Hello,
We took a break for a few weeks, but now our blog is back. Here's the latest in the most impactful stories in cybersecurity.
Let's begin in Germany, where the country's Green party announced it is the victim of a recent cyberattack that affected email accounts belonging to Foreign Minister Annalena Baerbock and Economy Minister Robert Habeck. The cyber attack was first reported last Saturday by German weekly Der Spiegel. While the number of email accounts actually impacted was very small - just 14 - party leaders Ricarda Lang and Omid Nouripour were among those compromised in such a way that some emails were forwarded to addresses outside the party.
In the UK, Logistics giant Yodel has also been impacted by what they call a cyber “incident”, which caused service disruption earlier in the week. The UK delivery company posted an update to its site saying: “We are working to restore our operations as quickly as possible but for now, order tracking remains unavailable and parcels may arrive later than expected.” Although the firm doesn’t hold any customer payment information, it is currently investigating whether any other personally identifiable information (PII) has been taken.
Elsewhere in Europe, Europol announced on Tuesday that police have dismantled a cybercrime group that made millions of euros through phishing and other types of schemes. The law enforcement operation was conducted by police in Belgium and the Netherlands, with support from Europol. The Dutch police arrested nine individuals — eight men and one woman, aged between 25 and 36 — and searched 24 houses in the country. According to police, the suspects were involved in phishing and other internet scams that helped them make millions of euros.
Then in India, logistics provider Grab is denying claims spread by a Malaysian hacktivist group that it fell victim to the group's hacking attack. DragonForce Malaysia says it stole details of Grab delivery personnel. They announced it via social media, and shared a spreadsheet containing names and other data. A Grab spokesperson told Information Security Media Group the spreadsheet contains referrals for motorcycle delivery drivers originating from a third-party vendor, and that it appears none of Grab's systems were directly targeted.
Here in the U.S., Microsoft and Outlook customers have been the target of a voicemail-themed phishing campaign hitting specific industry verticals across the country. According to analysis from Zscaler's ThreatLabz, a highly targeted offensive began in May, aiming at specific verticals, including software security, the US military, security-solution providers, healthcare/pharmaceuticals and the manufacturing supply chain.
On Tuesday, President Biden signed three bills into law, two of which focus on improving government cybersecurity. Bill S. 1097, titled the Federal Rotational Cyber Workforce Program Act of 2021, establishes an employee rotational program within the Federal Cyber Workforce. The law establishes that "certain federal employees may be detailed among rotational cyber workforce positions at other agencies" and authorizes agencies to determine which employees are eligible for the program. Bill S. 2520, titled the State and Local Government Cybersecurity Act of 2021, will require the Department of Homeland Security to increase collaboration among state, local, tribal and territorial government entities along with "corporations, associations, and the general public, regarding cybersecurity."
Also this week, major U.S. lender Flagstar Bank announced a security comprise that took place last year. A statement issued from Maine's Attorney General explained that Flagstar was impacted between April and December 2021. The bank estimates that at least the names and social security numbers of more than 1.5 million of its customers were stolen from its computers in December. According to BankInfoSecurity, an unidentified threat actor gained unauthorized access to the bank's systems sometime around last December 4th or December 5th. It wasn't until June 2, following "an extensive forensic investigation and manual document review," that bank officials discovered the breach.
That's all for this week. Thanks for stopping by our blog.
Amy
Top Global Security News
Security Week (June 22, 2022) Belgian, Dutch Police Dismantle Cybercrime Group
Europol announced on Tuesday that police have dismantled a cybercrime group that made millions of euros through phishing and other types of schemes.
The law enforcement operation was conducted by police in Belgium and the Netherlands, with support from Europol. The Dutch police arrested nine individuals — eight men and one woman, aged between 25 and 36 — and searched 24 houses in the country.
Police have seized firearms, electronics, jewelry, cash and cryptocurrency from the suspects. The investigation was initiated by Belgian authorities and the individuals arrested in the Netherlands will be handed over to Belgium.
According to police, the suspects were involved in phishing and other internet scams that helped them make millions of euros.
InfoSecurity (June 22, 2022) Yodel Cyber Incident Disrupts UK Deliveries
Logistics giant Yodel has confirmed it is experiencing a cyber “incident” which is causing service disruption.
