Cyber News Roundup for November 1, 2024
Recent events underscore the pressing challenges and threats facing both public and private sectors. From allegations of foreign interference in U.S. telecom networks to significant data breaches affecting millions, the need for enhanced security measures and proactive strategies has never been more critical. Today’s roundup of cyber news from around the globe explores key developments, including government investigations into hacking incidents, initiatives aimed at safeguarding tech startups, and the urgent call for better healthcare security practices, highlighting the global implications of these cybersecurity concerns.
US government investigates Chinese hacking of US telecom infrastructure
The US Department of Homeland Security’s Cyber Safety Review Board (CSRB) will investigate alleged Chinese hacking into US telecom networks, which may have targeted presidential campaign communications, BankInfoSecurity reports. The New York Times reported on Friday that Chinese hackers targeted phones belonging to former president Trump and his running mate Senator JD Vance as part of “a wide-ranging intelligence-collection effort.” The operation also targeted staffers of Vice President Kamala Harris and prominent politicians on Capitol Hill. The FBI and CISA issued a joint statement saying that the US government “is investigating the unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People’s Republic of China.” (BankInfoSecurity, NYT)
Five Eyes launches startup security program
Last year, the UK’s GCHQ National Cyber Security Centre and MI5’s National Protective Security Authority launched Secure Innovation, a program designed to help secure tech startups from state-backed threats. After the first-ever public meeting of the heads of the Five Eyes domestic intelligence agencies, the UK, US, Canada, New Zealand, and Australian governments agreed to launch regionalized versions. Secure Innovation provides basic advice on protecting technology, using simple questions to create a personalized action plan. The UK found over 500 startups engaged with the Secure Innovation program in its first year. (Infosecurity Magazine)
Russia might fork the Linux community
In a statement to local media, the Russian digital ministry said it plans to create an “alternative structure” and an independent development community around Linux. This statement came after the Linux community delisted 11 Russian kernel maintainers, later explaining that it would add restrictions to developers whose companies are controlled by anyone named on the US Office of Foreign Assets Control list. Russia called this “an act of discrimination.” Linux creator Linus Torvalds doubled down on the action, saying the decision “is not getting reverted.” (The Record)
A call for a proactive approach to healthcare security
In an op-ed for Cyberscoop, US Representative Mark Green made the case for a proactive approach to healthcare security with closer collaboration between the public and private sectors. He called for greater accountability from the small group of vendors that dominate most IT systems and asked for a mandate for CISA to identify cross-sector points of vulnerability. The piece also made the case for treating basic cybersecurity hygiene as a critical investment, noting that almost 40% of healthcare providers have no data leak contingency plans. He closed by calling for collaboration to streamline federal cybersecurity hiring and better secure the open-source supply chain. (Cyberscoop)
Change Healthcare data breach confirmed as largest-ever in U.S. healthcare history
UnitedHealth Group (UHG) has confirmed that more than 100 million individuals were impacted during the ransomware attack on its subsidiary, Change Healthcare, in February making it the largest known digital theft of U.S. medical records in history. UHG’s CEO confirmed cybercriminals broke into employee systems using stolen credentials that were not protected with multi-factor authentication (MFA). Stolen data varied by victim but included sensitive health treatment data as well as personal details like names, dates of birth, contact info, government IDs, as well as Social Security, driver’s license, and passport numbers. United Health began notifying victims in July and continues to do so as “the investigation is still in its final stages.” The ramifications are likely to be lifelong for the millions of Americans whose private medical information was exposed. (TechCrunch)
Authorities investigate telecom hacks following reports of campaign intrusions
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) said Friday that they are investigating allegations that Chinese government-linked hackers, Salt Typhoon, breached systems at AT&T, Verizon and Lumen, and targeted systems used by U.S. law enforcement for wiretaps. Friday’s statement coincided with reports from several news outlets claiming that Salt Typhoon used their access to the telecoms to target phones used by Vice President Harris and several other top Democrats as well as former President Trump and J.D. Vance. Investigators and law enforcement indicated, “they are deeply concerned about the potential extent of compromised data” and indicated that the hackers may still have access to Verizon systems. (The Record)
Massive breach impacts French telecom giant
France’s second-largest telecom provider, Free, has confirmed it suffered a cyberattack that compromised personal data, though it claims that passwords, banking details, and communications content were unaffected. The breach targeted an internal management tool and led to an attempted sale of customer information on BreachForums, with hackers claiming to possess data for over 19 million customers, including certain International Bank Account Numbers (IBANs). The telecom company is currently in the process of informing those affected, which, according to the threat actors who stole the data, could be nearly a third of France’s population. (Bleeping Computer), (The Record)
Black Basta leverages Microsoft Teams
ReliaQuest researchers report that Black Basta ransomware affiliates have switched tactics, now using Microsoft Teams to gain initial access to target networks by impersonating IT support. By overwhelming employees with spam emails and then posing as help desk personnel on Teams, the attackers attempt to trick users into downloading remote monitoring tools like AnyDesk. In recent incidents, they have also incorporated malicious QR codes into their communications. The report highlights a significant increase in message volume, with one user receiving around 1,000 emails in just under an hour. (Security Affairs)
Have questions? Reach out to RedSeal today to chat with one of our cybersecurity experts or schedule a demo today.