This week has seen significant developments in cybersecurity, with news ranging from arrests of ransomware operators to data breaches at major corporations. Staying informed with TCE Cyberwatch about these threats is crucial for protecting yourself and your loved ones online.
Here’s a quick rundown of the top cybersecurity stories you need to know:
TCE Cyberwatch: Rundown of Top Cybersecurity News
Two Foreign Nationals Nabbed for Millions in LockBit Attacks
Two foreign nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, have pleaded guilty in Newark federal court for their involvement with the ransomware group LockBit. This group attacked over 2,500 victims in 120 countries, including 1,800 in the U.S., extorting hundreds of millions of dollars in ransom between 2020 and 2024. Recent disruptions in February, led by the UK National Crime Agency, FBI, and other partners, seized LockBit’s servers, significantly impairing its operations.
Astamirov and Vasiliev admitted to deploying LockBit, with Astamirov extorting $1.9 million and Vasiliev causing $500,000 in damages. Law enforcement is actively pursuing other LockBit members, including its creator, Dmitry Yuryevich Khoroshev, who faces a $10 million reward for his capture. U.S. Attorney Philip R. Sellinger emphasized the commitment to holding cybercriminals accountable. Victims are encouraged to contact the FBI and visit justice.gov for assistance and case updates. Read More
Indian Government Admits Data Breach at BSNL
India has confirmed a data breach in the systems of Bharat Sanchar Nigam Limited (BSNL), the country’s largest government-owned telecommunications service provider. The BSNL data breach, reported on May 20, 2024, marks the second such cyberattack in six months.
India’s Minister of State for Communications, Chandra Sekhar Pemmasani, confirmed the breach on July 24 in response to a query from opposition MP Amar Singh in Parliament.
The breach was first disclosed by Indian firm Athenian Tech in its threat intelligence report. According to the report, a threat actor operating under the alias “kiberphant0m” leaked a significant amount of sensitive data, affecting millions of users. Read More
Leidos Faces Data Breach, Internal Documents Compromised
Hackers have leaked internal documents stolen from Leidos Holdings Inc., a major U.S. government IT services provider, according to a source familiar with the situation. The company recently discovered the breach and believes the documents were taken during a previously disclosed compromise of a third-party system it used.
Leidos, which serves clients including the Department of Defense, Department of Homeland Security, and NASA, is investigating the matter. Following the news, the company’s stock initially fell more than 4% in after-hours trading before recovering most of its losses. Formed in 2013 through the acquisition of Lockheed Martin Corp.’s IT business, Leidos was the largest federal IT contractor in the 2022 fiscal year, with $3.98 billion in contract obligations, according to Bloomberg Government data. Read More
Mimecast Acquires Code42 to Boost Human Risk Management
Mimecast, a global Human Risk Management (HRM) platform, has announced its acquisition of Code42, a leading name in insider threat management and data loss prevention. While the financial terms of the deal have not been disclosed, this strategic move signifies Mimecast’s commitment to transforming how organizations handle human-centered security risks.
This acquisition aligns with Mimecast’s robust strategy to address human risk. Recently, the company unveiled its connected HRM platform and Mimecast Engage™ human risk awareness and training offering. Mimecast will continue to support Code42’s existing customer base, and Code42’s Incydr™ product is now available to Mimecast customers, with plans to integrate these capabilities into the Mimecast platform over the coming months. Read More
KnowBe4 Catches North Korean Spy in Elaborate Hiring Scam
KnowBe4, a Florida-based security awareness training firm, recently disclosed that a North Korean operative posing as a software engineer bypassed their hiring background checks and attempted to plant malware on a company workstation within the first 25 minutes of employment. The operative used a Raspberry Pi to download malware, manipulate session history files, and execute unauthorized software. The incident, detected by KnowBe4’s security team, highlighted the sophisticated techniques employed by the operative, including the use of AI deepfakes and exploiting weaknesses in the hiring process.
The firm swiftly contained the compromised workstation, ensuring no access was gained. This case is part of a broader scheme where North Korean IT workers infiltrate U.S. companies, earning substantial sums for North Korea. KnowBe4’s CEO, Stu Sjouwerman, emphasized the severe risk posed by such sophisticated threats, noting that the operatives often work remotely through VPNs from locations in North Korea or China. Read More
Key Leadership Change at CISA as Wales Departs
Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly has announced significant leadership changes within the agency. This transition marks the departure of Brandon Wales, who has served as Executive Director for several pivotal years. Bridget Bean will succeed him as the next director of the agency.
Reflecting on Wales’s tenure, Director Easterly expressed deep gratitude, stating, “Brandon has guided CISA through some of the most serious threats facing our nation.” With over two decades of federal service, Wales played a crucial role in shaping CISA into its current form, navigating challenges such as the SolarWinds breach and the Colonial Pipeline ransomware attack. His departure, planned collaboratively, ensures a seamless transition to new leadership. Read More
Wiz Rejects $23 Billion Google Bid, Eyes IPO
Wiz, the Israeli cybersecurity firm, has turned down an astonishing $23 billion acquisition offer from Alphabet Inc., Google’s parent company. This decision represents a pivotal moment in Wiz’s journey, as the company chooses to pursue its original plan of going public rather than being acquired.
In an internal memo obtained by various media outlets, Wiz CEO Assaf Rappaport outlined the company’s new strategy. “Let me be clear: our next milestones are achieving $1 billion in ARR and launching an IPO,” Rappaport stated, underscoring the firm’s ambitious goals despite the lucrative acquisition offer.
Rappaport acknowledged that the decision was difficult, but emphasized the company’s confidence in its team and its potential to succeed on its own. Read More
India Unveils Ninth Focus Areas for Budget 2024-25
On July 23, Indian Finance Minister Nirmala Sitharaman unveiled the historic seventh consecutive Budget for the fiscal year 2024-25, surpassing the previous record set by former Prime Minister Morarji Desai. This Budget is the first presented under the BJP-led NDA government since its re-election in June.
The Union Budget 2024-25 highlights nine key priorities designed to stimulate growth and create opportunities across various sectors. Read More
Critical Flaws Discovered in Philips Medical Imaging System
Philips has revealed multiple vulnerabilities in its Vue Picture Archiving and Communication System (PACS), which poses significant risks to the global healthcare sector. This system, widely used in hospitals and diagnostic centers, is crucial for managing and transmitting medical images such as X-rays, MRI scans, and CT scans. It integrates seamlessly with Electronic Medical Records (EMR) and Radiology Information Systems (RIS).
On July 18, 2024, Philips issued a security advisory identifying vulnerabilities in versions of Vue PACS prior to 12.2.8.410. These vulnerabilities, categorized as High and Critical severity, expose the system to potential cyberattacks. The advisory details issues including deserialization of untrusted data, out-of-bounds writes, and uncontrolled resource consumption. Read More
From ransomware takedowns to data breaches and leadership changes in cybersecurity agencies, this week’s TCE Cyberwatch has been a whirlwind of activity. These stories highlight the evolving landscape of cyber threats and the importance of staying vigilant. Remember, you can find more details and resources on each story by following the “Read More” links.