General Dynamics phished, Japan Airlines attack, Addiction Centers breach

Fri Dec 27 2024

General Dynamics says employees targeted in phishing attack Japan Airlines systems are back to normal after cyberattack American Addiction Centers suffers data breach Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply...

Summary

Cyber Security Headlines – December 27, 2024

Hosted by CISO Series

The latest episode of Cyber Security Headlines by CISO Series, hosted by Steve Prentiss, delves into significant cybersecurity incidents that have unfolded over the past few weeks. This detailed summary captures all key discussions, insights, and conclusions presented in the episode, providing a comprehensive overview for those who haven't listened.

1. General Dynamics Phishing Attack

At the outset of the episode, Steve Prentiss introduces a critical incident involving General Dynamics, a prominent aerospace and defense company.

Incident Overview:
- Date Discovered: October 10, 2024
- Method: A sophisticated phishing campaign disguised as a fraudulent advertising campaign.
- Impact: Dozens of employee accounts were compromised, specifically targeting employee benefits.
Details:
- The phishing site tricked employees into entering their usernames and passwords, resulting in unauthorized access.
- A total of 37 employees were affected, with attackers gaining access to Personally Identifiable Information (PII) and, in some cases, government ID numbers.
- Security Week reported that attackers went a step further by altering bank account information, escalating the severity of the breach.
Official Statement:
- Steve Prentiss notes, "General Dynamics told the impacted individuals that the threat actors accessed their Fidelity Net Benefits accounts via the Employee Self Service portal using compromised credentials obtained through the phishing website" (00:59).
Response:
- A copy of the breach notification was submitted to the Main Attorney General's office, ensuring regulatory compliance and transparency.

2. Japan Airlines Cyber Attack

The episode transitions to an incident affecting Japan Airlines, highlighting vulnerabilities in the aviation sector.

Incident Overview:
- Date of Attack: Thursday, December 26, 2024, at 7:24 am local time.
- Impact: The attack led to the shutdown of a critical router, causing system malfunctions and suspending both international and domestic ticket sales for flights departing on that day.
Recovery:
- By the following day, Steve Prentiss reports, "Japan Airlines systems are back to normal" (01:19), restoring regular operations without any leakage of customer data or registered damage.
Context:
- This attack follows a similar outage experienced by American Airlines on Christmas Eve, where technological issues with the flight operating system (FOS)—attributed to a vendor's technology—caused disruptions. Steve Prentiss emphasizes the recurring challenges in maintaining robust cybersecurity measures within major airlines (01:47).

3. American Addiction Centers Data Breach

A significant data breach at American Addiction Centers is discussed, shedding light on vulnerabilities within healthcare networks.

Incident Overview:
- Breach Date: September 2024
- Impacted Individuals: Over 400,000 people across multiple states including California, Florida, Texas, Nevada, Massachusetts, Mississippi, New Jersey, and Rhode Island.
- Stolen Data: Included Social Security numbers and health insurance information.
Perpetrators:
- The breach is attributed to the Raisida Ransomware Gang, known for targeting various healthcare networks in the U.S.
- Steve Prentiss mentions, "Raisida Ransomware Gang made a claim on November 16th regarding this attack" (02:45).
Organization's Response:
- American Addiction Centers began mailing breach notifications just before the Christmas break, aiming to inform and protect the affected individuals promptly.
- Representatives declined to confirm the involvement of ransomware, indicating a cautious approach in public communications.

4. Windows 11 Security Update Issue

The episode highlights a significant security update problem affecting Windows 11 installations.

Issue Details:
- Affected Versions: Windows 11 versions 24H2, particularly those with security updates released between October 8 and November 12, 2024.
- Problem: Copies of these versions may prevent the operating system from accepting any further security updates, posing a critical vulnerability.
Microsoft's Response:
- Steve Prentiss reports that Microsoft is "working on a fix" but recommends that users performing Windows 11 24H2 installations utilize the December 2024 security update released on December 10 to mitigate the issue (04:04).

