Vol. 270 – July 17, 2024

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Hacker Stole Secrets From OpenAI, Prudential Data Breach Victim Count Soars to 2.5M, How the FBI Fights Ransomware, Cyber Budgets Year-Over-Year Have Increased by 59%, and more.

Recent Cyber Incidents

Close to 10 Billion Passwords Exposed in Possibly the Biggest Leak Ever

On July 4, a hacker, ObamaCare, posted a compilation of nearly ten billion unique passwords on a leading hacking forum. The leak is expected to be built on a prior RockYou2021 compilation of 8.4 billion passwords. Learn more about the leak and how people and organizations can protect themselves against such leaks. Click to read entire article.

Euro 2024 Becomes Latest Sporting Event to Attract Cyberattacks

Cybercriminals are selling credentials linked to the tournament on underground markets, with some geopolitics playing out in denial-of-service attacks. Click to read entire article.

U.S. Justice Department Says It Disrupted Russian Social Media Influence Operation

The U.S. Justice Department said that it disrupted a Russian operation that used fake social media accounts enhanced by artificial intelligence to covertly spread pro-Kremlin messages in the United States and abroad. Click to read entire article.

Ford Sales Growth Slows as CDK Cyberattack Rattles Auto Industry

Ford (F.N) joined Detroit peer, General Motors (GM.N), in reporting slower sales growth for the second quarter as the U.S. auto industry reels from a cyberattack that impaired a key software system used across dealerships. Click to read entire article.

Twilio Confirms Data Breach After Hackers Leak 33M Authy User Phone Numbers

Twilio confirmed suffering a data breach after hackers leaked 33 million phone numbers associated with the Authy application. The notorious ShinyHunters hackers announced on the relaunched BreachForums website that they were leaking 33 million random phone numbers associated with Twilio’s two-factor authentication app Authy. Click to read entire article.

Evolve Bank & Trust Reveals 7M Impacted in LockBit Breach

Evolve Bank & Trust has confirmed in a filing with the Maine Attorney General that 7,640,112 individuals were affected in a data breach it experienced in May. Click to read entire article.

Prudential Data Breach Victim Count Soars to 2.5M

The company seemingly underestimated the severity of the breach after originally providing a head count of roughly 36,000 impacted individuals. Click to read entire article.

Threat Actors Claiming Breach of Nokia Database – Sensitive Data Exposed

Threat actors have claimed responsibility for a breach of Nokia’s database. According to the post, Nokia suffered a data breach from a third party that exposed 7,622 rows of employees’ details. Click to read entire article.

Financial

Crypto Hacking Thefts Double to $1.4B in First Half of 2024, Researchers Say

The amount of cryptocurrency stolen in hacks globally more than doubled in the first six months of 2024 from a year earlier, driven by a small number of large attacks and rising crypto prices, blockchain researchers TRM Labs said. Click to read entire article.

Regulatory

SEC Expands Scope of Internal Accounting Controls in Cybersecurity Breach Settlement

The SEC continues to expand its cybersecurity enforcement authority to include allegations that a company’s failure to monitor its managed security service providers (MSSP) amounts to violations of federal securities laws. Click to read entire article.

CISA Director Says Banning Ransomware Payments Is off the Table

The FBI, CISA and NSA all strongly advise against organizations making ransomware payments if they fall victim to ransomware attacks. If so, why not place a ban on paying ransomware demands? Click to read entire article.

Supreme Court Ruling Threatens the Framework of Cybersecurity Regulation

The Supreme Court’s striking down of the Chevron Doctrine will have a major effect on the determination and enforcement of cyber regulation in the U.S. Click to read entire article.

CISA Releases Seven Industrial Control Systems Advisories

CISA released seven Industrial Control Systems (ICS) advisories on July 9, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. Click to read entire article.

How the FBI Fights Ransomware

When the FBI seized the website earlier this year operated by the Hive ransomware group, it was the result of the bureau’s efforts to infiltrate the infrastructure that cybercrime groups rely on to carry out their attacks. Click to read entire article.

Practical Tips And Tricks

Five Tips for IT Teams to Enhance School Cybersecurity This Summer

Often, school technology teams are busy in the summer when educators and students are off in the northern hemisphere. Many schools and districts use this time to deploy new devices, configure apps, and improve infrastructure. Summer also offers a great opportunity to enhance security measures through settings, tools, and policies with minimal disruption to students, educators, and staff. Click to read entire article.

