This week has seen some big developments in cybersecurity, from the arrest of ransomware operators to data breaches at major companies. Staying informed about these threats with TCE Cyberwatch is essential to protect yourself and your loved ones online.
Here’s a quick rundown of the major cybersecurity news you need to know.
TCE CyberWatch: A summary of the top cybersecurity news stories
Two foreigners arrested for millions of dollars in Rockbit attack
Two foreign nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty in Newark federal court for their involvement in the LockBit ransomware group, which attacked more than 2,500 victims in 120 countries, including 1,800 in the United States, between 2020 and 2024, extorting hundreds of millions of dollars in ransoms. A recent disruption operation led by the UK National Crime Agency, the FBI and other partners in February led to the seizure of LockBit’s servers, causing significant disruption to the company’s operations.
Astamirov and Vasiliev admitted to using Rockbit, causing losses of $1.9 million for Astamirov and $500,000 for Vasiliev. Police are actively pursuing other members of Rockbit, including Rockbit’s creator, Dmitry Yuryevich Khoroshev. A $10 million bounty has been offered for Khoroshev’s arrest. U.S. Attorney Philip R. Selinger stressed his commitment to holding cybercriminals accountable. Victims are encouraged to contact the FBI and visit justice.gov for assistance and updates on the case. Read more
Indian government acknowledges data breach at BSNL
India has confirmed that a data breach has occurred in the systems of Bharat Sanchar Nigam Limited (BSNL), the country’s largest state-owned telecommunications service provider. The BSNL data breach, reported on May 20, 2024, marks the second cyberattack on the company in six months.
India’s Minister of State for Communications Chandra Sekhar Penmasani acknowledged the breach in Parliament on July 24 in response to a question from Opposition Member of Parliament Amar Singh.
The breach was first revealed by Indian firm Athenian Tech in a threat intelligence report, which said a threat actor operating under the alias “kiberphant0m” leaked a ton of sensitive data, affecting millions of users. Read more
Leidos faces data breach, internal documents exposed
Hackers leaked internal documents stolen from Leidos Holdings Corp., a major U.S. government IT services provider, according to sources familiar with the matter. The company only recently became aware of the breach and believes the documents were stolen during an earlier publicized intrusion into a third-party system it used.
Leidos, which serves clients including the Department of Defense, Department of Homeland Security and NASA, is investigating the matter. The company’s shares initially fell more than 4% in after-hours trading following the report but have since recouped most of their losses. Leidos, which was formed in 2013 with the acquisition of Lockheed Martin Corp’s IT business, has contract obligations of $3.98 billion in fiscal 2022, making it the federal government’s largest IT contractor, according to Bloomberg government data. Read more
Mimecast acquires Code42 to strengthen human resource risk management
Mimecast, a global human risk management (HRM) platform, announced the acquisition of Code42, a leading insider threat management and data loss prevention company. While financial terms of the acquisition were not disclosed, the strategic move signals Mimecast’s commitment to transform the way organizations address human-centric security risks.
The acquisition aligns with Mimecast’s strong strategy to address people risk, having recently announced its Connected HRM platform and Mimecast Engage™ people risk awareness and training service. Mimecast will continue to support Code42’s existing customer base, and Code42’s Incydr™ product is currently available to Mimecast customers, with plans to integrate these capabilities into the Mimecast platform in the coming months. Read more
KnowBe4 arrests North Korean spy in sophisticated recruitment scam
Florida-based security awareness training company KnowBe4 recently disclosed that a North Korean operative posing as a software engineer attempted to circumvent background checks during hiring and plant malware on the company’s workstations within 25 minutes of being hired. The operative used a Raspberry Pi to download malware, manipulate session history files, and run unauthorized software. The incident, uncovered by KnowBe4’s security team, highlighted the sophisticated techniques used by the operative, including the use of AI deepfakes and exploiting weaknesses in the hiring process.
The company quickly contained the compromised workstations, rendering them inaccessible. The incident is part of a broader plan for North Korean IT workers to infiltrate U.S. companies and make large amounts of money for North Korea. KnowBe4 CEO Steuerman highlighted the serious risks posed by such advanced threats, noting that operatives often work remotely over VPNs from locations in North Korea or China. Read more
Key leadership changes at CISA as Wales retires
Cybersecurity and Infrastructure Security Agency (CISA) Administrator Jen Easterly announced significant leadership changes within the agency, which will result in the retirement of Brandon Wales after several years in this key role. Bridget Bean will succeed Wales as the agency’s next Administrator.
Reflecting on Wales’ tenure, Director Easterly expressed his deep gratitude, saying, “Brandon led CISA through some of the most serious threats facing our nation.” A federal employee with more than 20 years of experience, Wales played a key role in shaping CISA into what it is today, navigating challenges such as the SolarWinds breach and the Colonial Pipeline ransomware attack. Wales’ retirement was collaboratively planned to ensure a smooth transition to new leadership. Read more
Wizz rejects Google’s $23 billion acquisition offer, aims for IPO
Israeli cybersecurity company Wizz has turned down a staggering $23 billion takeover offer from Google’s parent company Alphabet Inc. The decision represents a pivotal moment for Wizz, as the company opted to pursue its original plan to go public rather than be acquired.
In an internal memo obtained by multiple media outlets, Wizz CEO Assaf Rapaport outlined the company’s new strategy: “To be clear, our next milestone is to achieve $1B in ARR and launch an IPO,” Rapaport said, highlighting the company’s ambitious goals despite lucrative acquisition offers.
Rapaport acknowledged that the decision was difficult, but stressed that the company has confidence in its team and believes it can succeed on its own.
India announces 9th priority area for Budget 2024-25
India’s Finance Minister Nirmala Sitharaman on July 23 presented a historic budget for the seventh consecutive fiscal year 2024-25, surpassing the previous record set by former Prime Minister Morarji Desai. The budget is the first to be presented under the BJP-led NDA government since its re-election in June.
The Union Budget 2024-25 highlights nine key priorities aimed at stimulating growth and creating opportunities across sectors. Read More
Serious flaws discovered in Philips medical imaging system
Philips has revealed multiple vulnerabilities in its Vue Picture Archiving and Communication System (PACS), posing a significant risk to the global healthcare sector. Widely used in hospitals and diagnostic centers, the system is essential for the management and transmission of medical images such as X-rays, MRI scans, and CT scans. The system seamlessly integrates with Electronic Medical Records (EMR) and Radiology Information Systems (RIS).
On July 18, 2024, Philips issued a security advisory identifying vulnerabilities in Vue PACS versions prior to 12.2.8.410. These vulnerabilities are categorized as “high” and “critical” in severity and may expose systems to potential cyber attacks. The advisory details issues such as untrusted data deserialization, out-of-bounds writes, and uncontrolled resource consumption. Read more
From ransomware takedowns to data breaches to leadership changes at cybersecurity agencies, there was a flurry of activity on TCE Cyberwatch this week. These stories highlight the evolving cyber threat landscape and the importance of remaining vigilant. More details and resources for each story can be found by following the “read more” links.
