0:00

From the CISO series, it's

0:02

cybersecurity headlines. These

0:07

are the cybersecurity headlines for Tuesday,

0:09

June 18, 2024. I'm

0:13

Lauren Vernau. Snowflake

0:19

breach escalates with ransom demands

0:21

and death threats. As

0:25

many as 10 companies are facing ransom

0:27

payments between $300,000 and $5 million following

0:32

a breach against cloud-based data

0:34

analytics firm Snowflake earlier this

0:36

month. According to Mandiant,

0:38

who has helped lead Snowflake's case,

0:41

the hacking scheme has quote,

0:43

entered a new stage, end

0:45

quote, as the ransom demands

0:48

flow in, as well as

0:50

death threats against the cybersecurity

0:52

experts investigating the breach. The

0:55

hackers gain access to the information

0:57

by targeting Snowflake users using

0:59

single-factor authentication techniques. Mandiant

1:02

has said it anticipates a

1:05

ransomware group to quote, continue

1:07

to attempt to extort victims,

1:09

end quote. MITRE

1:14

has a memo for the president. MITRE

1:19

is weighing in on where the

1:21

incoming administration should set its focuses

1:23

next year, regardless of who wins

1:25

the 2024 election. The

1:28

memo was broken into four

1:30

different priorities, number one being

1:32

protecting critical infrastructure, followed

1:35

by implementing zero trust

1:37

in S-BOMBS, preparing for

1:39

quantum computing, and clarifying

1:41

cybersecurity leadership roles. These

1:44

recommendations emphasize upgrading legacy

1:46

systems, enhancing security practices

1:49

at local and state

1:51

levels, and ensuring readiness

1:53

for post-quantum cryptography. Additionally,

1:56

MITRE suggests making the cybersecurity

1:58

and infrastructure secure. Security Agency,

2:00

or CISA, an independent agency,

2:03

mapping out roles and responsibilities

2:05

of cybersecurity personnel within the

2:08

first 90 days. Velvet

2:14

Ant maintained three-year cyber

2:16

espionage campaign. This

2:19

threat actor wasn't going down without a fight.

2:23

Researchers at Signia have uncovered

2:25

a prolonged, sophisticated cyber espionage

2:27

campaign by China's Velvet Ant

2:29

Group, targeting a large company

2:31

in East Asia. Despite

2:34

repeated eradication attempts, the threat

2:36

actor maintained persistence for about

2:39

three years by exploiting legacy

2:41

and unmonitored systems, particularly using

2:43

an old F5 BIGIP appliance

2:47

for internal command and control. Give

2:53

me the credentials or else. The

2:58

UNC 3944 Cyber Gang,

3:00

best known for its involvement

3:03

in recent attacks on Snowflake

3:05

and MGM Entertainment, is now

3:07

targeting SaaS applications. Mandi

3:10

and researchers claim they personally

3:12

eavesdropped on the threat actor's

3:14

calling help desk to ask

3:16

staff to reset passwords without

3:18

MFA. Now if that

3:20

failed, the criminals would resort to

3:23

fear-mongering tactics, including threats

3:25

of physical harm to victims

3:27

and their families, and

3:29

an attempt to quickly find a way

3:32

to gain persistent access. Mandi

3:34

and reports that the

3:37

group is targeting organizations,

3:39

including VMware's vCenter Management

3:41

Tool, Cyberarc, Salesforce, Azure,

3:43

among others. And

3:51

now word from our sponsor, Vanta.

3:53

When it comes to ensuring your

3:56

company has top-notch security practices, things

3:59

can get complicated. Vanta

4:02

automates compliance for Salk2, ISO

4:04

27001 and more, saving

4:07

you time and money. With

4:11

Vanta, you can unify your security

4:13

program management and proactively manage security

4:15

reviews with

4:19

AI-powered security questionnaires. Our

4:22

listeners get $1,000 off at

4:24

vanta.com/headlines. That's

4:29

V-A-N-T-A dot

4:32

com slash headlines. Los

4:39

Angeles Public Health Breach impacts 200,000.

4:43

All it takes is one person to click

4:45

the bad guys link. We've all

4:47

heard this story before, but the Los

4:50

Angeles Department of Public Health says the

4:52

personal information of 200,000 individuals has

4:55

been compromised after an employee fell victim

4:58

to a phishing attack back in February.

5:00

The attack led to the compromise of

5:03

53 public health employees' login credentials,

5:07

which allowed attackers to gain access

5:09

to personal information, including names, social

5:11

security numbers, diagnosis

5:14

and prescriptions. Empire

5:20

Market Operators Face Life for

5:22

$430 Million Scheme Two

5:27

of the suspected operators behind the prominent

5:29

dark web marketplace, Empire Market, is

5:33

facing life in prison for their part of

5:35

facilitating more than $430 million in dark web sales.

5:40

While users could buy everything from illicit drugs

5:43

to counterfeit currency, the DOJ has

5:45

charged the pair with

5:48

also helping cybercriminals conduct nearly

5:50

4 million transactions.

5:53

38-year-old Thomas Pavi and 28-year-old

5:55

Raheem Hamilton operated

5:58

the platform from 28-year-old Thomas Pavi. prior

6:00

to starting Empire Market, they

6:03

sold counterfeit U.S. currency on

6:06

the now shut down Alpha Bay. The

6:12

entire town has been breached. Every

6:16

single household within an entire region

6:18

of Scotland is receiving a

6:21

letter warning them that their medical data was

6:24

most likely stolen in a ransomware attack. The

6:27

Inc. Ransomware Group responsible for the attack

6:30

had threatened to release the data unless an

6:32

extortion payment was made, which

6:34

the health trust refused. NHS,

6:37

Dumfries and Galloway's chief executive,

6:41

Julie White, advises all 150,000 residents

6:45

to assume their data has been compromised

6:48

and to be vigilant against potential

6:50

scams. Insurance

6:55

company, Globe Life reports attack. The insurance

6:57

company, Globe Life, which

6:59

oversees more than 17 million policies, disclosed

7:04

a data breach in a filing with the SEC

7:06

last week. The company says they have

7:08

launched an investigation into, quote,

7:11

potential vulnerabilities related to access

7:13

permissions and user identity

7:15

management for a company web portal, end

7:18

quote. It appears the vulnerabilities allowed access

7:21

to consumer and policyholder information, but the report

7:23

did not say how many people or

7:26

what information may have been impacted. Globe

7:31

Life says they have removed access

7:33

to the affected portal and that

7:35

all other systems remain operational. How

7:40

do you manage the risk introduced by your

7:42

staff? This can range from having written passwords

7:45

in plain sight to

7:47

using insecure operating systems

7:49

on BYOD devices. Staff

7:52

can show almost as much creativity as threat

7:54

actors when

7:56

it comes to putting an organization at risk.