12 July 2024

6 min read

AT&T and Advance Auto Parts impacted by Snowflake breach | Cyber Intelligence Briefing: 12 July

July 2024
Cyber Intelligence Briefing: 12 July

Top news stories this week

  1. Snowball. Fallout from Snowflake breach increases as multiple companies report data breaches.
  2. We will rock you. Hackers leak almost 10 billion passwords in largest-ever password compilation.
  3. Time to retire. State-backed hackers are targeting end-of-life routers, Australia warns.
  4. Rebuked. Philippine Health Insurance Corporation reprimanded for not notifying data leak victims after ransomware attack.
  5. All that glitters. New Ransomware-as-a-Service group Eldorado targets virtualised environments.
  6. Patch time. Microsoft rolls out security patches and researchers discover new critical RADIUS flaw. 

Zywave IR Team of the Year 2024

 

1. Fallout from Snowflake data breach continues as more victims emerge

Following Ticketmaster and Santander, Advance Auto Parts, Neiman Marcus Group, AT&T, and QuoteWizard have now reported data breaches linked to cloud storage provider Snowflake, with over a billion records stolen across these companies. Security researchers have linked the breaches to a campaign targeting compromised Snowflake user credentials, and 165 potentially exposed organisations have been notified. Snowflake has added a new feature allowing administrators to enforce mandatory MFA to protect their accounts.

So What?

Organisations should have a clear understanding of the shared security responsibility model that comes with supplier relationships and implement robust identity and access management controls on cloud platforms.

[Researcher: Milda Petraityte] 


2. Hackers leak almost 10 billion passwords in largest-ever password compilation

Hackers have leaked almost 10 billion passwords in a text file named ‘rockyou2024’ on the dark web hacking forum BreachForums. The data was posted by the forum member ‘ObamaCare’ on 4 July, and is thought to be the largest ever password compilation. The majority of the passwords are believed to be from old breaches.

So what?

To protect against credential stuffing attacks, it is important to periodically change your passwords to prevent the reuse of stolen credentials and change any which have been involved in data breaches.

[Researcher: David Broome]


3. State-backed hackers are targeting end-of-life routers, Australia warns

The Australian Cyber Security Centre has released a joint advisory with other international agencies warning organisations that vulnerable small-office/home-office devices such as routers are being increasingly targeted by various state-backed hacking groups. Insights from the advisory reveal groups including APT40 are performing reconnaissance to identify end-of-life devices, before deploying exploits to compromise the device, and obfuscate malicious activity as legitimate traffic.

So what?

It is important to ensure the systems within your environment are up to date, as older non-supported versions remain vulnerable to attacks.

[Researcher: Adelaide Parker]


4. Philippine Health Insurance Corporation reprimanded for not notifying data leak victims

A ransomware attack on the Philippine Health Insurance Corporation (PhilHealth) in September 2023 led to the data of 42 million people being leaked on the dark web. PhilHealth's failure to notify those affected has drawn severe criticism from the Philippine House of Representatives.

So what?

Organisations are obligated to adhere to local data protection regulations. Non-compliance could result in serious repercussions.

[Researcher: Aditya Ganjam Mahesh]


5. Emerging Ransomware-as-a-Service group Eldorado targets virtual environments

A new double-extortion ransomware group called Eldorado is targeting VMware ESXI and Windows Virtual Machines for encryption. S-RM has observed the appearance of multiple new RaaS groups in the wake of the recent law enforcement actions and the disappearance of former key players LockBit and BlackCat.

SO WHAT? 

Virtualised environments are a common target for attackers since they often do not support third party security tooling and are prone to misconfigurations and vulnerabilities.

[Researcher: Lena Krummeich]


6. Microsoft rolls out security patches and critical flaw ‘Blast-RADIUS’ is discovered

Microsoft has released fixes for 139 bugs in its July edition of Patch Tuesday, including four zero-day vulnerabilities, two of which are actively being exploited in the wild.

Separately, researchers have discovered a new critical flaw dubbed ‘Blast-RADIUS’ which could allow attackers to gain unauthorised access to networks and devices that use RADIUS/UDP protocol for authentication. One way organisations can defend against potential attacks is by upgrading to RADIUS over TLS.

So what?

Organisations should remediate known vulnerabilities as soon as possible to minimise the risk of a security incident, prioritising remote code execution and privilege escalation bugs.

[Researcher: Anna Tankovics]

 

SUBSCRIBE TO RECEIVE OUR WEEKLY CYBER THREAT INTELLIGENCE BRIEFING VIA EMAIL

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Editors

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.