Halliburton cyberattack costs, Israel credit card DDoS, Forth announces breach

Tue Nov 12 2024

Cyberattack cost Halliburton $35 million thus far DDoS attack makes credit card readers malfunction in Israel Debt relief firm Forth announces data breach for customers and non-customers Thanks to today's episode sponsor, ThreatLocker Do zero-day...

Summary

Cyber Security Headlines - Episode Summary

Podcast Information:

Title: Cyber Security Headlines
Host/Author: CISO Series
Description: Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.
Episode: Halliburton Cyberattack Costs, Israel Credit Card DDoS, Forth Announces Breach
Release Date: November 12, 2024

1. Introduction

In the latest episode of Cyber Security Headlines, host Steve Prentice delves into significant cybersecurity incidents that have impacted major organizations and sectors. The episode, released on November 12, 2024, provides a comprehensive overview of the financial repercussions of cyberattacks, emerging threat techniques, and updates on security initiatives.

2. Halliburton Cyberattack Costs $35 Million

At the outset (00:00), Steve Prentice discusses the substantial financial impact of the recent cyberattack on Halliburton, one of the world's largest oilfield service providers. As of September, the attack has cost Halliburton $35 million, marking a significant escalation from the initial coverage in August.

Attack Attribution: The Ransom Hub group is suspected to be behind the attack, though this remains unconfirmed.
Nature of the Attack: According to Security Week, Halliburton has not officially labeled the incident as a ransomware attack. However, the "brief description suggests that it was." The company confirmed that hackers successfully accessed and exfiltrated information from its corporate systems.

"Halliburton has yet to confirm that the incident was a ransomware attack, but its brief description suggests that it was." — Security Week (00:00)

3. DDoS Attack Disrupts Credit Card Payments in Israel

Steve then shifts focus to a critical incident affecting Israel's financial transactions.

Impact: A Distributed Denial of Service (DDoS) attack targeted the payment gateway company HIP and its Credit Guard product, causing malfunctioning of credit card readers in supermarkets and gas stations across Israel.
Duration: The attack persisted for approximately one hour, disrupting the communication between card terminals and the broader payment system.
Data Security: Notably, the attack did not result in the theft of information or actual payments.
Attribution: An Iran-linked hacker group has claimed responsibility, although this claim remains unverified.
Historical Context: This incident is not isolated; Israel experienced a similar attack in October targeting the payment firm Sheba.

4. Forth Announces Data Breach Affecting 1.5 Million Individuals

The episode then covers a significant data breach announcement by Forth, a debt relief solutions provider.

Breach Details: The breach occurred on May 21, 2024, but Forth only confirmed on July 1 that attackers had accessed certain documents within their systems.
Affected Parties: Approximately 1.5 million individuals were notified, including both customers and non-customers. It's possible that some affected individuals were customers of Centrix Software, which utilizes the Set Forth platform for cloud-based customer relationship management.
Data Handling: The Set Forth platform enables businesses to collect and share consumer information with user consent, raising concerns about data privacy and security.

5. Secure by Design Initiative Reaches Six-Month Milestone

A significant portion of the episode (00:08) is dedicated to the progress of the Secure by Design initiative, celebrating its six-month mark.

Overview: Secure by Design involves a pledge from software companies to adopt seven key digital security practices within a year, aiming to bolster cybersecurity standards across the industry.
Participation: 248 companies have signed the pledge, with most demonstrating serious commitment to the initiative.
Impact: Jack Cable, a Senior Technical Advisor at CISA, highlighted the positive strides made, noting that "progress has exceeded expectations."
Examples of Progress:
- Microsoft: Expansion of Multi-Factor Authentication.
- Google: Enhancements in secure code development.
- Fortinet: Introduction of a mandate requiring customers to receive automatic security updates.
"I'm seeing significant impacts across the Internet ecosystem and that the progress has exceeded expectations." — Jack Cable (00:08)

6. Emerging Cyber Threats and Techniques

The episode transitions into discussing newly identified cyber threats and techniques employed by malicious actors.

a. Zip File Concatenation to Evade Detection

Researchers at Perception Point uncovered a novel technique where hackers use zip file concatenation to bypass security measures.

