Microsoft 365 outage update, China's cyber campaign fallout, Fake IT worker scheme - Cybersecurity Headlines

Summary

Cyber Security Headlines - November 26, 2024

Hosted by Lauren Verno from CISO Series

The latest episode of Cyber Security Headlines delves into several critical incidents and developments shaping the information security landscape. From major service outages to sophisticated cyber campaigns, Lauren Verno provides an insightful overview of the day's top stories.

1. Microsoft 365 Outage Update

Timestamp: [00:07]

The episode opens with an update on the widespread Microsoft 365 outages that disrupted services on Monday. Platforms such as Exchange Online, Microsoft Teams, SharePoint Online, and Outlook experienced significant accessibility issues. Lauren explains that the outage was triggered by a recent change, leading to challenges in both accessing these services and performing actions within Microsoft Fabric and Defender for Office365.

“Microsoft deployed a fix to the affected environments, initiated manual restarts on impacted systems, and as of this recording is monitoring progress.” – Lauren Verno [00:07]

This incident follows a major July outage caused by a DDoS attack, though Microsoft has not attributed the current outage to any malicious activity. The quick response and remediation efforts highlight Microsoft's commitment to maintaining service reliability despite the tumultuous events.

2. China’s Cyber Campaign Fallout

Timestamp: [02:30]

A significant portion of the discussion centers on China's ongoing cyber espionage campaign targeting U.S. telecommunication networks. The Biden administration recently held meetings with telecom executives to address the profound impacts, which may necessitate a large-scale infrastructure rebuild.

Senator Mark Warner, chair of the Senate Intelligence Committee, voiced strong concerns:

“China's cyber attacks on US Telecommunications networks are so severe they make Russia-linked incidents like the SolarWinds and Colonial Pipeline attacks look like child's play.” – Lauren Verno [04:15]

Warner emphasized that Chinese attackers have exploited wiretapping capabilities and stolen extensive data from U.S. networks. Despite China’s denial of these claims, U.S. officials maintain that the activities are significant and remain unresolved. The administration's focus is on intelligence sharing to mitigate the ongoing threats posed by such sophisticated cyber campaigns.

3. North Korean Fake IT Worker Scheme Unveiled

Timestamp: [05:20]

In another alarming development, Microsoft has uncovered a North Korean scheme involving fake IT workers. These operatives use stolen identities and AI-generated profiles to infiltrate companies worldwide, generating millions of dollars to fund Pyongyang's weapons programs.

The scheme primarily targets businesses through platforms like GitHub and LinkedIn, deploying phishing attacks and stealing cryptocurrencies. Additionally, the China-linked hacking group Storm 2077 continues to compromise both government and private organizations globally. In a related move, Google recently shut down over a thousand websites associated with the Glassbridge Group, known for orchestrating pro-China disinformation campaigns.

4. Meta Cracks Down on Scammers

Timestamp: [06:15]

Meta has taken significant action against scam operations by removing 2 million accounts linked to scams such as pig butchering. These scams primarily originate from countries like Cambodia, Myanmar, and the UAE. The operations involve long-term manipulation, often orchestrated by individuals coerced into criminal activities under threats of physical harm—a practice known as scam slave operations.

“These scams involve long-term manipulation, often by individuals coerced into working in criminal hubs under threats of physical harm.” – Lauren Verno [06:15]

The FBI reports that these operations are a major revenue source for criminal groups, utilizing fraudulent investment schemes to deceive victims and extract financial gains.

5. Zyxel Issues Patch for Exploited Vulnerability

Timestamp: [06:50]

Zyxel has issued a critical patch for a command injection vulnerability exploited by the Heldon ransomware group. This vulnerability affects devices running outdated firmware, specifically versions prior to 5.39. The flaw allows attackers to execute OS commands remotely, leading to rogue account creation for SSL VPN access.

Users are strongly advised to update their firewalls to the latest firmware version to mitigate potential exploitation and secure their networks against these targeted attacks.

6. Insurance Payout to New York

Timestamp: [07:10]

The State of New York has secured an $11.3 million settlement with Geico and Travelers Insurance over data breaches that exposed sensitive information of more than 120,000 residents, including drivers' licenses used in COVID-era unemployment fraud. Investigations revealed that both insurers failed to comply with New York's cybersecurity regulations.

As part of the $11.3 million settlement, Geico and Travelers Insurance will adopt stronger cybersecurity measures, including enhanced data security programs, robust authentication procedures, and comprehensive threat monitoring systems. The penalties imposed are $9.75 million for Geico and $1.55 million for Travelers, underscoring the state's commitment to enforcing cybersecurity compliance.

7. UK Creates AI Security Lab

Timestamp: [07:30]

In a proactive move to counter cyber threats, the UK has launched the Laboratory for AI Security Research. This initiative aims to develop AI-based cyber defense tools in collaboration with universities and intelligence agencies. Backed by £8.22 million in government funding, the lab seeks to address the escalating AI arms race and enhance national and allied security.

The establishment of the AI Security Lab comes amid heightened tensions between the UK and Russia, with Russia threatening UK facilities following Ukraine's use of British-made missiles. The lab's focus will include preparing defenses against potential Russian cyberattacks targeting critical infrastructure.

8. Additional Highlights

CISOs Under Pressure: The episode touches on the increasing pressure faced by Chief Information Security Officers (CISOs) to manage risks while often having to downplay these threats to executive boards. This dynamic presents challenges in effectively communicating and mitigating cybersecurity risks within organizations.

