This week
-
Ollie Whitehouse, NCSC’s CTO, kicked off the agency’s CyberUK event with a warning and call-to-action to technology companies to up their software cyber resilience game. LINK
-
Sticking with NCSC, who has launched has launched a ‘Personal Internet Protection’ service for “high-risk” targets, including parliamentary candidates and others working in politics, academia, journalism and the legal sector. The service uses a custom DNS server to block known command and control domains and warn if a user tries to visit a known malicious domain. LINK
-
An Arizona woman has been accused of using stolen identities to help North Korean workers get remote IT jobs at Fortune 500 companies. Prosecutors say that Christina Marie Chapman raised $6.8 million through the scheme, which also involved her running a ‘laptop farm’ from her home to act as proxy devices so the North Koreans appeared to be connecting from residential US IP addresses. LINK
-
A new ESET report looks at the Ebury Linux malware and compromise of OpenSSH servers, including those operated by kernel.org, where the core parts of the Linux operating system are developed. Thankfully, it is a commercially motivated cybercriminal organisation rather than a nation-state behind the compromise. LINK
Interesting stats
$300,000 is the asking price for the ‘INC’ ransomware source code, currently listed on a cybercrime forum. LINK
Other newsy bits / in brief
🤓 Interesting reads:
- Bruce Schneier on AI large-language model’s data-control path insecurity. There are interesting parallels with phone systems until the 80s. LINK
⚠️ Incidents:
- A “technology security issue” is disrupting Christie’s, with the company taking their website offline. The auction house is selling at an expected price of $850 million, up for sale this week. LINK
- Engineering firm Arup lost £20 million ($25M) in a CFO impersonation scam that utilised deepfake video. LINK
- Dell’s data breach gets worse: the cybercriminal claiming to have stolen 49 million customers’ information from a Dell support portal has shared screenshots of data in a second portal with journalists. Dell’s communications around the incident have been poor. Ireland’s Data Protection Commission (DPC) has been notified and is assessing the breach. LINK, DPC
🏴☠️ Ransomware:
- Health sector organisations — hospitals, insurers, pharmacists — continue to be targeted: Australian prescription provider MediSecure has suffered a ransomware attack; US health insurance service provider WebTPA Employer Services has disclosed a data breach affecting 2.5 million individuals; Mississippi-based Singing River Health System estimates 895,000 people are affected by an August 2023 ransomware attack. MEDISECURE, WEBTPA, SINGING
👮 Law Enforcement:
- BreachForums, a major cybercrime forum, has been seized by the FBI. A previous incarnation was seized in July 2023. Law enforcement from the UK, New Zealand, Australia, Switzerland, Ukraine and Iceland took part, alongside the FBI and Department of Justice. LINK
💰 Investments, mergers and acquisitions:
Consolidation in the SIEM space this week…
- LogRhythm and Exabeam have announced a merger. LogRhythm has a large customer base but has struggled to modernise its SIEM products, while Exabeam has a ‘next-gen’ offering and a smaller customer base. On paper, ‘ExaRythm’ (or Logabeam?) looks like a good option for both companies amid a consolidating cyber security market. LINK
- Palo Alto Networks is buying IBM’s QRadar cloud SIEM business. IBM will adopt Palo Alto’s products and train 1,000 consultants in them. Palo Alto will include IBM’s Watson LLM alongside its existing models from Google. (H/t Matt) LINK
And finally
- At its flagship Google I/O event, the company demoed an upcoming AI feature for Android handsets that will see AI listen in on phone calls and alert users if they appear to be scammers. If you can get the models to run locally — thereby negating privacy concerns — then I can see fears like this helping negate a whole raft of basic attacks that defraud people of millions each year. LINK