Tuesday Morning Threat Report: June 25, 2024
Where the news is always bad, but the analysis is always good.
Good morning all and happy Tuesday!
China recruits teens to hack the U.S., the U.S. bans Kaspersky, and ShinyHunters tells Wired about their Snowflake hack. Let’s dive in!
Top Stories:
This week’s biggest headlines. Analysis section below.
China Recruits Teens To Hack U.S.: A report by ETH Zurich’s Center for Security Studies found that Chinese intelligence agencies use competitions to recruit young hackers for cyberattacks against the U.S.
24 Million Students’ Data Leaked: The Los Angeles Unified School District suffered a massive data breach. The stolen records, which includes personal information on 24 million students and 55,000 teachers, is being sold on hacking forums.
300M Patient Records Released: The Qilin ransomware gang hacked Synnovis, a medical software producer in the U.K. Negotiations broke down after Qilin demanded $50 million in ransom, so Qilin has released 300 million patient records.
AMD Data Breach?: A hacker known as “IntelBroker” is selling data allegedly stolen from semiconductor manufacturer AMD. The data includes future product plans, databases on customers, and source code.
“Security Researchers” Stole Cryptocurrency: Three people claiming to be security researchers discovered a vulnerability in the Kraken cryptocurrency platform. They used the vulnerability to steal $3 million in cryptocurrency, reported the vulnerability to Kraken, and now are refusing to return the $3 million.
Scattered Spider Arrest: The FBI and Spanish police collaborated to arrest an alleged member of Scattered Spider. Scattered Spider is a hacking gang composed of young men from America and the U.K. that specializes in social engineering attacks.
Swedish Satellites Jammed: Sweden has reported that their satellites have been experiencing “harmful interference” from Russia ever since Sweden joined NATO. A representative for the Kremlin replied and denied any wrongdoing on Russia’s part.
Kaspersky Banned: Citing national security risks, the U.S. government banned Kaspersky software. Kaspersky, a Russian cybersecurity firm, will be blocked from selling software or providing updates to its U.S. customers.
My Takeaways
Analysis based on this week’s news and my experience in the industry. More headlines below in the Lower Echelon.
Is Everything National Security Now?: Kaspersky is, in my mind, the Russian “Mandiant.” Kaspersky offers numerous cybersecurity solutions, including antivirus software and post-breach forensic investigations. Starting on July 20, Kaspersky will not be allowed to sell software in the U.S. For Kaspersky’s existing U.S.-based customers, Kaspersky can no longer offer software updates. The U.S. government is encouraging American businesses who use Kaspersky to quickly find and migrate to a different solution.
The ban the U.S. enacted on Kaspersky software is a first-of-its-kind ban. The ban leverages special permissions the government granted itself during the Trump administration. The ban cites the Russian government’s influence over Kaspersky, saying that the influence makes Kaspersky software a national security risk. Moreover, the U.S. Treasury also sanctioned Kaspersky executives, but the reason why is unclear. As far as I can tell, the executives’ lone “crime” is that they work for a Russian company that does business with the Russian government. It’s worth noting, six months ago, Kaspersky was the firm that uncovered “Operation Triangulation,” a yearslong hacking campaign the U.S. government conducted to spy on iPhone users around the world, including many Russians.
I recognize that software produced in countries hostile to the U.S. can be a security vulnerability, but I dislike the precedent of banning a company and sanctioning their executives without even alleging any wrongdoing. Nowhere in the ban was it stated that Kaspersky software was discovered to be surveilling users. Nowhere in the sanctions did it mention that Kaspersky executives had done anything illegal or underhanded. It’s a dangerous precedent to arbitrarily punish companies and private citizens because we dislike the actions of their governments. Do I think the U.S. government should be reliant on cybersecurity software from China or Russia? Of course not. It makes sense to ban it for government and military purposes. However, Kaspersky makes a top-rated antivirus with 400 million customers worldwide. There has never been a demonstrated reason to distrust them. If a local bakery in my area wants to use Kaspersky antivirus, they should be allowed to make that decision for themselves.
The Lower Echelon:
Interesting cybersecurity news that didn’t quite make the cut to be a top story.
ShinyHunters Tells All: ShinyHunters, the hacking group that breached TicketMaster’s and Santander’s Snowflake accounts, told Wired that to conduct the Snowflake account takeovers, they first hacked contractors that worked for those companies.
Apple Patches Vision Pro: Apple has patched a vulnerability in its Vision Pro virtual-reality headset that was discovered by a white hat hacker. The vulnerability allowed a malicious website to spawn 3D graphics in the headset.
French Government Targeted: Russian state-sponsored hacking group Midnight Blizzard has been observed targeting French diplomatic entities. The attacks are aimed at stealing the email accounts of France’s diplomatic staff.
Intel Chip Vulnerabilities: Cybersecurity researchers have disclosed a vulnerability that affected numerous Intel processors. This since-patched vulnerability would allow a local attacker to execute malicious code and establish a backdoor.
Globe Life Data Breach: Globe Life, a Texas-based insurance company, made an SEC filing stating it is investigating a data breach after it discovered a misconfiguration that allowed unauthorized users to access personal information on policyholders and customers.
Los Angeles County Data Breach: The Los Angeles County Department of Public Health suffered a data breach after a successful phishing attack stole 53 employees’ credentials. Stolen data includes social security numbers, medical diagnosis, and financial information.
CISA Advisory Regarding ALPR: The Cybersecurity and Infrastructure Security Agency (CISA) released an advisory highlighting security risks in Motorola’s Automatic License Plate Reader (ALPR). ALPRs are used to track people and traffic patterns.
Amtrak Data Breach: Amtrak is investigating an alleged data breach of their Amtrak Guest Rewards service. The data breach is believed to have originated from credential theft of a third-party Amtrak relies on.
On the right side of this page, you can follow and subscribe to receive this newsletter to your inbox weekly (no Medium account needed, just sign in with Google)!
Thanks for reading! See everyone next week!
About the author: Mark is a cybersecurity architect and consultant for leading cybersecurity consultancy Aujas.
