Cisco data leak, Microsoft domain transition, stories of the year - Cybersecurity Headlines

Summary6 min read

Cyber Security Headlines – Episode Summary

Hosted by Lauren Verno from the CISO Series, the episode titled "Cisco Data Leak, Microsoft Domain Transition, Stories of the Year" released on December 31, 2024, delivers a comprehensive review of significant cybersecurity events and insights from the past year. This detailed summary encapsulates the key discussions, notable quotes, and overarching conclusions drawn by the hosts.

1. Cisco Confirms Data Leak

Overview: Lauren Verno kicks off the episode by addressing the confirmed data leak at Cisco. Initially speculated, Cisco has verified a second data leak encompassing 4 gigabytes of information from its public-facing Dev Hub environment, a platform that provides resources for developers.

Details:

Source of Leak: The hacker intel broker, notorious for targeting prominent organizations such as AMD and T-Mobile, claims to have acquired sensitive data. This includes source code, credentials, and confidential documents.
Cisco’s Response: Cisco maintains that there was no breach of its internal systems or enterprise environments. As a precautionary measure, public access to the Dev Hub has been disabled. "Cisco asserts no breach of its internal systems or enterprise environments occurred while public access to the Dev Hub has been disabled as a precaution," Lauren reported at [00:00].
Ongoing Investigation: The company is actively investigating the incident and has yet to find evidence indicating that sensitive personal or financial information was compromised.

Conclusion: This incident underscores the vulnerabilities associated with public-facing development environments and the importance of stringent security measures even when internal systems remain secure.

2. Microsoft Announces Urgent .NET Domain Transition

Overview: Microsoft has issued an urgent directive for .NET developers to transition from Azure Edge.net domains to build.net.Microsoft.com. This shift is necessitated by the bankruptcy of CDN provider Edgeo, leading to the imminent retirement of the former domains.

Implications:

Transition Timing: The change is slated to occur over the holiday season, posing potential disruptions to projects utilizing .NET installers, GitHub Actions, or Azure DevOps pipelines connected to the old domains.
Technical Adjustments: Developers will need to update firewall settings to accommodate the new CDN. Failure to do so may result in significant project interruptions.

Quote: Lauren emphasized the urgency, stating, "Microsoft is urging .NET developers to update their applications and pipelines to replace references to Azure Edge.net domains with build.net.Microsoft.com as the former will soon be retired due to CDN provider Edgeo's bankruptcy."

Conclusion: This abrupt transition highlights the dependency of large-scale software projects on third-party services and the need for contingency planning to mitigate unforeseen disruptions.

3. LOC 2024 Security Lessons

Overview: Reflecting on the past year, Lauren shares key security lessons derived from the 2024 threat landscape, as reported by Dark Reading.

Key Lessons:

Rise of Zero-Day Exploits: Increasing utilization of previously unknown vulnerabilities by threat actors.
Nation-State Alliances with Cybercriminals: Collaborative efforts between state actors and cybercriminal groups enhance the sophistication of attacks.
Attacks on Critical Infrastructure: Heightened assaults on essential services expose systemic vulnerabilities in both Information Technology (IT) and Operational Technology (OT) systems.

High-Profile Incidents:

Ransomware disruptions affecting supply chains.
Espionage activities targeting telecom networks.

Strategic Responses:

Strengthening defensive mechanisms.
Proactive patch management protocols.
Enhanced cross-sector collaboration to address multifaceted threats.

Quote: Lauren summarized, "The threat landscape in 2024 underscored the rise of zero day exploits, nation state alliances with cybercriminals and increasing attacks on critical infrastructure, exposing sustainability, systemic vulnerabilities in both IT and OT systems."

Conclusion: These lessons emphasize the necessity for a robust, adaptive cybersecurity framework capable of anticipating and mitigating evolving threats through coordinated efforts and strategic foresight.

Year-End Stories and Insights

As the episode progresses towards its conclusion, the team shares standout stories that made a significant impact throughout the year.

A. Persistent Small-Scale Ransomware Attacks

Presenter: Lauren Verno
Timestamp: [05:42]

Overview: Lauren highlights the relentless wave of weekly ransomware attacks targeting local governments, regional infrastructure, and under-resourced industries. These attacks, although less publicized due to the absence of high-profile targets, have profound impacts on daily operations.

Examples:

Pittsburgh Regional Transit
Costa Rica State Energy
Texas County
Ohio's capital city
Jacksonville Beach City Hall

Quote: Lauren expressed concern, stating, "There has not been one week this year where I wasn't able to find a ransomware attack impacting a relatively small agency, county or business."

Conclusion: The trend signifies a strategic shift by cybercriminals towards exploiting less fortified targets, urging these entities to bolster their cybersecurity defenses despite limited resources.

B. $25 Million Hong Kong Deepfake Heist

Presenter: Steve Prentiss
Timestamp: [06:50]

Overview: Steve recounts one of the most sophisticated deepfake attacks of the year—a $25 million heist targeting Arup, a British design and engineering firm renowned for constructing the Sydney Opera House.

