This week
Email accounts of Microsoft execs compromised by Russian actors
- Microsoft says that Russian-linked actors from Midnight Blizzard (aka APT29 or Cozy Bear) compromised the email accounts of senior leadership, cyber security, legal and other employees to find out what Redmond knew about the group.
- The accounts were compromised via a “password spray attack” in November 2023 against a “legacy non-production test tenant” that was then able “to access a very small percentage of Microsoft corporate email accounts.” Microsoft detected the attack on 12th January, around two months later.
Bumper password dump contains 25 million new, unique credentials
- A new password dump containing nearly 71 million unique credentials has been added by Troy Hunt to Have I Been Pwnd? The dump contained around 25 million passwords that weren’t previously in the breach database, pointing to new accounts or services compromised by credential stuffing, phishing or other info-stealer malware. Cybercriminals have been trading the dump on underground forums over the last four months.
Interesting stats
2x (£25M) spent by the British government on overseas cyber security programmes to aid foreign governments in improving their cyber resilience in 2022-23 compared to the previous year, according to the Cabinet Officer minister.
❓What is the estimated financial impact of the cyber attack against Ukraine’s Kyivstar telco? A) $35M, B) $95M, C) $152M? Answer.
Other newsy bits / in brief
-
Internet services in Gaza have been disrupted for over a week after damage to Paltel infrastructure in Khan Younis (a city in the south of Gaza). The outage is the most prolonged blackout since the Israel-Hamas conflict began in October 2023.
-
Integrity: Fujitsu and the Post Office knew about bugs in the Horizon IT system “from the very start”, according to testimony from a Fujitsu exec. “I have seen some evidence of editing witness statements”, Paul Patterson, Fujitsu’s European chief, told the public inquiry.
-
The British Library has begun restoring its digital services after a ransomware attack 11 weeks ago. The full programme may take the rest of the year at an estimated cost of £6 million (vol. 7, iss. 1).
-
VF Corporation, owner of brands including Vans and The North Face, says that attackers stolen the personal data of over 35 million customers from the company in December 2023. The disclosure was made in a regulatory filing, which did not mention the types of stolen information but did mention that some systems were encrypted, suggesting it was a ransomware attack.
-
The US’ Cyber Safety Review Board needs greater transparency around how it selects members and incidents to investigate, plus the power to subpoena companies, Congress heard this week. Addressing the lack of authorities and dependence on the participation of companies in investigations will close the gap to the National Transportation Safety Board, after which the group was modelled.
-
Threat researchers at Google say that Coldriver (aka Star Blizzard), linked to Russia’s Federal Security Service (FSB), is switching up from credential phishing to using custom backdoor malware delivered by email to achieve their objectives. The Coldriver group targets academia, defence industrial base, government organisations, politicians, and think tanks in NATO countries.
-
PixieFail: Nine vulnerabilities in the IPv6 stack of Tiancore’s popular EDK II library can lead to denial of services, DNS cache poisoning, network session hijacking, and remote code execution. The Preboot Execution Environment (PXE, or pixie) is a spec allowing computers and network devices to be installed or configured at boot.
-
Database servers with default passwords are being compromised by automated bots and their contents deleted, upon which the attacker demands a ransom to ‘restore’ the data… having only ‘backed up’ the first 10-20 rows of data.
-
BreachForums administrator Connor Fitzpatrick was sentenced to 20 years of supervised release by a federal judge this week. The 21-year-old, aka pompompurin, pleaded guilty to owning and operating the cybercrime forum and possessing child pornography in July 2023.
📚 Long reads:
- How a 27-Year-Old Codebreaker Busted the Myth of Bitcoin’s Anonymity is an excellent piece by Andy Greenberg about Sarah Meiklejohn whose love of puzzles helped her prove what we all take for granted now: that Bitcoin is not anonymous.
- The Scourge of Ransomware: Victim Insights on Harms to Individuals, Organisations and Society (PDF) from researchers at RUSI, looks at the structure of ransomware harms to those directly impacted, indirectly effected, and cumulative effects on society.
🪲 Patch now:
- Atlassian Confluence customers “must take immediate action” to patch CVE-2023-22527 (10/10), a remote code execution vulnerability, according to the vendor. Advisory
- VMware vSphere environments vulnerable to CVE-2023-34048 (9.8/10), which was patched in October 2023, are now under active attack by Chinese espionage group, according to Mandiant. Advisory.
- Citrix Netscaler has two zero-day vulnerabilities, CVE-2023-6548 (5.5/10) and CVE-2023-6549 (8.2/10), though access to existing accounts s necessary to exploit them. Advisory
- Ivanti Connect Secure and Policy Secure are subject to an emergency directive from the US cyber defence agency following “widespread and active exploitation of vulnerabilities” (vol. 7, iss. 2).
🚀 Investments, mergers and acquisitions:
- Snyk has acquired microservices security firm Helios for an undisclosed sum.
- Oleria, a platform with an “adaptive approach to identity security”, has announced a $33 million Series A funding round. The platform isn’t generally available yet but promised to secure “over-provisioned and complex” app access. It sounds similar to Push Security.
And finally
- GCHQ has released photographs and diagrams of Colossus — one of the first digital computers — to mark the 80th anniversary of the World War II code-breaking machines.
Answer
- $95 million is the estimated impact of the cyberattack on Ukraine’s Kyivstar telco, according to parent company Veon, which is largely revenue loss and customer loyalty measures.