Methodology: Threat actors create multiple separate zip archives, embedding malicious payloads in one while keeping others benign. These files are then concatenated into a single file, maintaining multiple zip structures within one archive.
Impact: This method allows the malware to bypass traditional security solutions, as the combined file appears legitimate with multiple central directories and end markers.

"Hackers create two or more separate zip archives and then hide the malicious payload in one of them, leaving the rest with innocuous content." — Steve Prentice (00:15)

b. New Variant of Remcos RAT

Fortinet researchers have identified a new variant of the Remcos RAT (Remote Access Trojan).

Original Purpose: Remcos is a legitimate tool for remote administration but is exploited by threat actors for malicious activities.
Delivery Mechanism: Victims receive phishing messages containing malicious Excel documents disguised as purchase orders. These documents access a shortened URL redirecting to a specific IP address, initiating the attack.
Persistence: The malware ensures long-term access by adding a new autorun item to the system registry.

7. Software Updates and Features

a. Windows 11 Adds Share Button to Start Menu and Taskbar

In an effort to enhance user convenience, Microsoft is testing a new Share button in Windows 11.

Functionality: This button aims to provide additional ways for users to share files, links, or text via email, nearby devices, or installed apps like X (formerly Twitter).
Rationale: The feature addresses the need for streamlined sharing options, as not all individual apps currently support this functionality.
Status: Still in preview builds, with no confirmed release date announced.

"This new feature from Microsoft is still being tested in preview builds, and there is no confirmed deadline or date for the release of this feature." — Steve Prentice (00:25)

8. Data Privacy Concerns: Atlas Biomed Case

The episode highlights a concerning development involving Atlas Biomed, a London-based genetic insights company.

Incident: Atlas Biomed has suddenly ceased operations, leaving its customers in the dark about the status of their highly sensitive genetic data.
Manifestation:
- All activity on social media has halted.
- The company's London office remains empty.
Organizational Changes:
- BBC reports that four of its officers have resigned.
- Two remaining officers are listed at the same Moscow address as a Russian billionaire, a now-resigned director.
Implications: This abrupt disappearance raises significant data privacy and security concerns, especially given the sensitive nature of genetic information handled by Atlas Biomed.

"Atlas Biomed ceases operations without telling its customers what has happened to the highly sensitive data that customers shared with them." — Steve Prentice (00:35)

9. Secure by Design Initiative Reaches Six-Month Milestone

A detailed segment (00:08) covers the six-month progress of the Secure by Design initiative.

Commitment: Software companies pledged to adopt seven key digital security practices, enhancing overall cybersecurity posture.
Notable Contributions:
- Microsoft's expansion of Multi-Factor Authentication strengthens user authentication processes.
- Google's focus on secure code development improves software resilience against attacks.
- Fortinet's requirement for automatic security updates ensures that systems remain protected against evolving threats.

10. Conclusion: Prioritizing Data Privacy Before Incidents

Steve Prentice wraps up the episode by addressing a critical challenge for Chief Information Security Officers (CISOs): advocating for data privacy and security measures before incidents occur.

Business Perspective: Often, businesses are reluctant to invest in expensive infrastructure or procedural changes purely on principle.
CISO's Role: CISOs must effectively communicate the necessity of these changes, making a compelling case to the business to prioritize data privacy proactively.
Further Discussion: This theme is explored in-depth in the episode's segment titled "How to Prioritize Data Privacy Before an Incident", encouraging CISOs to initiate these crucial conversations.

"CISOs must make a case to the business to make these changes before an incident occurs. But how do you start that conversation?" — Steve Prentice (00:45)

Note: For listeners interested in exploring these topics further, the full stories and additional details are available at CISOseries.com.

