Halliburton cyberattack costs, Israel credit card DDoS, Forth announces breach - Cybersecurity Headlines

Summary6 min read

Cyber Security Headlines - Episode Summary

Podcast Information:

Title: Cyber Security Headlines
Host/Author: CISO Series
Description: Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.
Episode: Halliburton Cyberattack Costs, Israel Credit Card DDoS, Forth Announces Breach
Release Date: November 12, 2024

1. Introduction

In the latest episode of Cyber Security Headlines, host Steve Prentice delves into significant cybersecurity incidents that have impacted major organizations and sectors. The episode, released on November 12, 2024, provides a comprehensive overview of the financial repercussions of cyberattacks, emerging threat techniques, and updates on security initiatives.

2. Halliburton Cyberattack Costs $35 Million

At the outset (00:00), Steve Prentice discusses the substantial financial impact of the recent cyberattack on Halliburton, one of the world's largest oilfield service providers. As of September, the attack has cost Halliburton $35 million, marking a significant escalation from the initial coverage in August.

Attack Attribution: The Ransom Hub group is suspected to be behind the attack, though this remains unconfirmed.
Nature of the Attack: According to Security Week, Halliburton has not officially labeled the incident as a ransomware attack. However, the "brief description suggests that it was." The company confirmed that hackers successfully accessed and exfiltrated information from its corporate systems.

"Halliburton has yet to confirm that the incident was a ransomware attack, but its brief description suggests that it was." — Security Week (00:00)

3. DDoS Attack Disrupts Credit Card Payments in Israel

Steve then shifts focus to a critical incident affecting Israel's financial transactions.

Impact: A Distributed Denial of Service (DDoS) attack targeted the payment gateway company HIP and its Credit Guard product, causing malfunctioning of credit card readers in supermarkets and gas stations across Israel.
Duration: The attack persisted for approximately one hour, disrupting the communication between card terminals and the broader payment system.
Data Security: Notably, the attack did not result in the theft of information or actual payments.
Attribution: An Iran-linked hacker group has claimed responsibility, although this claim remains unverified.
Historical Context: This incident is not isolated; Israel experienced a similar attack in October targeting the payment firm Sheba.

4. Forth Announces Data Breach Affecting 1.5 Million Individuals

The episode then covers a significant data breach announcement by Forth, a debt relief solutions provider.

Breach Details: The breach occurred on May 21, 2024, but Forth only confirmed on July 1 that attackers had accessed certain documents within their systems.
Affected Parties: Approximately 1.5 million individuals were notified, including both customers and non-customers. It's possible that some affected individuals were customers of Centrix Software, which utilizes the Set Forth platform for cloud-based customer relationship management.
Data Handling: The Set Forth platform enables businesses to collect and share consumer information with user consent, raising concerns about data privacy and security.

5. Secure by Design Initiative Reaches Six-Month Milestone

A significant portion of the episode (00:08) is dedicated to the progress of the Secure by Design initiative, celebrating its six-month mark.

Overview: Secure by Design involves a pledge from software companies to adopt seven key digital security practices within a year, aiming to bolster cybersecurity standards across the industry.
Participation: 248 companies have signed the pledge, with most demonstrating serious commitment to the initiative.
Impact: Jack Cable, a Senior Technical Advisor at CISA, highlighted the positive strides made, noting that "progress has exceeded expectations."
Examples of Progress:
- Microsoft: Expansion of Multi-Factor Authentication.
- Google: Enhancements in secure code development.
- Fortinet: Introduction of a mandate requiring customers to receive automatic security updates.
"I'm seeing significant impacts across the Internet ecosystem and that the progress has exceeded expectations." — Jack Cable (00:08)

6. Emerging Cyber Threats and Techniques

The episode transitions into discussing newly identified cyber threats and techniques employed by malicious actors.

a. Zip File Concatenation to Evade Detection

Researchers at Perception Point uncovered a novel technique where hackers use zip file concatenation to bypass security measures.

Methodology: Threat actors create multiple separate zip archives, embedding malicious payloads in one while keeping others benign. These files are then concatenated into a single file, maintaining multiple zip structures within one archive.
Impact: This method allows the malware to bypass traditional security solutions, as the combined file appears legitimate with multiple central directories and end markers.

