Top news stories this week
- Lessons learned. Microsoft receive heavy criticism for the 2023 email compromise of US officials.
- Close call. Linux avoid potentially catastrophic cyber attack.
- Security shakedown. AT&T suffer data breaches impacting millions of their customers
- On alert. US State Department investigates alleged third-party data breach.
- Tunnel Vision. New ransomware group "SEXi" targets Chilean data centre
1. Microsoft failures highlighted in response to Chinese state actor attacks
President Biden’s independent review board has cited multiple Microsoft failures in reference to an attack in 2023 where Chinese hackers compromised inboxes of senior US government officials. The compromise enabled the illicit download of 60,000 emails from the US State Department. The board criticised Microsoft for its inadequate security measures and for issuing misleading public statements.
So what?
Organisations should ensure they have the people, processes, and technology in place to respond to a worst-case scenario. Carrying out a gap analysis against an industry standard or framework is a suitable starting point.
[Researcher: Adelaide Parker]
2. Engineer prevents a major Linux-origin supply chain attack
A Microsoft software engineer has discovered a backdoor in a software tool widely used across Linux devices, known as XZ Utils. The malicious code is thought to have been crafted and intentionally placed by an unidentified individual over multiple years. The discovery prevented a potentially catastrophic supply chain attack.
So what?
If using open source software within your environment, it is crucial to stay vigilant about security advisories of this nature to protect your organisation.
[Researcher: Adelaide Parker]
3. AT&T scrutinised following data breaches
American telecoms giant AT&T is facing multiple lawsuits following a data breach which impacted 73 million former and existing customers. The discovery of the breach occurred when AT&T customers' sensitive personal information, including Social Security Numbers, appeared on the dark web.
So what?
Organisations should consider investing in dark web monitoring services, enabling them to promptly detect and react to potential data breaches.
[Researcher: Ineta Simkunaite]
4. US State Department investigates data theft claims
The US Department of State is investigating claims that a threat actor named "IntelBroker" has stolen government data from the technology consulting firm Acuity. IntelBroker claims to have obtained data belonging to multiple US agencies, including the State Department, the Defense Department, and the National Security Agency. Acuity confirmed that attackers stole documents containing only old and non-sensitive data.
So what?
Organisations must conduct regular vendor assessments, which include a review of their security policies, data handling practices, compliance with relevant regulations, and incident response plans.
[Researcher: Ineta Simkunaite]
5. Ransomware attack brings data centre operations to a halt
A new ransomware group dubbed SEXi has targeted the Chilean data centre and hosting provider, IxMetro. The attack encrypted IxMetro’s VMware ESXi servers and backups. Websites and services hosted on these went offline, with threat group demanding USD 140 million in ransom payments.
So what?
All organisations should prepare for unplanned system outages. Well-practiced disaster recovery and business continuity plan can significantly reduce operational downtime.
[Researcher: Adelaide Parker]