware into software updates for the popular Taiwanese media application CyberLink.

By hijacking infrastructure owned by the multimedia firm, the APT group strategically ‘trojanized’ over a hundred devices across North America and Asia. After establishing beachheads, the corrupted installers covertly download next-stage payloads to fan out across compromised networks.

Similar to the tactics of their umbrella organization Lazarus Group, the North Korean pirates utilize elaborate multi-phase attacks to pierce cyber defenses. Once inside, previous campaigns have pillaged sensitive data and strategic intelligence from IT, defense, and media entities at an untold cost.

Now in an ambitious supply chain operation exposed by Microsoft, Diamond Sleet managed to smuggle their malware using the very vendor trusted to provide security updates. By attacking CyberLink’s distribution channel, they turned the company’s hallmark value proposition into a vehicle for disruption, demonstrating both sophistication and cunning befitting a global menace.

Ransomware Bleeds Data on 8.5M Patients in Supply Chain Hack of Welltok

A crippling network infection at Welltok has healthcare giants reeling after ransomware pirates managed to lift the personal data of nearly 8.5 million patients nationwide. By compromising the SaaS leader’s MOVEit file transfer program, the cyber bandits gained a skeleton key to breach over a dozen top providers.

Blue Cross Blue Shield affiliates, hospital conglomerates Mass General Brigham, and Sutter Health now face a nightmare scenario – notifying millions that Social Security numbers, addresses, and medical history are likely headed to the Dark Web. MoveIt manufacturer Ipswitch is still working to eject the intruders and contains the carnage after the initial zero-day attacks hit thousands of users in July.

Canadian Government Confirms Data Heist in Military Relocation Supplier Breach

A network security calamity is unfolding within the top ranks of the Canadian government after authorities confirmed sensitive employee data was swiped from contracted relocation firms. Investigators say hackers exploited access at Brookfield Global Relocation Services and Sirva Canada to make off with information dating all the way back to 1999.

Now everyone from rank-and-file bureaucrats to special forces operatives face an uneasy waiting game to learn if their names made the lengthy breach target list. Compromised records contain financial, personal, and family information submitted in confidence for work relocation services. Ottawa faces hard questions on preventing future compromise as they confront the consequences of private information becoming ammunition for adversarial intelligence agencies.

TmaxSoft Leaves 50 Million Records Unlocked, Exposing Staff and Big Tech Clients

A cloud security blunder of epic proportions is sending shockwaves through South Korea’s besieged tech sector after enterprise solutions giant TmaxSoft accidentally exposed years of sensitive employee and project data. Now the Seoul-based software leader risks becoming patient zero in a potential outbreak compromising their roster of big-name partners.

Researchers warn that the staggering 50+ million record trove of emails, technical specifications, and access credentials could enable everything from personalized staff phishing to supply chain contamination. TmaxSoft’s extensive dealings with AWS, Google Cloud, Intel, and others mean malicious players can now leverage insider intelligence to infiltrate critical systems downstream.

Even more alarming is the developer’s non-response after multiple disclosures, leaving the unlocked trove freely accessible. Their negligence has single-handedly armed e-criminals with blueprints to quietly commandeer systems at boardroom levels.

Hackers Swipe $115M+ from Justin Sun’s Crypto Exchange and Blockchain

A cascade of cyber breaches continues to pummel the digital enterprise empire of crypto mogul Justin Sun. The latest attacks targeted Sun-affiliated cryptocurrency exchange HTX and blockchain network Heco Chain for over $115 million in stolen assets, marking consecutive body blows to the prominent entrepreneur’s operations.

While HTX locks down systems after the daring $30 million heist, they now face further fallout from the even larger Heco Chain hack bleeding out $85 million more. The trend spotlights blockchain bridges as fruitful avenues for sophisticated thieves to strike loosely guarded cross-chain swaps.

Despite their pivotal role in rallying mainstream adoption, the totality of recent assaults shows glaring security gaps remain around critical crypto infrastructure. For Sun and partner platforms like HTX, it means bolstering defenses and reassuring rattled users while launching recovery efforts that could take months, if not longer.

CISA Releases New Cyberattack Mitigation Guide for Healthcare

The Cybersecurity and Infrastructure Security Agency has unleashed detailed guidance for healthcare providers contending with sophisticated digital predators in an increasingly connected era.

By scrutinizing industry vulnerabilities, CISA analysts spotlight gaping holes needing urgent attention. Their latest recommendations reinforce device management, access controls, timely software patching, and rigorous procurement standards as fundamental building blocks.

With troves of patient information flooding online, the report rings alarm bells over elaborate phishing tactics and ransomware schemes that have pillaged hospitals worldwide. Heeding CISA’s advice, health executives can now strategically harden defenses and rehearse response plans before similar strikes endanger local communities.

Scammers Spoof Luxury Brands This Black Friday For Discount-Laced Credential Theft

E-con artists are out in full force this cyber shopping season, mimicking iconic names like Rolex and Ray-Ban to hoodwink buyers using deliciously deceptive discount deals. The canny impersonators are deploying bogus websites and emails expertly crafted to dupe recipients into surrendering credentials alongside holiday purchases.

In elaborate stings uncovered by Check Point Research, fraud domains, and fake shipping notices bait users through familiar interfaces later revealed as phishing fronts stealing passwords and credit card data for online gangs. Analysts say reported October spikes to foreshadow a tense period as shrewd hackers leverage transaction mania, knowing harried shoppers are primed to take shortcuts and overlook small site differences that unlock big account access. 

Lawmakers Move to Halt SEC’s Controversial Cybersecurity Breach-Disclosure Rule

In response to the impending “Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure” rule by the Security and Exchange Commission (SEC), lawmakers, including Rep. Andrew Garbarino and Sen. Thom Tillis, have introduced a joint resolution aiming to nullify the regulation. The rule, set to take effect on December 15, mandates companies to report cyberattacks within four days. The lawmakers argue that the SEC’s new breach requirement could conflict with existing regulations and place excessive burdens on cybersecurity professionals. 

This pushback is part of a broader discourse surrounding the balance between regulatory efforts to enhance transparency in cybersecurity and concerns within the industry about potential overregulation and practical challenges in compliance. Intriguingly, the report also notes a criminal group attempting to exploit the regulation by filing an SEC complaint against a victim for failing to disclose a breach it orchestrated, adding a complex layer to the ongoing cybersecurity regulatory landscape.

Major U.S. Laboratory Idaho National Lab Hit by Cybersecurity Breach, Employee Data Compromised

Idaho National Laboratory (INL), a renowned U.S. research facility, faces a significant cybersecurity breach, impacting its HR systems. The breach, reported on Sunday, has triggered a swift response from INL, engaging federal agencies for a thorough investigation. Sensitive employee data, including Social Security numbers and employment details, is reportedly compromised. An anonymous hacktivist group claims responsibility, raising concerns about data security in high-profile research institutions. 

Federal law enforcement, including the FBI, is collaborating to assess the extent of the breach and identify the perpetrators. This incident underscores the persistent threat landscape and the challenges even advanced institutions face in safeguarding against cyber threats. Analysts emphasize the prevalent role of phishing attacks, constituting up to 90% of data breaches, and the vulnerabilities associated with legacy multi-factor authentication.  

That’s all for today. Stay tuned for our next episode. See you next week!

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top

How Can We Help?

Lets collaborate for mutual success