5. Surge in Infostealer Malware

A notable increase in infostealer malware activity is examined, with a focus on Luma Infostealer.

Key Insights:
- According to ESET's H2 2024 threat report, Luma Infostealer has surged by nearly 400%, becoming the top threat.
- Detects a 369% increase in telemetry data in the second half of 2024, targeting two-factor authentication, browser extensions, user credentials, and cryptocurrency wallets.
Industry Impact:
- Steve Prentiss emphasizes, "Luma Infostealer is increasingly being sought after by cybercriminals" (04:16).
- The report also highlights Xloader (Formbook), a constantly evolving Malware-as-a-Service (MaaS) platform in high demand.
- The demise of Redline Stealer, taken down by international authorities in October, is unlikely to halt similar threats but will instead lead to the rise of alternative infostealers (05:06).
Resource Availability:
- A link to the ESET report is provided in the show notes for listeners seeking detailed information (05:10).

6. Adobe Cold Fusion Vulnerability

A critical vulnerability in Adobe Cold Fusion is addressed, highlighting the importance of timely security updates.

Vulnerability Details:
- CVE Number: Assigned to the flaw caused by a path traversal weakness, impacting Adobe Cold Fusion versions 2023 and 2021.
- Risk: Allows attackers to read arbitrary files on vulnerable servers, elevating it to a priority one severity rating due to the high risk of exploitation.
Exploitation:
- Proof of Concept (PoC) exploit code has already been reported, increasing the urgency for remediation.
Adobe's Response:
- Adobe issued out-of-band security updates on December 23, 2024, urging administrators to install the emergency patches immediately to safeguard against potential exploits (05:22).

7. TechCrunch on Poorly Handled Data Breaches

The episode reviews insights from TechCrunch on the most poorly handled data breaches of 2024, offering lessons for the cybersecurity community.

Highlighted Breaches:
- 23andMe: Criticized for attributing the breach to customers' insufficient account security.
- Change Healthcare: Faced backlash for delaying confirmation of a breach impacting most of America's health data due to a compromised basic user account lacking multi-factor authentication (MFA).
- Snowflake: Experienced a breach exacerbated by the absence of mandatory MFA, leading to significant data exposure.
- City of Columbus, Ohio: Notably sued a security researcher for responsibly reporting a ransomware attack, raising concerns about ethical disclosures.
Additional Cases:
- Steve Prentiss mentions that these stories, along with others like the Salt Typhoon attack, are detailed in the episode's show notes (06:11).

Upcoming Events and Additional Resources

The episode concludes with announcements for upcoming events and resources:

Week in Review Show:
- Scheduled for later the same day at 3:30 pm Eastern.
- Guest: Adam Glick, CISO at PSG Equity, will provide expert commentary on the week's cybersecurity news.
- Participation: Listeners are encouraged to join and engage via the YouTube live channel by registering through the events page at cisoseries.com (07:04).
Access to Full Stories:
- Listeners can visit cisoseries.com for comprehensive coverage and in-depth analysis behind each headline.

Notable Quotes:

"General Dynamics told the impacted individuals that the threat actors accessed their Fidelity Net Benefits accounts via the Employee Self Service portal using compromised credentials obtained through the phishing website." — Steve Prentiss [00:59]
"Japan Airlines systems are back to normal following a cyber attack that delayed some international and domestic flights." — Steve Prentiss [01:19]
"Raisida Ransomware Gang made a claim on November 16th regarding this attack." — Steve Prentiss [02:45]
"Luma Infostealer is increasingly being sought after by cybercriminals." — Steve Prentiss [04:36]
"Microsoft is working on a fix, but recommends that people performing Windows 11 24H2 installations use the December 2024 security update to avoid such problems." — Steve Prentiss [04:02]

For more detailed information and access to all stories discussed, visit cisoseries.com.

Summary

Cyber Security Headlines – December 27, 2024

Hosted by CISO Series

1. General Dynamics Phishing Attack

At the outset of the episode, Steve Prentiss introduces a critical incident involving General Dynamics, a prominent aerospace and defense company.