"Hackers create two or more separate zip archives and then hide the malicious payload in one of them, leaving the rest with innocuous content." — Steve Prentice (00:15)

b. New Variant of Remcos RAT

Fortinet researchers have identified a new variant of the Remcos RAT (Remote Access Trojan).

Original Purpose: Remcos is a legitimate tool for remote administration but is exploited by threat actors for malicious activities.
Delivery Mechanism: Victims receive phishing messages containing malicious Excel documents disguised as purchase orders. These documents access a shortened URL redirecting to a specific IP address, initiating the attack.
Persistence: The malware ensures long-term access by adding a new autorun item to the system registry.

7. Software Updates and Features

a. Windows 11 Adds Share Button to Start Menu and Taskbar

In an effort to enhance user convenience, Microsoft is testing a new Share button in Windows 11.

Functionality: This button aims to provide additional ways for users to share files, links, or text via email, nearby devices, or installed apps like X (formerly Twitter).
Rationale: The feature addresses the need for streamlined sharing options, as not all individual apps currently support this functionality.
Status: Still in preview builds, with no confirmed release date announced.

"This new feature from Microsoft is still being tested in preview builds, and there is no confirmed deadline or date for the release of this feature." — Steve Prentice (00:25)

8. Data Privacy Concerns: Atlas Biomed Case

The episode highlights a concerning development involving Atlas Biomed, a London-based genetic insights company.

Incident: Atlas Biomed has suddenly ceased operations, leaving its customers in the dark about the status of their highly sensitive genetic data.
Manifestation:
- All activity on social media has halted.
- The company's London office remains empty.
Organizational Changes:
- BBC reports that four of its officers have resigned.
- Two remaining officers are listed at the same Moscow address as a Russian billionaire, a now-resigned director.
Implications: This abrupt disappearance raises significant data privacy and security concerns, especially given the sensitive nature of genetic information handled by Atlas Biomed.

"Atlas Biomed ceases operations without telling its customers what has happened to the highly sensitive data that customers shared with them." — Steve Prentice (00:35)

9. Secure by Design Initiative Reaches Six-Month Milestone

A detailed segment (00:08) covers the six-month progress of the Secure by Design initiative.

Commitment: Software companies pledged to adopt seven key digital security practices, enhancing overall cybersecurity posture.
Notable Contributions:
- Microsoft's expansion of Multi-Factor Authentication strengthens user authentication processes.
- Google's focus on secure code development improves software resilience against attacks.
- Fortinet's requirement for automatic security updates ensures that systems remain protected against evolving threats.

10. Conclusion: Prioritizing Data Privacy Before Incidents

Steve Prentice wraps up the episode by addressing a critical challenge for Chief Information Security Officers (CISOs): advocating for data privacy and security measures before incidents occur.

Business Perspective: Often, businesses are reluctant to invest in expensive infrastructure or procedural changes purely on principle.
CISO's Role: CISOs must effectively communicate the necessity of these changes, making a compelling case to the business to prioritize data privacy proactively.
Further Discussion: This theme is explored in-depth in the episode's segment titled "How to Prioritize Data Privacy Before an Incident", encouraging CISOs to initiate these crucial conversations.

"CISOs must make a case to the business to make these changes before an incident occurs. But how do you start that conversation?" — Steve Prentice (00:45)

Note: For listeners interested in exploring these topics further, the full stories and additional details are available at CISOseries.com.

