Welcome to the Cyber Watch series for today, December 8, 2023. At DigitalXForce, our Cyber Intelligence team curates a list of the latest cybersecurity news to keep you informed of stories that matter every week.
This week’s Cyber Watch top 10 list is a compilation of stories from 50+ relevant news sources across the web – all ranked according to the risk impact. We encourage you to review these stories and take steps to protect your organization. Click on each headline to read the full story.
The mad digital dash for Black Friday deals and Cyber Monday steals brought more than just doorbuster savings and sold-out inventory this holiday season. A new report by TransUnion confirms fraudsters seized the opportunity for their version of bargain hunting – targeting American consumers at historic rates despite broader global declines.
In the five frenzied days from Thanksgiving through Cyber Monday, suspected e-commerce fraud attempts against U.S. shoppers surged over 18% year-over-year. That grim figure contrasts with 15% fraud dips worldwide as thieves shift strategies amid volatile economic crosscurrents.
Domestic cyber criminal operations likewise hit new highs, shooting 12% above already elevated daily averages from earlier in 2023. It seems defending digital storefronts grows more demanding each holiday while fraudsters increasingly bank on exploiting this annual moment of mass consumerism.
A cascade of privacy violations rocked DNA testing giant 23andMe this week as revelations emerged of highly sensitive genetic material leaked and exploited by millions of unsuspecting customers. The company now admits cybercriminals managed to parlay stolen credentials from just 14,000 accounts into scraping personal ancestry details across nearly 95% of their total user base.
This unraveling of privacy protections has consumer advocates sounding alarms given the intimacy of information exposed against customers’ wishes – data potentially revealing predispositions for medical conditions, family connections, and ethnic heritage mapping. Once considered an unalterable unique identifier, genetic code now joins the roster of digitized personal assets proving irresistible for theft and misuse.
While 23andMe contends only a fraction of user profiles were directly accessed illicitly, the exploitation of a relative discovery feature opened the floodgates – linking datasets and tracing hereditary branches across friends, family members, and even strangers. Lawmakers have long warned that leakage of biometric data tends to spiral as additional context gets deduced.
With cyberattacks against hospitals now coming as frequently as flu season, the Health and Human Services Department seeks remedies to inoculate a chronically under-protected sector. New federal guidance aims to ratchet up commonly lax security practices by directing resources and accountability where the private healthcare industry often falls short alone.
The plan offers carrots before sticks – establishing voluntary cyber goals for medical centers and providers initially while boosting assistance to meet them. But stiffer enforcement waits in later stages if systems managing sensitive patient health records and life-saving devices continue to be breached.
While embracing the lifeline, hospital groups pushed back against assumptions they can tackle sprawling digital threats single-handedly. Too many advanced persistent menaces lurk just out of view behind the curtain of hostile nations. And the supply chain of third-party medical technology depends on securing intersections well beyond healthcare’s jurisdiction.
A perfect storm of surging software complexity and interconnected supply chains has nearly four out of five cybersecurity directors admitting application vulnerability management now overwhelms. The hard truths emerge in sobering new industry research probing the soft underbelly of digital transformation – insecure coding seeded across global development pipelines.
Probe any major enterprise breach and somewhere an application vulnerability often lurks behind the curtain. Yet strained relationships between software developers and their security overseers reveal half-hearted protection measures wrapped around business-critical apps.
With software permeating everything, the proliferating risks feel impossible to corral. And no magic bullets wait in the wings – certainly not AI alone. Security leaders instead point to bandaging battered software supply chains as imperative to restoring sanity from software-fueled chaos.
A cyber intrusion with all the hallmarks of industrial espionage has penetrated the regional operations of leading automaker Nissan and now threatens consumer privacy. The company confirmed today it is investigating an attack on its Australian and New Zealand systems by unnamed infiltrators who officials fear made off with swaths of customer data.
With dealership operations disrupted across two countries and car owners potentially exposed, Nissan now scrambles to trace digital footprints before they disappear. But with the true breach contours still emerging, customers are left wondering what pieces of their identities may be auctioned in illicit underground markets.
