Cisco DevHub Breach, Impersonated IT Threats, Election Mail Security – Cybersecurity News [October 21, 2024]

This has been an exciting week in the cyber world, we present a scoop of recent cybersecurity highlights testing the robustness of the existential security landscape. The news coverage ranges from a data breach at Cisco affecting major services, unintentionally hiring practices of fraudulent employees leading to extortion, recent CISA and USPIS release of election mail security resources, the health sector facing a lawsuit for a major data breach, and finally, the comeback of Bumblebee and Latrodectus malware families. Let’s explore these pressing issues in detail below.

Cisco Disabled Public Access to DevHub on Account of Alleged Data Breach

Recently, Cisco took a measure or, more precisely, an event response to a cybersecurity incident, which has resulted in the disabling of public access to DevHub. To familiarize our readers with DevHub, it is an online environment that tends to provide customers or page visitors access to code and other developer resources for the easy workflow of tasks. There were some signs and alerts for intrusions allegedly exfiltrating data that may include “source code, API tokens, hardcoded credentials, certificates, and other secrets.”

Adding onto the seriousness of the situation, these information assets belonged to large companies such as Microsoft, Verizon, T-Mobile, AT&T, Barclays, and SAP, which constitutes a serious incident to be tackled. Cisco has rather characterized the data breach’s content as “a small number of files that were not authorized for public download,” They explicitly ruled out the possibility of Personally Identifiable Information (PII) and financial data being breached. However, some established cybersecurity experts warn that even a small fraction of stolen data could be leveraged in future attacks to target more sensitive systems.

Matter experts emphasize that even insignificant data that might have been breached could provide a potential and robust gateway for malicious actors to launch more sophisticated exploits. This data breach resembles the urgence for organizations, be it small, medium or large-scale firms, must maintain the security posture and conduct regular audits of their public-facing services.

Malicious Threat Actors Masquerading Themselves as Genuine IT Employees

A new form of cybersecurity attack technique is revolving around the marketplace. The concerned CTU’s (CounterThreat Unit) Analysts from Secureworks documented a report suggesting how the alleged malicious operatives pose as genuine IT contractors to commit fraud, data theft, and extortion by first convincing the authorities of their credibility. These cybersecurity actors reportedly utilize Astrill VPN IP addresses. They explicitly target intellectual property for identity theft and higher monetary gains.

A similar incident was documented wherein employees were hired genuinely by following normal procedures. During the initial assignments at work, malicious entities focused on collecting as much information as possible. After accumulating sources and understanding the storage systems, they eventually encrypted them intentionally. Soon, they were fired on account of underperformance, which led to demanding a ransom to decrypt the same coded information, leaving no room for other choices. Data theft followed by extortion does, however, follow the pattern of escalating tactics documented by an earlier FBI alert and falls in line with this case scenario.

This alarming trend suggests to its readers the importance of thorough background research during the hiring process. Hiring for remote positions should be more strict since we never know who the person is presenting themselves on either side of the digital screen. Organizations should always be extra cautious when asking employees for their home addresses and banking details. Any signs of unusual changes or mismatches in employees’ details suggest clear signs of malpractice that organizations should take note of. Conducting in-person interviews and adhering to established guidelines and security practices for hiring practices can help mitigate such extortion risks.

CISA and USPIS Collaboratively Release Election Mail Security Resources

Officially dated October 22, 2024, jointly, CISA (Cybersecurity and Infrastructure Agency) and USPIS (United States Postal Inspection Service) released an Election Mail Security Public Service Announcement (PSA). It was released along with a training video for election officials to make them aware of the maintenance of confidentiality, integrity, and availability (CIA, the three founding stones of cybersecurity) of important information assets. Also, the PSA emphasizes extensive efforts made by local and state officials to maintain the security and integrity of the election process.

In order to proactively protect and strengthen America’s election infrastructure against evolving sophisticated attacks, together, we are urged to follow best practices to avoid any form of data breach or money extortion activities. These practices include promptly retrieving mail from mailboxes, reporting any seemingly suspicious activities to the authorities as soon as possible, and not leaving our mail unattended for extended periods. Meanwhile, in order to get relevant information about ballots, voters are requested to utilize tracking tools for current and updated information. Also, they are advised to report to nearby local election offices for any delivery issues encountered during the process.

Great Expressions Dental Centers Settle Data Breach Lawsuit for $2.7 Million.

The breaking news suggests that in accordance with the 2023 data breach incident that compromised personal and protected health information, Great Expressions Dental Centers has agreed to a $2.7 million settlement. This cyberattack lasted from February 17 to 22, 2023, and provided illegitimate access to nearly 1.93 million customers’ sensitive data, including their names, birth dates, social security numbers, and health records. Adhering to the existing laws and regulations, notifications were sent to the affected individuals in May month of the same year.

This lawsuit settlement will create a specific fund for claims from affected individuals, allowing room for particular provisions for those whose social security numbers were compromised in the incident. Impacted individuals can claim for financial losses related to the breach until Novemeber 8, 2024. The final hearing is set for December 12, 2024 by the court.

Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies

Previously, a major law enforcement operation impacted and made successful efforts to eradicate two very prominent malware families, namely Bumblebee and Latrodectus. Well, the news suggests this malware has re-emerged from the surface, but his time with more sophisticated and advanced phishing strategies. Both malware types are custom-designed to steal personal data. They act as loaders and help easily download additional payloads onto the compromised systems after gaining illegitimate access to the target systems.

Recent campaigns have highlighted malspam tactics, exploiting hijacked email threads and impersonating big-whale entities like Microsoft Azure (making it look legitimate initially). The new attack tactics observed by Logpoint and Forcepoint involve DocuSign-themed emails that contain malicious links, which lead to the installation of Latrodectus malware in the systems. Security experts warn that these malware families particularly target sectors such as finance and automotive, as attacking these might lead to significant monetary profits.