Incident Details:

An Arup employee in Hong Kong was deceived into joining a video call with individuals they believed to be the Chief Financial Officer and other staff members.
These individuals were, in reality, deepfake recreations designed to mimic authentic personnel.
The deception led to the unwitting transfer of $25 million to cybercriminals.

Lessons Learned:

Employee Vigilance: The employee initially resisted the transfer, adhering to cybersecurity training protocols.
Threat Actor Creativity: The sophistication of deepfakes presents new challenges in verifying the authenticity of communications.

Quote: Steve highlighted, "This story is a salute to employees doing what they are trained to do in terms of staying vigilant, while at the same time serves as a reminder of the endless creativity of threat actors."

Conclusion: The incident underscores the escalating sophistication of cyber threats and the critical role of continuous employee training and awareness in preventing financial losses.

C. NIST's National Vulnerability Database (NVD) Backlog Issues

Presenter: Rich Stroffolino
Timestamp: [07:58]

Overview: Rich delves into the ongoing challenges faced by NIST's National Vulnerability Database (NVD) in managing and enriching vulnerability data.

Key Points:

Backlog Problem: Since April, NIST has struggled with significant backlogs in the NVD, hindering the timely updating and enrichment of vulnerability information.
Efforts to Mitigate: In May, NIST hired a contractor aiming to clear the backlog by the end of September. However, by November, significant progress was made but the backlog persisted.
Future Concerns: The long-term sustainability of NVD as the definitive source for vulnerability data is in question. Potential solutions, such as forming a consortium with industry and government stakeholders, remain unmaterialized.

Quote: Rich pondered, "Will the idea of the NVD as a single source of vulnerability truth become just a quaint anachronism? It's my big unresolved question going into the new year."

Conclusion: The situation raises concerns about the capacity of critical vulnerability databases to keep pace with the growing complexity and volume of security threats, potentially necessitating structural reforms and collaborative approaches.

D. Gender Representation in Cybersecurity

Presenter: Sean Kelly
Timestamp: [09:04]

Overview: Sean brings attention to the persistent underrepresentation of women in cybersecurity roles, a topic he finds particularly resonant.

Statistics:

Only 22.6% of tech roles are occupied by women.
This figure has increased by merely 0.5% over the past 17 years.

Highlight:
A documentary titled "Do We Belong Here?" premiered by Cyber Florida showcases the perseverance and successes of women and other underrepresented groups in the cyber sector.

Call to Action: Sean urges listeners to watch and share the documentary and engage with organizations like WIS and Cyversity to support diversity initiatives.

Quote: Sean passionately stated, "It's a call to action for all of us. So regardless of your sex, race or background, please watch the documentary and share it with others."

Conclusion: Addressing diversity is essential not only for equity but also for fostering a broader range of perspectives and solutions within the cybersecurity field.

Final Remarks

Lauren concludes the episode by extending gratitude to listeners and encouraging them to share the podcast in the upcoming year. She wishes everyone a happy and safe 2025, reaffirming the CISO Series' commitment to delivering insightful cybersecurity news daily.

Quote: Lauren warmly remarked, "From the whole team over here at the CISO Series, here's wishing you and yours a Happy and safe 2025."

Overall Summary: This episode of Cyber Security Headlines provides an in-depth examination of critical cybersecurity incidents, emerging threats, and pivotal industry trends from 2024. Through detailed analyses and expert insights, the CISO Series equips listeners with the knowledge to navigate the evolving cybersecurity landscape effectively. The inclusion of personal stories and calls to action further emphasizes the collaborative effort required to enhance security measures and foster an inclusive industry.

