This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Sasha Pereira, CISO, WASH
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
NSC’s Neuberger suggests operational approach for on mitigating cyberattacks
In an interview with Click Here, a podcast from Recorded Future News, deputy national security adviser for cyber and emerging technologies Anne Neuberger suggests that more should now be done to build cybersecurity into an organization’s daily operations. Describing how much of the focus is on restoration as in “how quickly can an attacked hospital or pipeline recover from an attack,” she says now more than ever the process must shift to having “the right operational risk measures to ensure we’re taking the right steps.” As an example, she highlights with a pipeline “the network connecting the traditional corporate part and the operational part that controls gas flow [needs to] have separations, so a hacker hacking somebody’s email can’t disrupt oil in a pipeline.” From a threat perspective, she highlights the change in China’s cyber operations as a shift from espionage, stealing national secrets or corporate intellectual property, to pre-positioning in critical services like water systems and pipeline systems.
LockBit’s website is back
The NCA, FBI, and Europol are having a bit of fun with the LockBit ransomware gang’s former website. The agencies, which seized the site back in February, have replaced the original content with their own press releases, and are now planning to release new information about the hackers. On Monday, the site had a countdown to some of the teasable posts, including “Who is LockbitSupp?” and “More LBhackers exposed.” Here’s the good news: if you are reading this after 9 a.m. ET on Tuesday, May 7th, 2024, the posts should already be live.
(TechCrunch) , (Bleeping Computer)
Feds warn about North Korean exploitation of improperly configured DMARC
The FBI, the NSA and the State Department published a joint advisory last stating that hackers from the Kimsuky operation are targeting improperly configured DNS Domain-based Message Authentication, Reporting and Conformance (DMARC) record policies.” DMARC is supposed to authenticate email messages to avoid spoofing. After identifying email systems whose DMARC is improperly configured, the group then prepares and sends convincing spearphishing emails which appear to have been sent from a legitimate domain.
Thanks to today’s episode sponsor, Vanta
Lockbit takes credit for Wichita attack
The pernicious ransomware organization added the city of Wichita to its leak site, giving officials until May 15th to pay an unspecified ransom. We previously covered the city’s announcement of the attack over the weekend. In the wake of the attack, city officials say it can only accept cash or checks for all city services, although the city will not shut off water services as a result until regular payment methods come back online. This attack also comes on the heels of the US law enforcement agencies publicly naming the suspected leader of LockBit, Dmitry Khoroshev.
Cancer patient data exposed for 5 years gets copied by unidentified third parties
California-based Guardant Health is now busy alerting patients that “information related to samples collected in late 2019 and 2020 was inadvertently exposed online to the general public after an employee mistakenly uploaded it.” The information included PII and test results. Affected people may never have been aware of Guardant’s existence let alone the breach, because it is a supplier of testing services to physicians and hospitals. The data was accessible from October 5, 2020, to February 29, 2024 – before being noticed by the company. Guardant confirms, “the file containing the sensitive data was copied by unidentified third parties between September 8, 2023, and February 28, 2024.
Gift card fraud ring targets retailers’ employees
A warning from the FBI regarding Storm-0539, a financially motivated hacking group that targets the mobile devices of retail department staff using a phishing kit that enables them to bypass multi-factor authentication. After stealing the login credentials of gift card department personnel, the group seeks out SSH passwords and keys, which along with employee PII can be sold online. They then use compromised employee accounts to generate fraudulent gift cards.