This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Bil Harmer, operating partner and CISO, Craft Ventures
Missed the live show? Check it out on YouTube
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
U.S. sanctions China’s Integrity Technology for role in Flax Typhoon attacks
Following up on a story we covered last September, U.S. officials are now confirming that the Beijing-based Integrity Technology Group provided China’s Ministry of State Security and several Chinese state-backed hacking groups “with infrastructure that allows them to attack multiple victims based in the U.S.” “China-based hackers working for Integrity Tech, known to the private sector as Flax Typhoon, successfully targeted universities, government agencies, telecommunications providers and media organizations in the U.S. and elsewhere,” State Department spokesperson Matthew Miller said on Friday. “The sanctions freeze all U.S. assets of the company and limit the amount of interaction financial institutions can have with it.”
French military contractor Atos dismisses ransomware attack claims
Following up on a story we covered last April, the France-based company that secures communications for France’s military and intelligence services, “on Friday dismissed as unfounded a ransomware group’s claims to have compromised an internal company database.” The group, called Space Bears, has promised to publish the stolen data on January 8. Atos, employs around 90,000 people, and is “in negotiations to sell off its advanced computing division to the French State as the company attempts to restructure and avoid financial collapse.”
Aviation agency investigating breach claims
In a post of BreachForums 2, the account “Natohub” claimed it compromised 42,000 documents from the UN’s International Civil Aviation Organization (ICAO), supposedly containing personal records of staff and others working with the agency. ICAO did not confirm it suffered a breach but said it was “actively investigating reports of a potential information security incident.” The Natohub account doesn’t have an extensive track record of leaks, but also made the unsubstantiated claim that it accessed personal data on thousands of UN delegates last month.
Huge thanks to our sponsor, Nudge Security
Start a free 14-day trial
2,000 attacks launched against critical infrastructure
Temple University’s Department of Criminal Justice maintains the Critical Infrastructure Ransomware Attacks database, or CIRA. Operating since 2013, the database now holds details on over 2,000 different attacks, with 45% added since February 2022. Government facilities, healthcare, public health, and education facilities were the most commonly targeted in the last two years. While attacks on water infrastructure got a lot of attention, they were among the least targeted. The database also shows ransom amounts increasing, with attacks requisitioning a $5 million or more ransom up 42% over the last two years. The entire dataset is available upon request from CIRA.
Lawmakers expected to revive attempts for new Cyber Force study
House lawmakers continue researching whether a Cyber Force should be added to the U.S. military. Rep. Morgan Luttrell (R-TX) says “An independent assessment is still very warranted.” As reported in The Record, “Last year Luttrell sponsored an amendment to the House version of the annual defense policy bill to require the Pentagon to commission a third-party study on creating a Cyber Force as a potential seventh military branch that would be dedicated to digital warfare.” The final bill was signed into law by President Joe Biden last month, but it gave no deadline for the assessment to be submitted to Congress. Luttrell called the lack of a deadline a colossal headache, but if the initiative is defeated for the third consecutive year, he hinted he will start speaking to future VP Vance.
European Commission receives first GDPR fine
In “Physician Heal Thyself” news, the European General Court ruled that the European Commission violated the General Data Privacy Regulation, or GDPR, by transmitting a German citizen’s data to the US. The citizen brought the case after the European Commission used a Facebook sign-in option on an event site. This sign-up sent device, browser, and IP address information to Amazon and Meta. GDPR considers that data to be personal information. Although GDPR allows for hefty fines for violations, the court ruled the EC must pay the person bringing the suit €400.
Casio releases information on their October ransomware attack
The electronics company has published a post-mortem on the October 5 attack, stating that 6,456 employees, 1,931 business partners and 91 customers were impacted by the ransomware incident. An outside cybersecurity firm blamed the ransomware attack on phishing emails that allowed the hackers into Casio’s servers on October 5. The stolen data included PII on the employees, the business partners affected had basic company information stolen and the customers data was PII along with product purchase information. “The attack was claimed by the Underground ransomware gang, which said it stole more than 200 GB of data, and in addition to the data theft,” and also caused the company weeks of delivery delays.