Loading summary

Transcript1 lines

[00:00]
Steve Prentice
From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Tuesday, November 12, 2024. I'm Steve Prentice. Cyberattack cost Halliburton $35 million thus far following up on a story we covered in late August, the attack on Halliburton, one of the largest oilfield service providers in the world, cost the company $35 million by the end of September. Ransom Hub is believed to be the group behind the attack, but this has not been officially confirmed. According to Security Week, quote, Halliburton has yet to confirm that the incident was a ransomware attack, but its brief description suggests that it was. The company has confirmed that hackers accessed and exfiltrated information from its corporate Systems. End quote. DDoS attack makes credit card readers malfunction in Israel Customers at supermarkets and gas stations in Israel were apparently unable to make payments during a DDoS attack that had been launched against the payment gateway company HIP and its Credit Guard product. The attack, which lasted around an hour, disrupted communications between the card terminals and the wider payment system, but did not steal information or payments. An Iran linked hacker group has apparently claimed responsibility, but this has not been confirmed. This is far from the first time that this type of attack has happened in Israel. The most recent prior to this occurred in October at the payment firm Sheba. Debt relief firm 4th announces data breach for customers and non customers the breach, which occurred on May 21st of this year, now sees debt relief solutions provider fourth, its full legal name being set forth, notifying one and a half million individuals that their personal information has been compromised. Although the breach occurred in May, it was on July 1 that the company confirmed that attackers had accessed certain documents on its systems. The affected individuals might not even have been customers of Forth, but may be customers of Centrix software, which provides cloud based customer relationship management solutions. Powered by the Set Forth platform, this platform allows businesses to collect and share consumer information with their permission between its users. This, according to the company. Secure by Design hits six month mark Progress being made in an interview with recorded Future News, Jack Cable, a senior technical advisor at CISA who has been championing the effort, says 248 companies signed the pledge and most are taking it seriously. Secure by Design includes a pledge from these software companies to the Biden administration and to their own customers that they would adopt seven key digital security practices within a year. Cable says he is seeing significant impacts across the Internet ecosystem and that the progress has exceeded expectations. He has pointed out Microsoft's expansion of Multi Factor authentication, Google's improvements to secure code development, and Fortinet's new requirement that customers receive automatic security updates as examples. Thanks to today's episode's sponsor, Threat Locker do zero day exploits and supply chain attacks keep you up at night? Well, worry no more. You can harden your security with Threat Locker. Threat Locker helps you take a proactive default deny approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation are fully supported by their US based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit threatlocker.com that is T H R E A T L O C k e r threatlocker.com hackers using zip file concatenation to evade detection this new technique was identified by researchers at Perception Point, who discovered a concatenated zip archive hiding a Trojan while analyzing a phishing attack that lured users with a fake shipping notice. In essence, threat actors create two or more separate zip archives and then hide the malicious payload in one of them, leaving the rest with innocuous content. These separate files are concatenated into one by appending the binary data of one file to the other, merging their contents into one combined zip archive. Although the final result appears as one file, it contains multiple zip structures, each with its own central directory and end markers. This allows the malware to bypass security solutions. Windows 11 will add a Share button to the Start menu and the taskbar in case customers feel they do not already have enough ways to share files, links, or text. A button will soon be available to allow everyone to share via email to nearby devices or installed apps like X. This is largely because not all apps do have this option individually. This new feature from Microsoft is still being tested in preview builds, and there is no confirmed deadline or date for the release of this feature. New version of remcos RAD appears According to researchers at Fortinet. This is a new variant of the commercial malware known as remcos rat. Remcos itself is a legitimate remote administration tool that allows regular users to operate other computers remotely. Threat actors, however, use this technology for more malicious activities. In this new situation, victims receive a phishing message containing a malicious Excel document disguised as a purchase order. This Excel file accesses a shortened URL that redirects to a specific IP address, and the process unfolds from there. The malicious code maintains persistence by adding a new autorun item to the system. Registry DNA firm holding highly sensitive data vanishes without warning Atlas Biomed is a company based in London, England, and which offers to provide insights into people's genetic makeup and predisposition to certain illnesses. It, however, has recently ceased operations without telling its customers what has happened to the highly sensitive data that customers shared with them. All activity on social media has ceased and its London office stands empty. The company has links to Russia. It used to have eight official positions, although according to the BBC, four of its officers have resigned and two of the apparently remaining officers are listed at the same address in Moscow, as is a Russian billionaire who is described as a now resigned director. Talk about data privacy concerns and many CISOs will be sympathetic. Businesses won't make expensive changes to infrastructure or procedures just on principle. CISOs must make a case to the business to make these changes before an incident occurs. But how do you start that conversation? That's one of the segments we go deep on in this week's episode of the CISO series podcast. Look for Wait. We can prioritize data privacy before an incident in your favorite podcast app. I'm Steve Prentice reporting for the CISO series. Cybersecurity headlines are available every weekday. Head to csoseries.com for the full stories behind the headlines.