How to Fix a Dysfunctional Security Culture

Moving from a state of indifference about security to a place where users actively champion it can be transformed through a focused effort. Click to read entire article.

How to Spot a Business Email Compromise Scam

In this common email scam, a criminal pretending to be your boss or coworker emails you asking for a favor involving money. Here’s what do to when a bad actor lands in your inbox. Click to read entire article.

Romance Scams Cost Consumers $1.14 Billion Last Year. It’s a ‘More Insidious’ Fraud, Expert Says

Consumers lost a whopping $1.14 billion to romance scams in 2023, according to the Federal Trade Commission. “Romance scams tend to be some of the more insidious because they prey on emotions,” said a fraud expert. “These things happen in real life, these aren’t just shows that we see on Netflix.” Click to read entire article.

AI

The Emerging Role of AI in Open-Source Intelligence

Recently the Office of the Director of National Intelligence (ODNI) unveiled a new strategy for open-source intelligence (OSINT) and referred to OSINT as the “INT of first resort”. Public and private sector organizations are realizing the value that the discipline can provide but are also finding that the exponential growth of digital data in recent years has overwhelmed many traditional OSINT methods. Click to read entire article.

Hacker Stole Secrets From OpenAI

ChatGPT maker OpenAI was breached in 2023, but the company says source code and customer data were not accessed. Click to read entire article.

‘Trust’ Is the Biggest Challenge in AI Adoption: NTT Data

John Lombard of NTT Data explains why trust is important in AI implementation and shares the sectors he believes stand to gain the most from AI developments. Click to read entire article.

Healthcare

Health Care Industry Pushes Back Against Cybersecurity Proposal

A proposed rule that would require the nation’s most critical industries to more quickly report cyberattacks is raising the ire of the health care industry, which claims the new directives could actually hinder its response in a crisis. Click to read entire article.

Hospices Face Cybersecurity Risks

Increased technology utilization in end-of-life care has come with innovative care delivery opportunities alongside cybersecurity risks. Click to read entire article.

Bloom Health Centers Provides Notice of Data Security Incident

Psych Associates of Maryland LLC d/b/a Bloom Health Centers (“Bloom Health”), a mental health service provider, has learned of a data security incident that may have involved the personal and protected health information of certain individuals. This notification provides information about the incident and resources available to assist those individuals. Click to read entire article.

Hundreds of Thousands Impacted in Children’s Hospital Cyberattack

Though the Chicago-area hospital did not pay a ransom, a host of sensitive medical information is now at risk. Click to read entire article.

Red Tape Is Making Hospital Ransomware Attacks Worse

With cyberattacks increasingly targeting health care providers, an arduous bureaucratic process meant to address legal risk is keeping hospitals offline longer, potentially risking lives. Click to read entire article.

Investing In Cybersecurity

Cyber Insurance Rates Fall as Businesses Improve Security, Report Says

Cyber insurance premiums are falling globally as businesses become more adept in curbing their losses from cyber crime, even as ransomware attacks are rising, broker Howden said in a report. Click to read entire article.

Cyber Budgets Year-Over-Year Have Increased by 59%

Optiv has published its 2024 Threat and Risk Management Report, exploring how organizations are maintaining pace with the evolving threat landscape. Specifically, the report examines the efforts of organizations in terms of cybersecurity investments and governance priorities. For instance, among organizations with more than 5,000 employers, 63% allocated an average of $26 million toward cybersecurity investments in 2024. Click to read entire article.

International

Australian Agency Says China-Backed Hackers Behind Cyber Crimes

Australia’s government cybersecurity agency accused a China-backed hacker group of stealing passwords and usernames from two unnamed Australian networks in 2022, adding that the group remained a threat. Click to read entire article.

Microsoft Banning Android Phones for Staff in China

According to a Bloomberg report, Microsoft sent an internal memo to Chinese staff detailing the plan, which goes into effect in September and will mandate the use of Apple’s iPhones to authenticate identities when logging into work machines. Click to read entire article.

Hamas Hackers Sling Stealthy Spyware Across Egypt, Palestine

The Arid Viper APT group is deploying AridSpy malware with Trojanized messaging applications and second-stage data exfiltration. Click to read entire article.

A Decade of Global Cyberattacks, and Where They Left Us

The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so. Michelle Alvarez, X-Force Strategic Threat Analysis Manager at IBM, said that the most visible change in cybersecurity can be summed up in one word: scale. A decade ago, “’mega-breaches’ were relatively rare, but now feel like an everyday occurrence.” Click to read entire article.

Ransomware