“CISOs face a tough task. They must manage risk, but surveys show they feel increasing pressure to downplay those risks to the board.” – Lauren Verno [07:45]

Future Discussions: Lauren hints at upcoming discussions related to the roles and challenges of CISOs, encouraging listeners to tune into future episodes for deeper insights.

Conclusion

The Cyber Security Headlines episode for November 26, 2024, provides a comprehensive overview of critical incidents and developments in the cybersecurity realm. From significant service outages and sophisticated nation-state cyber campaigns to innovative defense initiatives and regulatory actions, the episode underscores the evolving challenges and responses in safeguarding information security.

For more detailed stories behind these headlines, listeners are encouraged to visit CISOseries.com.

Transcript

A (0:00)

From the CISO series, it's Cybersecurity Headlines.

B (0:07)

These are the cybersecurity headlines for Tuesday, November 26, 2024. I'm Lauren Verno. Microsoft 365 outage update if you're wondering whether Microsoft's outages on Monday should have been your cue to start your Thanksgiving vacation early, you weren't alone. Microsoft addressed widespread 365 outages affecting services like Exchange Online, Microsoft Teams, SharePoint Online and Outlook. The issue caused by a quote recent change has led to difficulties accessing these platforms and performing certain actions within Microsoft Fabric and Defender. For Office365. Microsoft says they deployed a fix to the affected environments, initiated manual restarts on impacted systems, and as of this recording is monitoring progress. While this follows a major outage in July caused by a DDoS attack, Microsoft has not attributed the current incident to any malicious activity. Quote Hair on Fire over China's Cyber Campaign the Biden administration met with telecom executives to discuss the impact of China's cyber espionage campaign targeting US Telecommunication networks, which may require a large scale rebuild of infrastructure. Senator Mark Warner, chair of the Senate Intelligence Committee, has raised alarms over China's persistent attacks on US Telecommunications networks, describing their severity as far exceeding previous incidents. He said China's actions make Russia linked incidents like SolarWind attack and the Colonial Pipeline attack look like, quote, child's play. Warner highlighted the attackers exploited wiretapping capabilities and stole extensive data from US Networks, while the administration's meeting emphasized sharing intelligence as an ongoing threat. China denies these claims, but US Officials have described the activity as significant and unresolved. North Korean Fake IT Worker Scheme Unveiled Microsoft has uncovered a widespread North Korean scheme where fake IT workers using stolen identities and AI generated profiles infiltrated companies globally, generating millions in revenue for Pyongyang's weapons programs. These workers have been targeting businesses through platforms like GitHub and LinkedIn, deploying phishing attacks and stealing cryptocurrency. Meanwhile, the China linked hacking group Storm 2077 is actively compromising government and private organizations worldwide, while Google recently shut down over a thousand websites linked to the glassbridge Group known for running pro China disinformation campaigns. Meta Cracks down on Scammers Meta announced it has removed 2 million accounts linked to scams like pig butchering, primarily originating from countries like Cambodia, Myanmar and the uae. These scams involve long term manipulation, often by individuals coerced into working in criminal hubs under threats of physical harm known as scam slave operations, where they lure victims into fraudulent investment schemes. The FBI reports these kind of operations are a major source of revenue for these criminal groups. Thanks to today's episode's sponsor, Threat Locker do zero day exploits and supply chain attacks keep you up at night? Worry no more. You can harden your security with threat locker. ThreatLocker helps you take a proactive default deny approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation are fully supported by their US based support team. To learn more about how ThreatLocker can keep your organization running efficiently and protected from ransomware, visit threat locker.com that's T H R E A T L O C K E R Zycel issues patch for exploited Vulnerability zyxel is warning users to update their firewalls after the heldown ransomware group exploited a command injection vulnerability to compromise devices running outdated firmware. The flaw, patched in September with firmware version 5.39, allows attackers to execute OS commands remotely and has been linked to rogue account creation for SSL VPN access. Insurance payout to New York the State of New York secured an $11.3 million settlement with Geico and Travelers Insurance companies over data breaches that expose sensitive information of over 120,000 residents, including driver's licenses used in Covid era unemployment. Fraud investigations found both insurers failed to meet New York's cybersecurity regulations, leading to penalties of 9.75 million for Geico and 1.55 million for Travelers. As part of the settlement, the companies also agreed to adopt stronger cybersecurity measures, including enhanced data security programs, authentication procedures and threat monitoring systems. UK creates AI Security Lab the UK has launched the Laboratory for AI Security Research to counter threats from adversaries like Russia by developing AI based cyber defense tools in partnership with universities and intelligence agencies. Backed by 8.22 million in government funding, the lab aims to address the AI arms race and enhance national and allied security, while warning of potential Russian cyber attacks targeting critical infrastructure. The announcement coincides with tensions between the UK and Russia, with Russia threatening UK facilities following Ukraine's use of British made missiles. CISOs face a tough task. They must manage risk, but surveys show they feel increasing pressure to downplay those risks to the board. So how does a CISO do their job without getting dismissed as a buzzkill? That's what we're discussing in one of our segments on this week's CISO Series podcast. Look for the episode all your cybersecurity concerns are so adorable in your favorite podcast app. I'm Lauren Verno reporting for the CISO series.