This week’s Cyber Security Headlines – Week in Review, July 10-14, is hosted by Sean Kelly with our guest, Yaron Levi, CISO, Dolby
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Threat actors gain access to US government email
Microsoft published details of how the threat group known as Storm-0558 breached an unnamed customer. Microsoft believes the group shows likes to China, targeting government agencies across Western Europe. The group obtained access on May 15th using forged authentication tokens. A joint advisory from CISA and the FBI say they obtained “unclassified Exchange Online Outlook data.” The impacted customer informed Microsoft to discovered the access on June 16th. Microsoft said it mitigated the attack and that the attackers can no longer used similarly forged tokens in the future.
USB drive malware attacks spiking again in first half of 2023
A new report by Mandiant outlines how two USB-delivered malware campaigns have been observed this year; one named ‘So gu,’ attributed to a Chinese espionage threat group ‘TEMP.HEX,’ and another named ‘Snowydrive,’ attributed to UNC4698, which targets oil and gas firms in Asia. Last November, Mandiant highlighted a China-nexus campaign leveraging USB devices to infect entities in the Philippines with four distinct malware families, and in January, Palo Alto Network’s Unit 42 team uncovered a PlugX variant that could hide in USB drives and infect Windows hosts they’re connected to. While USB attacks require physical access to the target computers to achieve infection, they have unique advantages that keep them both relevant and trending in 2023, as Mandiant reports. The advantages include bypassing security mechanisms, stealth, initial access to corporate networks, and the ability to infect air-gapped systems isolated from unsecured networks for security reasons. Mandiant’s investigation points to print shops and hotels as infection hotspots for USB malware, although any system with a USB port could be a target.
39% of businesses faced a cloud environment data breach last year
A new cloud security report from Thales shows that more than a third (39%) of businesses have experienced a data breach in their cloud environment last year, an increase on the 35% reported in 2022. In addition, human error was reported as the leading cause of cloud data breaches by over half (55%) of those surveyed. Three quarters (75%) of businesses said that more than 40% of data stored in the cloud is classified as sensitive, compared to 49% of businesses this time last year. More than a third (38%) ranked Software as a Service (SaaS) applications as the leading target for hackers, closely followed by cloud-based storage (36%).
US and EU agree on new data transfer agreement
The European Union announced it adopted a new transatlantic data adequacy agreement with the United States. EU justice commissioner Didier Reynders said the agreement will allow for personal data flows between the two “on the basis of a stable and trusted arrangement that protects individuals and provides legal certainty to companies.” The prior two data sharing agreements have been struck down in court over concerns that European data could fall under US surveillance powers. Since US surveillance laws remain in tact, the issue remains a major point of contention. Austrian activist Max Schrems filed successful lawsuits against the previous data transfer frameworks. He remains critical of the new agreement, saying he expects the issue to be back before the Court of Justice for the European Union by the start of 2024.
Thanks to today’s episode sponsor, Opal
JumpCloud resets customer API keys
The access management company informed customers that it took the action in response to an “ongoing incident.” No word on any specifics but JumpCloud said it came “out of an abundance of caution.” The company’s website claims it provides technology to over 180,000 organizations. However given the potential service disruptions resetting API keys could cause, it speaks to the seriousness of the incident.
California resident charged with cyberattack on water treatment facility
A federal grand jury has indicted 53-year-old Rambler Gallo, for intentionally causing damage to a protected computer. Gallo was an employee of an unnamed private company that contracted with Californian water treatment facility, Discovery Bay. Gallo was responsible for maintaining Discovery Bay’s instrumentation and the computer systems used to control the electromechanical processes. Upon resigning from the company in January 2021, Gallo allegedly remotely accessed Discovery Bay’s network and uninstalled the main operational and monitoring system that protected the entire water treatment system, including water pressure, filtration, and chemical levels. Gallo faces a maximum statutory penalty of 10 years in prison and a fine of $250,000. The court could also tack on a term of supervised release, additional assessments, and restitution.
What we know about NATO cyber pledges
At a recent NATO summit in Vilnius, Lithuania, countries in the defense organization made new cybersecurity pledges and commitments. The specifics remain classified, but The Record’s Alexander Martin teased out some details. The official communique from the summit reiterates NATO’s Strategic Concept from last year that “cyberspace is contested at all times,” not simply in times of an armed conflict. It also stated that a set of malicious cyber activities could lead to NATO invoking Article 5, it’s provision that an attack on one NATO member would be considered an attack on them all. In new details, NATO also endorsed adding “cyber defense to our overall deterrence and defence posture.” It also said it will integrate political, military, and technical defense level in cybersecurity to better coordinate efforts.