22 November 2024

6 min read

'Hacker' gains access to Matt Gaetz depositions | Cyber Intelligence Briefing: November 22, 2024

November 2024
'Hacker' gains access to Matt Gaetz depositions | Cyber Intelligence Briefing: 22 November 2024
'Hacker' gains access to Matt Gaetz depositions | Cyber Intelligence Briefing: November 22, 2024
4:33

Top news stories this week

  1. Exposed. Unauthorized third-party gains access to Matt Gaetz depositions.
  2. Red handed. Phobos ransomware administrator arrested in South Korea and Scattered Spider members charged in the US.
  3. Pay up. Meta faces multiple repercussions from 2021 data breach.
  4. Phishing beware. Malware delivered by mail and Trump assassination story used as bait in phishing campaigns.
  5. Muddy waters. Cybersecurity issues impact the resilience of critical national infrastructure in the UK and the US.
  6. Deepfake. Hackers hide infostealers behind legitimate-looking AI image editing tools. 

 

1. 'Hacker' gains access to Matt Gaetz depositions

An unauthorized third-party has accessed witness depositions from a US congressional ethics investigation into former congressman Matt Gaetz, even as the House Ethics Committee reportedly remains deadlocked on whether the results of the investigation should be released. Gaetz, who has since withdrawn as nominee for the US Attorney General position, denies any wrongdoing.

 

The documents were accidentally exposed to the internet via the file sharing platform ShareFile after being incorrectly configured, leading to an unknown user named ‘Altam Beezley’ downloading them.

So What?

When sharing and hosting sensitive documents on third-party platforms, it is crucial to control and verify who is able to access them.

[Researcher: David Broome] 


2. US law enforcement charges Phobos administrator and Scattered Spider members 

A suspected administrator of Phobos ransomware, Evgenii Ptitsyn, was apprehended in South Korea and extradited to the US to face legal charges. The Russian national is accused of distributing the Phobos strain on dark web markets to affiliates who then successfully attacked both private and public US institutions. It is estimated that the group received more than USD 16 million in extortion payments.

Separately, five members of the ransomware group Scattered Spider have been charged in US courts. The threat group is responsible for prolific hacks including the attack on MGM Resorts last year. The four American nationals and one UK national arrested face potential sentences of 25 years each.


So what?

US law enforcement continues collaborative efforts to unmask the operators of ransomware and tackle cyber crime.

[Researcher: Adelaide Parker]


3. German court allows thousands to seek compensation from Meta over 2021 data breach  

A German court has ruled that thousands of individuals affected by the 2021 Facebook data breach are entitled to seek compensation of EUR 100 without them having to prove specific financial loss or that their data was misused. The ruling follows a EUR 265 million fine imposed on Meta in 2022 by the Irish Data Protection Commission in response to the same incident.

So what?

Organizations operating in different jurisdictions with varying regulatory frameworks may incur multiple liabilities and fines in the event of a cyber incident.

[Researcher: Aditya Ganjam Mahesh]


4. Malware delivered by mail and Trump assassination story used as bait in phishing campaigns  

Cyber criminals used the Swiss postal service to distribute malicious QR codes, purporting to be from the Swiss Federal Office of Meteorology and Climatology. The letters encouraged recipients to download a Severe Weather Warning app onto their Android devices from a third-party app store. The app contained malware aimed at stealing credentials from other installed apps, such as banking applications.

In a separate phishing campaign, attackers impersonated the New York Times and used a fake Trump assassination story to lure victims into clicking a link and harvest their credentials.

SO WHAT? 

Phishing techniques constantly evolve but some key rules remain; look out for typos in the company name and domain they try to impersonate, and only download applications from trusted app stores.

[Researcher: Anna Tankovics]


5. Cybersecurity issues impact the resilience of critical national infrastructure in the UK and the US

Two separate investigations have disclosed the resilience gaps of water treatment companies in the UK and the US. Thames Water in the UK utilises obsolete technology dating back to 1980s, making it susceptible to outages and cyber attacks. Separately, almost 100 water treatment systems in the US contain multiple critical vulnerabilities and cybersecurity gaps, and have previously been struck by ransomware.

SO WHAT? 

Vulnerabilities of end-of-life technology can no longer be patched, which makes them an easy target for cybercriminals. Organizations should enforce routine patch management and replace legacy IT infrastructure.

.[Researcher: Milda Petraityte]


6. Criminals hide infostealers in fake AI photo and video editors  

Hackers are hiding infostealers and other malware in fake AI image generators circulating on social media. The infostealer variants, such as Lumma Stealer for Windows and AMOS for macOS, extract sensitive data such as login credentials, cookies, browsing history, credit card details, and cryptocurrency wallet information once downloaded.

So what?

Avoid downloading items from unverified sources, as doing so can severely compromise the security of your personal data.

[Researcher: Lena Krummeich]

 

SUBSCRIBE TO RECEIVE OUR WEEKLY CYBER THREAT INTELLIGENCE BRIEFING VIA EMAIL

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cybersecurity news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Editors

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.