Incident Overview:
- Date Discovered: October 10, 2024
- Method: A sophisticated phishing campaign disguised as a fraudulent advertising campaign.
- Impact: Dozens of employee accounts were compromised, specifically targeting employee benefits.
Details:
- The phishing site tricked employees into entering their usernames and passwords, resulting in unauthorized access.
- A total of 37 employees were affected, with attackers gaining access to Personally Identifiable Information (PII) and, in some cases, government ID numbers.
- Security Week reported that attackers went a step further by altering bank account information, escalating the severity of the breach.
Official Statement:
- Steve Prentiss notes, "General Dynamics told the impacted individuals that the threat actors accessed their Fidelity Net Benefits accounts via the Employee Self Service portal using compromised credentials obtained through the phishing website" (00:59).
Response:
- A copy of the breach notification was submitted to the Main Attorney General's office, ensuring regulatory compliance and transparency.

2. Japan Airlines Cyber Attack

The episode transitions to an incident affecting Japan Airlines, highlighting vulnerabilities in the aviation sector.

Incident Overview:
- Date of Attack: Thursday, December 26, 2024, at 7:24 am local time.
- Impact: The attack led to the shutdown of a critical router, causing system malfunctions and suspending both international and domestic ticket sales for flights departing on that day.
Recovery:
- By the following day, Steve Prentiss reports, "Japan Airlines systems are back to normal" (01:19), restoring regular operations without any leakage of customer data or registered damage.
Context:
- This attack follows a similar outage experienced by American Airlines on Christmas Eve, where technological issues with the flight operating system (FOS)—attributed to a vendor's technology—caused disruptions. Steve Prentiss emphasizes the recurring challenges in maintaining robust cybersecurity measures within major airlines (01:47).

3. American Addiction Centers Data Breach

A significant data breach at American Addiction Centers is discussed, shedding light on vulnerabilities within healthcare networks.

Incident Overview:
- Breach Date: September 2024
- Impacted Individuals: Over 400,000 people across multiple states including California, Florida, Texas, Nevada, Massachusetts, Mississippi, New Jersey, and Rhode Island.
- Stolen Data: Included Social Security numbers and health insurance information.
Perpetrators:
- The breach is attributed to the Raisida Ransomware Gang, known for targeting various healthcare networks in the U.S.
- Steve Prentiss mentions, "Raisida Ransomware Gang made a claim on November 16th regarding this attack" (02:45).
Organization's Response:
- American Addiction Centers began mailing breach notifications just before the Christmas break, aiming to inform and protect the affected individuals promptly.
- Representatives declined to confirm the involvement of ransomware, indicating a cautious approach in public communications.

4. Windows 11 Security Update Issue

The episode highlights a significant security update problem affecting Windows 11 installations.

Issue Details:
- Affected Versions: Windows 11 versions 24H2, particularly those with security updates released between October 8 and November 12, 2024.
- Problem: Copies of these versions may prevent the operating system from accepting any further security updates, posing a critical vulnerability.
Microsoft's Response:
- Steve Prentiss reports that Microsoft is "working on a fix" but recommends that users performing Windows 11 24H2 installations utilize the December 2024 security update released on December 10 to mitigate the issue (04:04).

5. Surge in Infostealer Malware

A notable increase in infostealer malware activity is examined, with a focus on Luma Infostealer.

Key Insights:
- According to ESET's H2 2024 threat report, Luma Infostealer has surged by nearly 400%, becoming the top threat.
- Detects a 369% increase in telemetry data in the second half of 2024, targeting two-factor authentication, browser extensions, user credentials, and cryptocurrency wallets.
Industry Impact:
- Steve Prentiss emphasizes, "Luma Infostealer is increasingly being sought after by cybercriminals" (04:16).
- The report also highlights Xloader (Formbook), a constantly evolving Malware-as-a-Service (MaaS) platform in high demand.
- The demise of Redline Stealer, taken down by international authorities in October, is unlikely to halt similar threats but will instead lead to the rise of alternative infostealers (05:06).
Resource Availability:
- A link to the ESET report is provided in the show notes for listeners seeking detailed information (05:10).

