This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Dan Walsh, CISO, Paxos
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Cisco announces breach of multifactor authentication message provider
One of the providers used by Cisco to send multifactor authentication messages was breached by a threat actor on April 1. This according to an email message sent from Cisco to its customers. The breached company, Duo, was acquired by Cisco in 2018. According to the email, the attacker “breached the system of a telephony supplier that Duo uses to send MFA messages through texts and phone calls to its customers.” The attacker used the credentials of an employee of that telephone supplier which it allegedly obtained through a phishing attack. From this the attacker was able to download a set of MFA SMS message logs pertaining to customers’ Duo accounts. According to The Record, “Duo has more than 40,000 customers and offers its services to state and federal government agencies as well as school districts and universities. Some of its more high-profile customers include Lyft, Yelp, Box and AmeriGas.”
Bad bots drive 10% annual surge in account takeover attacks
“Internet traffic associated with malicious bots now accounts for one third of total internet traffic, a 10% increase year-on-year.” This is according to security firm Imperva, in its 2024 Bad Bot Report. Bots overall, account for just about 50% of all internet traffic, and bots “accounted for 30% of all API attacks in 2023, 17% of which were designed to exploit business logic vulnerabilities.” Interestingly, bad bot traffic originating from residential ISPs surged to 26%. Nanhi Singh, general manager of application security at Imperva, warned that bots are capable of web scraping, ATO, spam, denial of service and data exfiltration, and she adds, “automated bots will soon surpass the proportion of internet traffic coming from humans.” A link to the report is available in the show notes to this episode.
(Imperva)
Microsoft breach exposed federal agencies to hacking
The U.S. government said Thursday that Russian state-backed hackers (known as Midnight Blizzard and Cozy Bear) who hacked Microsoft corporate emails back in January, obtained passwords and other information that could allow them to breach U.S. agencies. The announcement revealed that, earlier in the week, the Cybersecurity and Infrastructure Security Agency (CISA) issued a rare emergency directive requiring agencies to change stolen credentials and investigate other potential risks. CISA said it’s still unclear whether the threat actors actually obtained anything from the exposed agencies. Microsoft’s operating system and applications like Outlook are used throughout the U.S. government but the longtime relationship is showing increasing signs of strain.
(MSN)
Roku says 576,000 accounts compromised in latest security breach
Following up on a story we brought to you on Cyber Security Headlines, Roku announced Friday that 576,000 Roku accounts were compromised in a cyberattack it suffered last month. Accounts were compromised by a “credential stuffing” attack, where hackers use usernames and passwords stolen from other platforms to log into their victims’ accounts. Roku said “malicious actors” used the access to make unauthorized purchases of streaming subscriptions and other Roku products, saying that it would refund those purchases. Roku has notified affected customers and reset their passwords. The company has also enabled two-factor authentication for all accounts.
(Forbes)
Huge thanks to this week’s episode sponsor, Conveyor
Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept at www.conveyor.com.
Don’t forget to mention this podcast for 5 free questionnaire credits when you purchase a Pro plan.
Stanford releases AI Index Report
This marks the seventh edition of the AI Index. The university found AI currently surpasses human performance on image classification, visual reasoning, and English comprehension, but lags in planning, commonsense reasoning, and advanced mathematics. Unsurprisingly investment in generative AI octupled since 2022 to $25.2 billion, with so-called frontier models becoming increasingly expensive to train. Google’s Gemini Ultra model cost $191 million in training compute costs as an example. It also found a lack of serious standardized evaluations for AI responsibility across the industry. The index also highlighted research showing productivity gains using AI and as a potential way to bridge the skills gap between workers.
(Stanford)
Sandworm-linked group tied to attack on water utilities
In 2024, the threat group Cyber Army of Russia claimed credit for attacks on several water utility systems in the US, France, and Poland. A new report from Mandiant claims this group is linked to the threat group Sandworm, a suspected part of Russia’s GRU military intelligence agency. It’s unclear if Cyber Army of Russia operates as just another personae of Sandworm or as an independent entity. Analysts note that Sandworm previously never hit US networks with disruptive cyberattacks. This also comes at a time when Sandworm itself changes tactics, moving from opportunistic disruptions to more coordinated attacks with Russia’s war with Ukraine.
Police bust reveals sophisticated phishing-as-a-service platform
Police from numerous countries have arrested 37 people and seized websites all related to the use of a Phishing-as-a-Service technology called LabHost that offered phishing pages that target banks and other businesses located mostly in Canada, the U.S., and the U.K. According to Trend Micro, LabHost, is designed to replicate “banks, government entities, and other major organizations, deceiving users into entering their credentials and two-factor authentication (2FA) codes.” Victims are driven there through phishing campaigns, and the ease of use of LabHost and its integrated and automated campaign management tool named LabRat lowers the barrier to entry for people looking for an easy way to get into the phishing business.