This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Bil Harmer, operating partner and CISO, Craft Ventures, also at wilharm3.com.
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
A target so nice, they hacked it twice
CDK Global offers a SaaS platform used by roughly 15,000 car dealerships. Earlier this week, it announced it suffered a breach, which saw it shut down large parts of its infrastructure and disrupt dealership sales and service operations. As it began restoring services late in the day on June 19th, it suffered another data breach that evening, resulting in another shutdown. As of this recording, CDK said it hopes to fully restore services on June 21st. CDK did not indicate if the two attacks are related or what data has been impacted.
Vermont governor rejects data privacy bill
Vermont Governor Phil Scott has vetoed consumer privacy legislation that would give individuals the right to sue companies that violate their data privacy rights. Vermont’s General Assembly is scheduled to meet today, Monday, and may override the veto, and if it does so, the state will join a small group of 18 states that offer strong comprehensive data privacy rights to its residents. In explaining his veto, Governor Scott called the measure one that would make Vermont “more hostile than any other state to many businesses and nonprofits.”
MITRE has a memo for the president
MITRE is weighing in on where the incoming administration should set its focus next year, regardless of who wins the 2024 election. The memo was broken into four different priorities, number one being protecting critical infrastructure followed by implementing zero trust and SBOMs, preparing for quantum computing, and clarifying cybersecurity leadership roles. These recommendations emphasize upgrading legacy systems, enhancing security practices at local and state levels, and ensuring readiness for post-quantum cryptography. Additionally, MITRE suggests making the Cybersecurity and Infrastructure Security Agency (CISA) an independent agency, mapping out roles and responsibilities of cybersecurity personnel within the first 90 days.
Huge thanks to our sponsor, Vanta
Qilin demands $50 million ransom from UK hospital
Following up on the recent rash of cyberattacks on UK hospitals we’ve been covering here on Cyber Security Headlines, Russian-speaking members of the Qilin gang are now claiming they have demanded $50 million from UK lab-services provider, Synnovis. On June 4, Synnovis announced that it fell victim to a ransomware attack that locked systems used to provide blood-testing and transfusion services to National Health Service hospitals. A Qilin member said they plan to leak stolen data online if Synnovis fails to pay for the ransom. Qilin also refused to accept responsibility for patients affected by the incident. Instead, they suggested the attack was retaliation for the British government’s involvement in unspecified wars.
Cut & Paste tactics import malware to unwitting victims
Over the past three months, researchers at Proofpoint observed a threat actor (tracked as TA571) using fake pop-up textboxes suggesting an error occurred when trying to open the document or webpage. Instructions then prompt users to copy and paste a malicious PowerShell script into either the PowerShell terminal or the Windows Run dialog box. The script then loads various malware strains, including remote access Trojans (RATs) and infostealers. The researchers said that cybercriminals continue to adopt “increasingly creative attack chains” that employ technical tactics not easily detected by users. They recommend that organizations update their user training to help them identify and report suspicious activity to their security teams.
Markopolo scam delivers infostealer through fake meeting software
A cautionary tale from the world of crypto this week, with a scam being run by the threat group markopolo stealing cryptocurrency delivered through a “purported virtual meeting software named Vortax.” In an analysis published this week, Recorded Future’s Insikt Group said this represents a significant rise in macOS security threats. The researchers say the malware’s success is based largely on work done to “legitimize Vortax on social media and the internet, with the actors maintaining a dedicated Medium blog filled with suspected AI-generated articles as well as a verified account on X (formerly Twitter) carrying a gold checkmark.” The malware is delivered by an installer disguised as the downloadable executable for the Vortax meeting application.