Loading summary

Transcript5 lines

[00:00]
Lauren Verno
From the CISO series. It's Cybersecurity Headlines these are the cybersecurity headlines for Tuesday, December 31, 2024. I'm Lauren Verno. Cisco Confirms Data Leak It's a data leak that's been speculated, but now Cisco has confirmed the authenticity of a second 4 gigabyte data leak linked to its public facing Dev Hub environment, which provides developer resources. The hacker intel broker known for targeting major organizations like AMD and T Mobile claims to have obtained sensitive data, including source code, credentials and confidential documents, though Cisco asserts no breach of its internal systems or enterprise environments occurred while public access to the Dev Hub has been disabled as a precaution. Cisco says they will continue to investigate the incident and has not identified any evidence of compromised sensitive personal or financial information. Microsoft Announces Urgent NET Domain Transition Microsoft is urging. NET developers to update their applications and pipelines to replace references to Azure Edge.net domains with build.net.Microsoft.com as the former will soon be retired due to CDN provider edgeo's bankruptcy. This sudden transition, happening over the holidays, could disrupt projects using. Net installers, GitHub Actions or Azure DevOps pipelines tied to the old domains with firewall updates also necessary for the new CDN. LOC 2024 Security Lessons According to Dark Reading, there are some key lessons to take away as we head into the new year. The threat landscape in 2024 underscored the rise of zero day exploits, nation state alliances with cybercriminals and increasing attacks on critical infrastructure, exposing sustainability, systemic vulnerabilities in both IT and OT systems. High profile incidents including ransomware disruptions to supply chains and espionage targeting telecom networks highlighted the need for stronger defenses, proactive patch management and cross sector collaboration. Thanks to Today's episode sponsor ThreatLocker. Do zero day exploits and supply chain attacks keep you up at night? Worry no more. You can harden your security with ThreatLocker. ThreatLocker helps you take a proactive default deny approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation are fully supported by their US based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit threatlocker.com that's T H R E A T L O C K E R Can you believe it? We've made it to the last Headlines episode of the year, so we figured we'd change things up a bit with these final few stories. Throughout the year, cybersecurity Headline reporters Sean Kelly, Rich Stroffolino, Steve Prentiss and myself scour the top stories of the day to pass along to you. And as we wrap up this year, the team wanted to share a story that stood out to them, whether for notability, the sheer impact of the story, or one that simply stuck out. I'll go first with the persistent threat of small scale ransomware attacks. My story, or rather stories of the year, is the weekly ransomware attacks on local governments, regional infrastructure or other under resourced industries that impact our daily lives. Hear me out. There has not been one week this year where I wasn't able to find a ransomware attack impacting a relatively small agency, county or business. But because they don't carry the massive change healthcare ransom of $22 million or involve a well known branded name, these attacks are often noted and then quickly overshadowed by a new small town experiencing a similar attack the following week. Pittsburgh Regional Transit, Costa Rica State Energy, Texas County, Ohio's capital city, even my own local beach town, Jacksonville Beach City hall was a victim. I could go on and on and those were just attacks we've reported on in the last two months of the year. While I can only assume why these criminals are going after these lesser known targets, there was a definite trend this year that I'm fairly confident in saying will likely not change in the new year. Steve, you're up.
[05:43]
Steve Prentiss
I'm Steve Prentiss. My story of the year has to be the $25 million Hong Kong deepfake heist which occurred in February. It was at the time, and probably remains one of the most sophisticated deepfake attacks to date involving Arup, the British design and engineering company famous for building the Sydney Opera House. One of its Hong Kong based employees was duped into attending a video call with people he believed were the chief financial Officer and other members of the staff, but all of whom turned out to be deepfake recreations. This resulted in the transfer of $25 million to the cybercriminals. The story was not only intriguing in its audacity, but also reflected that the employee did everything right, refusing the initial request to transfer the money and therefore practicing proactive cybersecurity. It was only after the criminals upped the stakes by creating the deepfake video meeting that the employee was convinced of the validity of the transaction. So this story to me is a salute to employees doing what they are trained to do in terms of staying vigilant, while at the same time serves as a reminder of the endless creativity of threat actors.
[06:51]
Rich Stroffolino
Rich Stroffelino here. The story I keep thinking about this year is the status of NIST's National Vulnerability Database, or NVD. NIST has had a problem enriching items added to NVD and came out in April saying that there was a significant backlog to kind of solve this. In May, it announced that it hired a contractor to help clear up that backlog, and they were hoping to have it done by the end of September, their fiscal year. That estimate proved optimistic, with NIST admitting in November that it made significant progress but was still working on it. But what's got me thinking is what long term solutions NIST will use to keep this backlog from just going out of control as vulnerability inevitably keep growing and becoming more complex. NIST threw out ideas of starting a consortium with industry and government stakeholders, but we've heard nothing about that for months, basically since they said they were thinking about it in May. And so what I'm thinking about is will the idea of the NVD as a single source of vulnerability truth become just a quaint anachronism? It's my big unresolved question going into the new year.
[07:59]
Sean Kelly
Hi, I'm Sean Kelly. The team and I have covered a number of game changing stories this year, including the crowdstrike and change health incidents, the evolving threat of AI and deepfakes, and cyber crime ring takedowns. But the story that resonated with me most this year was one that I reported in our September 16th cybersecurity headlines. A report from the Wall Street Journal highlighted that just 22.6% of tech roles are occupied by women, and that number had only risen about a half a percent in 17 years. Coincidentally, a new documentary called Do We Belong Here? Had been premiered by Cyber Florida at the University of Southern Florida. The documentary highlights stories of perseverance and success shared by women and other underrepresented groups in cyber. The documentary is inspiring and extremely well done, but it's not just a feel good story, it's a call to action for all of us. So regardless of your sex, race or background, please watch the documentary and share it with others. You can also get involved with organizations like WIS and Cyversity who are always looking for allies and partners to help fulfill their mission. Thanks to our listeners for their support and wishing you all a happy New Year.
[09:05]
Lauren Verno
And from all of us here at the CISO Series, thank you for listening to CyberSecurity headlines in 2024. Now, if you're a regular listener, tell a friend to check it out in the new year. From the whole team over here at the CISO Series, here's wishing you and yours a Happy and safe 2025. For the last time of the year, I'm Lauren Verno reporting for the CISO series. Cybersecurity headlines are available every weekday. Head to CISoseries.com for the full stories behind the headline.