The high-tech heist demonstrates that manufacturing heavyweights as synonymous with mobility as Nissan itself still struggle with locking down their data from creeping threats. Ironically, as automakers like Nissan pioneer internet-connected vehicles and autonomous offerings, legacy networks full of blueprints and sensitive documents make tempting targets.
A recent study commissioned by Apple and conducted by MIT professor Dr. Stuart Madnick exposes a drastic increase in threats to consumer data stored in the cloud. The findings indicate a tripling of data breaches since 2013, with an astonishing 2.6 billion personal records compromised between 2022 and 2023. This alarming trend highlights the global epidemic of data breaches.
Apple underscores the urgent necessity for end-to-end encryption (E2EE) to protect individual data, especially as it resides in the cloud. The study aligns with Apple’s introduction of Advanced Data Protection for iCloud, which fortifies E2EE for 23 sensitive data categories, encompassing iCloud Backup, Notes, and Photos.
CISA and Microsoft Expose Russian APT, Star Blizzard, in Spear-Phishing Campaigns Targeting Key Sectors
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has teamed up with Microsoft to uncover the activities of Star Blizzard, a Russian government-backed Advanced Persistent Threat (APT) group. This joint advisory sheds light on the group’s targeted spear-phishing campaigns directed at academia, defense, governmental bodies, NGOs, and think tanks. Star Blizzard, reportedly linked to the FSB, has shown an expanded focus in 2022, extending its operations to include defense-industrial targets and U.S. Department of Energy facilities.
CISA warns that the group demonstrates a high level of sophistication, employing tactics like sending spear-phishing emails to personal addresses to circumvent corporate security measures. Microsoft notes the group’s patient and clever strategies, often initiating communication with innocuous requests and later sending seemingly harmless documents or links, initiating a redirection chain when opened.
In a recent cybersecurity incident, Groveport Madison Schools in Ohio fell victim to a ransomware attack executed by the BlackSuit group. The breach, which targeted specific servers, led to disruptions in the functionality of Windows devices, file services, and printer/copiers. Fortunately, the district promptly assured parents that a preliminary internal assessment indicated no compromise of student or staff data during the breach.
In response to the severity of the incident, representatives from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recommended a temporary shutdown of all internet access. Consequently, the district announced a brief internet outage on Wednesday, emphasizing that schools would remain open, with attendance being manually recorded.
Cambridge University Hospitals NHS Foundation Trust has admitted to two historical data breaches, exposing the personal information of over 22,000 maternity patients. CEO Roland Sinker disclosed the incidents, with the first breach occurring in 2021 but only recently coming to light. The breaches resulted from inadvertent disclosures during responses to Freedom of Information (FOI) requests, highlighting vulnerabilities in data handling processes.
In the initial incident, data shared through the What Do They Know FOI website included patient names, hospital numbers, and birth outcomes. The disclosure, linked to a ‘pivot table,’ indicates a potential oversight in redaction processes, allowing unintended access to sensitive information. The delayed disclosure raises concerns about the timeliness of identifying and reporting such breaches.
A novel and concerning evolution in the P2PInfect botnet has been unveiled by cybersecurity researchers at Cado Security Labs. The latest variant, tailored for Microprocessor without Interlocked Pipelined Stages (MIPS) architecture, marks a strategic shift in targeting Internet of Things (IoT) devices and routers. Initially disclosed in July 2023, the P2PInfect malware gained notoriety for exploiting a critical Lua sandbox escape vulnerability. The recent discovery indicates a deliberate effort to compromise devices featuring 32-bit MIPS processors, utilizing sophisticated SSH brute-force attacks.
Of significant note are the malware’s advanced evasion techniques, including self-termination during analysis and the disabling of Linux core dumps. Moreover, the incorporation of an embedded 64-bit Windows DLL module for Redis raises the stakes, allowing the execution of shell commands on compromised systems.
That’s all for today. Stay tuned for our next episode. See you next week!