Summary

Cyber Security Headlines - Episode Summary

Podcast Information:

Title: Cyber Security Headlines
Host/Author: CISO Series
Description: Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.
Episode: Halliburton Cyberattack Costs, Israel Credit Card DDoS, Forth Announces Breach
Release Date: November 12, 2024

1. Introduction

2. Halliburton Cyberattack Costs $35 Million

Attack Attribution: The Ransom Hub group is suspected to be behind the attack, though this remains unconfirmed.
Nature of the Attack: According to Security Week, Halliburton has not officially labeled the incident as a ransomware attack. However, the "brief description suggests that it was." The company confirmed that hackers successfully accessed and exfiltrated information from its corporate systems.

"Halliburton has yet to confirm that the incident was a ransomware attack, but its brief description suggests that it was." — Security Week (00:00)

3. DDoS Attack Disrupts Credit Card Payments in Israel

Steve then shifts focus to a critical incident affecting Israel's financial transactions.

Impact: A Distributed Denial of Service (DDoS) attack targeted the payment gateway company HIP and its Credit Guard product, causing malfunctioning of credit card readers in supermarkets and gas stations across Israel.
Duration: The attack persisted for approximately one hour, disrupting the communication between card terminals and the broader payment system.
Data Security: Notably, the attack did not result in the theft of information or actual payments.
Attribution: An Iran-linked hacker group has claimed responsibility, although this claim remains unverified.
Historical Context: This incident is not isolated; Israel experienced a similar attack in October targeting the payment firm Sheba.

4. Forth Announces Data Breach Affecting 1.5 Million Individuals

The episode then covers a significant data breach announcement by Forth, a debt relief solutions provider.

Breach Details: The breach occurred on May 21, 2024, but Forth only confirmed on July 1 that attackers had accessed certain documents within their systems.
Affected Parties: Approximately 1.5 million individuals were notified, including both customers and non-customers. It's possible that some affected individuals were customers of Centrix Software, which utilizes the Set Forth platform for cloud-based customer relationship management.
Data Handling: The Set Forth platform enables businesses to collect and share consumer information with user consent, raising concerns about data privacy and security.

5. Secure by Design Initiative Reaches Six-Month Milestone

A significant portion of the episode (00:08) is dedicated to the progress of the Secure by Design initiative, celebrating its six-month mark.

Overview: Secure by Design involves a pledge from software companies to adopt seven key digital security practices within a year, aiming to bolster cybersecurity standards across the industry.
Participation: 248 companies have signed the pledge, with most demonstrating serious commitment to the initiative.
Impact: Jack Cable, a Senior Technical Advisor at CISA, highlighted the positive strides made, noting that "progress has exceeded expectations."
Examples of Progress:
- Microsoft: Expansion of Multi-Factor Authentication.
- Google: Enhancements in secure code development.
- Fortinet: Introduction of a mandate requiring customers to receive automatic security updates.
"I'm seeing significant impacts across the Internet ecosystem and that the progress has exceeded expectations." — Jack Cable (00:08)

6. Emerging Cyber Threats and Techniques

The episode transitions into discussing newly identified cyber threats and techniques employed by malicious actors.

a. Zip File Concatenation to Evade Detection

Researchers at Perception Point uncovered a novel technique where hackers use zip file concatenation to bypass security measures.

Methodology: Threat actors create multiple separate zip archives, embedding malicious payloads in one while keeping others benign. These files are then concatenated into a single file, maintaining multiple zip structures within one archive.
Impact: This method allows the malware to bypass traditional security solutions, as the combined file appears legitimate with multiple central directories and end markers.

"Hackers create two or more separate zip archives and then hide the malicious payload in one of them, leaving the rest with innocuous content." — Steve Prentice (00:15)

b. New Variant of Remcos RAT

Fortinet researchers have identified a new variant of the Remcos RAT (Remote Access Trojan).

Original Purpose: Remcos is a legitimate tool for remote administration but is exploited by threat actors for malicious activities.
Delivery Mechanism: Victims receive phishing messages containing malicious Excel documents disguised as purchase orders. These documents access a shortened URL redirecting to a specific IP address, initiating the attack.
Persistence: The malware ensures long-term access by adding a new autorun item to the system registry.

7. Software Updates and Features

a. Windows 11 Adds Share Button to Start Menu and Taskbar

In an effort to enhance user convenience, Microsoft is testing a new Share button in Windows 11.