The UK delivery company posted an update to its site saying: “We are working to restore our operations as quickly as possible but for now, order tracking remains unavailable and parcels may arrive later than expected.”
Although the firm doesn’t hold any customer payment information, it is currently investigating whether any other personally identifiable information (PII) has been taken.
Dark Reading (June 22, 2022) Microsoft 365 Users in US Face Raging Spate of Attacks
A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes.
Microsoft 365 and Outlook customers in the US are in the crosshairs of a successful credential-stealing campaign that uses voicemail-themed emails as phishing lures. The flood of malicious emails anchoring the threat is emblematic of the larger problem of securing Microsoft 365 environments, researchers say.
According to an analysis from Zscaler's ThreatLabz, a highly targeted offensive has been ongoing since May, aiming at specific verticals, including software security, the US military, security-solution providers, healthcare/pharmaceuticals, and the manufacturing supply chain.
READ MORE
CNET (June 21, 2022) Biden Signs Two Bills to Enhance Government Cybersecurity
President Joe Biden signed three bills into new law Tuesday, two of which focus on beefing up government cybersecurity, according to a White House press release.
Bill S. 1097, titled the Federal Rotational Cyber Workforce Program Act of 2021, establishes an employee rotational program within the Federal Cyber Workforce. The workforce is a "diverse group of practitioners who govern, design, defend, analyze, administer, operate, and maintain our nation's data, systems and networks," according to the CIO Council.
The law establishes that "certain federal employees may be detailed among rotational cyber workforce positions at other agencies" and authorizes agencies to determine which employees are eligible for the program.
The Register (June 21, 2022) Info on 1.5m people stolen from US bank in cyberattack
A US bank has said at least the names and social security numbers of more than 1.5 million of its customers were stolen from its computers in December.
In a statement to the office of Maine's Attorney General this month, Flagstar Bank said it was compromised between December and April 2021. The organization's sysadmins, however, said they hadn't fully figured out whose data had been stolen, and what had been taken, until now. On June 2, they concluded criminals "accessed and/or acquired" files containing personal information on 1,547,169 people.
"Flagstar experienced a cyber incident that involved unauthorized access to our network," the bank said in a statement emailed to The Register.
BankInfoSecurity (June 21, 2022) India-Based Grab Denies Cyberattack Claim by Malaysia's DragonForce
Indian hyperlocal logistics provider Grab is denying claims spread by a Malaysian hacktivist group that it fell victim to a hacking attack.
Hacktivist group DragonForce Malaysia says it stole details of Grab delivery personnel, posting last Saturday on social media platforms Twitter and Telegram a spreadsheet containing names and other data.
A Grab spokesperson tells Information Security Media Group the spreadsheet contains referrals for motorcycle delivery drivers originating from a third-party vendor. No Grab systems were directly targeted, the company says.
ABC News (June 18, 2022) Germany's Green party says email system hit by cyberattack
The German Green party, which is part of the country's governing coalition, says its IT system was hit by a cyberattack last month that affected email accounts belonging to Foreign Minister Annalena Baerbock and Economy Minister Robert Habeck.
The party confirmed a report Saturday by German weekly Der Spiegel, but said the two hadn't actively used their party accounts since January.
A total of 14 accounts — including those of party leaders Ricarda Lang and Omid Nouripour — were compromised in such a way that some emails were forwarded to addresses outside the party, the Greens said.
Other Thought-Provoking Stories
Icefall: 56 flaws impact thousands of exposed industrial devices - Bleeping Computer
Capital One Attacker Exploited Misconfigured AWS Databases - Dark Reading
False Air Raid Sirens in Israel Possibly Triggered by Iranian Cyberattack - SecurityWeek
Canada's Desjardins Settles Data Breach Lawsuit for $155M - BankInfoSecurity
Illinois man behind DDoS attack service given 2-year prison sentence - The Record
Jacuzzi customer details could be exposed by SmartTub web bugs, claims researcher - Portswigger
2 Texas Hospitals Infected With Malicious Code May Face PHI Exposure - HealthITSecurity
Department of Energy rethinks cyber resilience in strategy to secure the grid - Cybersecurity Dive
Voicemail phishing emails steal Microsoft credentials - The Register
Inside a large-scale phishing campaign targeting millions of Facebook users - HelpNetSecurity