π What’s happening in cybersecurity today?
U.S. Schools, Cyber Attacks, Mexican Firms, AllaKore RAT, Phishing Scam, Faust, Ransomware, WhiteSnake Stealer Malware, Python Package Index (PyPI), CISA, Guidelines for Software Bills of Materials, Microsoft Teams, Outage, Keenan and Associates, Data Breach, Concentra, Transcription Vendor Hack, Kansas City Transit Authority, Nevada Gaming Control Board Site, NSA, Internet Browsing Data, Meta, Child Safety Features, Ukraine, Russia, Cyber Army Member, UN, Cybercrime Treaty, Privacy Concerns, TrickBot Malware.
Listen to the full podcast
π¨Β Cyber Alerts
Β Β K-12 schools across the U.S. are grappling with a surge in cyberattacks and data breaches, with several districts, including in Montana, Washington, and California, reporting incidents of data theft and ransomware attacks. The Groveport Madison School District in Ohio, targeted by the BlackSuit group, managed to recover within a month despite significant system damage. Meanwhile, vulnerabilities in school security software, such as those discovered in Raptor Technologies’ system, have exposed sensitive information, prompting legal actions and increased concern for student and staff data security.
Mexican financial institutions are being targeted by a spear-phishing campaign using a modified AllaKore Remote Access Trojan, primarily targeting large companies in various sectors. The campaign, linked to a Latin American threat actor, employs lures related to the Mexican Social Security Institute and aims to steal banking credentials for financial fraud. This cybersecurity threat coincides with the discovery of vulnerabilities in Lamassu Douro bitcoin ATMs, which, if exploited, could lead to asset theft
3.Faust Emerges as New Ransomware Threat
Cybersecurity researchers have identified a new variant of the Phobos ransomware family, named Faust, which spreads through infected Microsoft Excel documents. This variant is part of an increasing trend of sophisticated ransomware attacks, including other emerging families like Albabat, Kuiper, and NONAME, leveraging various infiltration methods and programming languages for efficiency and cross-platform attacks. The rise in ransomware threats, including the use of tactics like TeamViewer for access and disguising malicious files as resumes, follows the disbandment of major cybercrime syndicates like Conti, indicating a continuing evolution and challenge in the cybersecurity landscape.
4.Malware Infects PyPI Python Packages
Cybersecurity researchers have uncovered multiple malicious packages in the Python Package Index (PyPI), which deliver the WhiteSnake Stealer malware targeting Windows systems. These packages, created by a threat actor known as “WS,” are designed to steal sensitive data, particularly from crypto wallets, and can alter clipboard content to facilitate unauthorized transactions. This incident highlights the increasing trend of malware infiltrators in open-source repositories, with a similar case found in the npm package registry involving the theft of SSH keys via GitHub.
5..CISA Issues New SBOM Guidelines
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new guidelines for creating Software Bills of Materials (SBOMs), aiming to enhance software supply chain security. These guidelines outline a detailed process for documenting software components, promoting transparency and risk management in federal IT contracts. CISA’s efforts include educational initiatives like the “SBOM-a-rama” event and a comprehensive report on SBOM-sharing life cycles, supporting both public and private sectors in implementing these critical security measures.
π₯ Cyber Incidents
On Friday, Microsoft Teams experienced a widespread outage, affecting thousands of users across the U.S., Canada, the UK, and South America, particularly in Brazil. The issues, which started around 11 a.m. EST, were part of broader problems impacting the Microsoft 365 system and caused significant delays in Teams chat and channels. Microsoft attempted to resolve the issue through a networking failover, leading to some improvements, especially in the EMEA region, but challenges persisted in the Americas.
Keenan and Associates, a major California insurance brokerage, experienced a cybersecurity breach exposing personal details of 1.5 million users, including Social Security numbers and health information. The breach, detected on August 27th, 2023, occurred after unauthorized access to the company’s systems for six days. In response, Keenan implemented enhanced security measures and informed law enforcement, while notifying affected individuals about the compromised data.
Concentra Health Services reported that the 2023 hack of Perry Johnson & Associates impacted 3.9 million of its patients, and the breach, involving a medical transcriber, potentially exposed personal data for at least 14 million patients. PJ&A faces numerous lawsuits, exceeding 40, with claims of negligence, and the breach, occurring between March and May 2023, compromised personal health information, including Social Security numbers, for some individuals.
The Kansas City Area Transportation Authority (KCATA) suffered a ransomware attack on January 23, disrupting its communication systems but not affecting transit services. The Medusa ransomware group claimed responsibility for the attack, raising concerns about the potential exposure of customer data. KCATA is working with authorities and cybersecurity experts to address the situation and mitigate the impact
The Nevada Gaming Control Board’s website has been offline for days after a cyberattack, with no indication of personal information or financial records being compromised. The control board is working to assess and address the situation, emphasizing the importance of ongoing efforts to modernize its information technology systems in the face of evolving cyber threats.
π’ Cyber News
The U.S. National Security Agency (NSA) has been purchasing internet browsing records from data brokers, bypassing the need for a court order, as revealed by Senator Ron Wyden. This practice raises privacy concerns, as it involves collecting sensitive information about Americans without their consent. In response to these revelations, the Federal Trade Commission (FTC) has taken action against companies selling such data without informed user consent, highlighting the broader issue of transparency and legality in data brokerage.
Β Ahead of CEO Mark Zuckerberg’s congressional testimony, Meta has announced new features on Instagram and Facebook to protect children from unsolicited sexual advances and inappropriate content. The new default settings will prevent children from receiving messages from unknown contacts and require parental permission for teens to change these settings. Additionally, Meta is developing a feature to shield teens from inappropriate images, demonstrating its commitment to addressing concerns about the safety of young users on its platforms.
Β Ukraine’s security service arrested a member of the pro-Kremlin Cyber Army of Russia in Kharkiv, suspected of launching cyberattacks against Ukrainian state websites and leaking military intelligence to Russia. The suspect, recruited via a Telegram channel, is accused of aiding Russian missile strikes against Ukrainian targets, including a hospital, by providing strategic military locations. This arrest highlights a broader pattern of Ukrainian citizens being recruited by Russian intelligence for espionage and cyber warfare, a trend observed throughout the ongoing conflict.
Β The United Nations is finalizing a controversial international cybercrime treaty, which has been criticized by over 100 civil society organizations for potentially criminalizing security research and enabling increased surveillance. Critics argue that the treaty’s vague definition of cybercrime and provisions for real-time data interception could undermine digital security and privacy. Despite discussions, treaty negotiators have largely ignored suggestions from civil society, leading to concerns that the treaty may not effectively address the needs of cyberattack victims or improve upon existing frameworks like the Budapest Convention.
Β Vladimir Dunaev, a Russian national and TrickBot malware developer, has been sentenced for 64 months in a U.S. prison for his role in creating and distributing the notorious malware. Dunaev’s actions contributed to over $3.4 million in losses for victims, and his case highlights the international effort to combat cybercrime.
