Friday Five: Hacked ISPs, Major Breaches, Insider Threats, & More

HACKERS INFECT ISPS WITH MALWARE THAT STEALS CUSTOMERS’ CREDENTIALS BY DAN GOODIN

Chinese state-sponsored hackers exploited a zero-day vulnerability in Amazon Web Services' Versa Director, a platform used by ISPs, to install malware and steal customer credentials. The flaw, CVE-2024-39717, involved unsanitized file uploads that allowed attackers to gain administrative control and inject malicious Java files. The attacks, which began in June 2024, targeted U.S. ISPs, bypassing detection by running in memory and using compromised home routers. The threat group, likely Volt Typhoon, is known for infiltrating U.S. critical infrastructure, posing significant risks. Versa patched the vulnerability, but affected organizations are urged to review their systems for signs of compromise.

Read more

CYBER INSURANCE: A FEW SECURITY TECHNOLOGIES, A BIG DIFFERENCE IN PREMIUMS BY ROBERT LEMOS

The BlackCat ransomware attack on Change Healthcare in February exposed significant security failures, including inadequate protection of their remote-access portal, lack of multifactor authentication (MFA), and poor backup strategies. The company also lacked cyber insurance, leading to a significant financial impact of at least $872 million. Cyber insurance firms emphasize the importance of key security measures, such as backups, MFA, and remote-access protection, to prevent and mitigate ransomware attacks. Robust backup strategies are particularly effective, as companies with strong backups are less likely to pay ransoms. The attack highlights the growing importance of cybersecurity insurance and the need for businesses to adopt comprehensive security controls.

Read more

REPORT FINDS 50% OF ORGANIZATIONS EXPERIENCED MAJOR BREACHES IN THE PAST YEAR BY JANE DEVRY

New research recently revealed that 50% of organizations experienced a major security breach in the past year, highlighting the importance of threat-hunting programs. A recent report surveying 293 cybersecurity professionals found that 72% of those who faced a breach credited their threat-hunting efforts with minimizing its impact. Despite the effectiveness of these programs, challenges like lack of funding and data persist. The report emphasizes investing in advanced threat-hunting tools like proactive detection, real-time threat intelligence, and third-party monitoring, noting that they're critical for defending against sophisticated cyber threats.

Read more

FORMER VERIZON EMPLOYEE PLEADS GUILTY TO CONSPIRING TO AID CHINESE SPY AGENCY BY TIM STARKS

A former Verizon employee, Ping Li, pleaded guilty to conspiring to act as an agent of the Chinese government by using his job to provide information on Chinese dissidents, pro-democracy advocates, and U.S.-based nonprofit organizations to China's Ministry of State Security. Li, who worked at Verizon for over 20 years, sent this information through anonymous online accounts and traveled to China to deliver details, including cybersecurity training materials, and now faces up to five years in prison. Li's attorney emphasized that the reduced charges reflect the non-severity of the violation, but still underscore the seriousness of unauthorized information sharing with foreign governments.

Read more

IRAN'S 'FOX KITTEN' GROUP AIDS RANSOMWARE ATTACKS ON US TARGETS BY JAI VIJAYAN

The FBI and CISA have warned that Iran's state-sponsored Fox Kitten group is aiding ransomware actors in attacks on organizations across various sectors, including finance, defense, and healthcare. The group, known for stealing sensitive data, is now monetizing its access by providing ransomware operators, such as ALPHV and Ransomhouse, with initial network access in exchange for a share of the ransom. Fox Kitten exploits vulnerabilities in VPNs and other exposed services to gain entry, and many targeted vulnerabilities remain unpatched in affected organizations, facilitating the group's activities. The group operates under the guise of an Iranian company and collaborates with ransomware affiliates to encrypt networks and extort victims.

Read more