6. Adobe Cold Fusion Vulnerability

A critical vulnerability in Adobe Cold Fusion is addressed, highlighting the importance of timely security updates.

Vulnerability Details:
- CVE Number: Assigned to the flaw caused by a path traversal weakness, impacting Adobe Cold Fusion versions 2023 and 2021.
- Risk: Allows attackers to read arbitrary files on vulnerable servers, elevating it to a priority one severity rating due to the high risk of exploitation.
Exploitation:
- Proof of Concept (PoC) exploit code has already been reported, increasing the urgency for remediation.
Adobe's Response:
- Adobe issued out-of-band security updates on December 23, 2024, urging administrators to install the emergency patches immediately to safeguard against potential exploits (05:22).

7. TechCrunch on Poorly Handled Data Breaches

The episode reviews insights from TechCrunch on the most poorly handled data breaches of 2024, offering lessons for the cybersecurity community.

Highlighted Breaches:
- 23andMe: Criticized for attributing the breach to customers' insufficient account security.
- Change Healthcare: Faced backlash for delaying confirmation of a breach impacting most of America's health data due to a compromised basic user account lacking multi-factor authentication (MFA).
- Snowflake: Experienced a breach exacerbated by the absence of mandatory MFA, leading to significant data exposure.
- City of Columbus, Ohio: Notably sued a security researcher for responsibly reporting a ransomware attack, raising concerns about ethical disclosures.
Additional Cases:
- Steve Prentiss mentions that these stories, along with others like the Salt Typhoon attack, are detailed in the episode's show notes (06:11).

Upcoming Events and Additional Resources

The episode concludes with announcements for upcoming events and resources:

Week in Review Show:
- Scheduled for later the same day at 3:30 pm Eastern.
- Guest: Adam Glick, CISO at PSG Equity, will provide expert commentary on the week's cybersecurity news.
- Participation: Listeners are encouraged to join and engage via the YouTube live channel by registering through the events page at cisoseries.com (07:04).
Access to Full Stories:
- Listeners can visit cisoseries.com for comprehensive coverage and in-depth analysis behind each headline.

Notable Quotes:

"General Dynamics told the impacted individuals that the threat actors accessed their Fidelity Net Benefits accounts via the Employee Self Service portal using compromised credentials obtained through the phishing website." — Steve Prentiss [00:59]
"Japan Airlines systems are back to normal following a cyber attack that delayed some international and domestic flights." — Steve Prentiss [01:19]
"Raisida Ransomware Gang made a claim on November 16th regarding this attack." — Steve Prentiss [02:45]
"Luma Infostealer is increasingly being sought after by cybercriminals." — Steve Prentiss [04:36]
"Microsoft is working on a fix, but recommends that people performing Windows 11 24H2 installations use the December 2024 security update to avoid such problems." — Steve Prentiss [04:02]

For more detailed information and access to all stories discussed, visit cisoseries.com.

wavePod

General Dynamics phished, Japan Airlines attack, Addiction Centers breach

Powered by Wave AI

Summary

1. General Dynamics Phishing Attack

2. Japan Airlines Cyber Attack

3. American Addiction Centers Data Breach

4. Windows 11 Security Update Issue

5. Surge in Infostealer Malware

6. Adobe Cold Fusion Vulnerability

7. TechCrunch on Poorly Handled Data Breaches

Upcoming Events and Additional Resources

Summary

1. General Dynamics Phishing Attack

2. Japan Airlines Cyber Attack

3. American Addiction Centers Data Breach

4. Windows 11 Security Update Issue

5. Surge in Infostealer Malware

6. Adobe Cold Fusion Vulnerability

7. TechCrunch on Poorly Handled Data Breaches

Upcoming Events and Additional Resources