Functionality: This button aims to provide additional ways for users to share files, links, or text via email, nearby devices, or installed apps like X (formerly Twitter).
Rationale: The feature addresses the need for streamlined sharing options, as not all individual apps currently support this functionality.
Status: Still in preview builds, with no confirmed release date announced.

"This new feature from Microsoft is still being tested in preview builds, and there is no confirmed deadline or date for the release of this feature." — Steve Prentice (00:25)

8. Data Privacy Concerns: Atlas Biomed Case

The episode highlights a concerning development involving Atlas Biomed, a London-based genetic insights company.

Incident: Atlas Biomed has suddenly ceased operations, leaving its customers in the dark about the status of their highly sensitive genetic data.
Manifestation:
- All activity on social media has halted.
- The company's London office remains empty.
Organizational Changes:
- BBC reports that four of its officers have resigned.
- Two remaining officers are listed at the same Moscow address as a Russian billionaire, a now-resigned director.
Implications: This abrupt disappearance raises significant data privacy and security concerns, especially given the sensitive nature of genetic information handled by Atlas Biomed.

"Atlas Biomed ceases operations without telling its customers what has happened to the highly sensitive data that customers shared with them." — Steve Prentice (00:35)

9. Secure by Design Initiative Reaches Six-Month Milestone

A detailed segment (00:08) covers the six-month progress of the Secure by Design initiative.

Commitment: Software companies pledged to adopt seven key digital security practices, enhancing overall cybersecurity posture.
Notable Contributions:
- Microsoft's expansion of Multi-Factor Authentication strengthens user authentication processes.
- Google's focus on secure code development improves software resilience against attacks.
- Fortinet's requirement for automatic security updates ensures that systems remain protected against evolving threats.

10. Conclusion: Prioritizing Data Privacy Before Incidents

Steve Prentice wraps up the episode by addressing a critical challenge for Chief Information Security Officers (CISOs): advocating for data privacy and security measures before incidents occur.

Business Perspective: Often, businesses are reluctant to invest in expensive infrastructure or procedural changes purely on principle.
CISO's Role: CISOs must effectively communicate the necessity of these changes, making a compelling case to the business to prioritize data privacy proactively.
Further Discussion: This theme is explored in-depth in the episode's segment titled "How to Prioritize Data Privacy Before an Incident", encouraging CISOs to initiate these crucial conversations.

"CISOs must make a case to the business to make these changes before an incident occurs. But how do you start that conversation?" — Steve Prentice (00:45)

Note: For listeners interested in exploring these topics further, the full stories and additional details are available at CISOseries.com.

wavePod

Halliburton cyberattack costs, Israel credit card DDoS, Forth announces breach

Powered by Wave AI

Summary

1. Introduction

2. Halliburton Cyberattack Costs $35 Million

3. DDoS Attack Disrupts Credit Card Payments in Israel

4. Forth Announces Data Breach Affecting 1.5 Million Individuals

5. Secure by Design Initiative Reaches Six-Month Milestone

6. Emerging Cyber Threats and Techniques

a. Zip File Concatenation to Evade Detection

b. New Variant of Remcos RAT

7. Software Updates and Features

a. Windows 11 Adds Share Button to Start Menu and Taskbar

8. Data Privacy Concerns: Atlas Biomed Case

9. Secure by Design Initiative Reaches Six-Month Milestone

10. Conclusion: Prioritizing Data Privacy Before Incidents

Summary

1. Introduction

2. Halliburton Cyberattack Costs $35 Million

3. DDoS Attack Disrupts Credit Card Payments in Israel

4. Forth Announces Data Breach Affecting 1.5 Million Individuals

5. Secure by Design Initiative Reaches Six-Month Milestone

6. Emerging Cyber Threats and Techniques

a. Zip File Concatenation to Evade Detection

b. New Variant of Remcos RAT

7. Software Updates and Features

a. Windows 11 Adds Share Button to Start Menu and Taskbar

8. Data Privacy Concerns: Atlas Biomed Case

9. Secure by Design Initiative Reaches Six-Month Milestone

10. Conclusion: Prioritizing Data Privacy Before Incidents