The Security Digest - 24/05/2024
Your weekly dose of cyber awareness.
This week in Cybersecurity… 🗞️
Strengthen Healthcare Defenses: Embrace Offensive Cybersecurity
Healthcare organisations must transition from reactive to proactive cybersecurity strategies to counteract escalating cyber threats. Implementing offensive measures like vulnerability assessments and penetration testing can uncover system weaknesses and improve defences.
Despite challenges such as budget limitations and insufficient expertise, these approaches offer significant benefits, including enhanced security posture, quicker threat response, and improved staff training. Adopting offensive cybersecurity methods is crucial for safeguarding patient data and maintaining healthcare operations.
London Drugs Employee Data Leaked on Dark Web Following Cyberattack
London Drugs experienced a significant cybersecurity breach, leading to the leak of employee data on the dark web. The attack forced the retailer to shut down its 80 stores across Western Canada.
Despite efforts to rebuild its data infrastructure and ongoing investigations, no customer data breaches have been confirmed. The company is working with third-party experts to restore operations safely and address the breach's impact, emphasising the protection of its customers and community.
Cyberattacks on Water Systems Persist, Warns Cybersecurity Expert
Cybersecurity expert Lee McKnight warns that recent cyberattacks on water systems will likely continue, highlighting the sector's vulnerability due to outdated practices. The Environmental Protection Agency (EPA) and the Cybersecurity and Infrastructure Security Agency (CISA) are increasing their efforts to improve cybersecurity in water facilities.
With 70% of water systems failing to maintain basic cyber hygiene, there is an urgent need for better training and updated security measures to prevent devastating breaches. The expert calls for significant improvements in both public and private sectors to protect critical infrastructure.
Deepfakes Surge as Second Most Common Cybersecurity Threat for U.S. Businesses
Deepfakes have emerged as the second most common cybersecurity incident for U.S. businesses, following malware infections. Over a third of companies reported experiencing deep fake-related security issues in the past year. These attacks often involve business email compromise (BEC), where AI-generated voice and video content deceives employees into authorising financial transactions.
Additionally, deep fakes pose risks for information theft, reputational damage, and bypassing security measures. To combat these threats, businesses are investing in AI and machine learning technologies, enhancing employee training, and increasing budgets for securing third-party vendor connections.
CyberArk Acquires Venafi for $1.54B to Strengthen Cybersecurity Offerings
CyberArk has acquired cybersecurity provider Venafi for $1.54 billion, enhancing its capabilities in protecting human and machine identities. The acquisition, funded by $1 billion in cash and $540 million in CyberArk shares, aims to address sophisticated cyberattacks by integrating Venafi’s public key cryptography solutions.
Venafi's products secure TLS certificates, SSH connections, and code integrity. This acquisition is expected to add $150 million in annual recurring revenue and expand CyberArk's total addressable market by $10 billion.
PSNI Faces £750,000 Fine for Data Breach Affecting Entire Workforce
The Police Service of Northern Ireland (PSNI) is facing a £750,000 fine from the UK's Information Commissioner’s Office (ICO) due to a data breach that exposed the personal information of its entire workforce last August.
The breach highlighted significant lapses in data protection protocols, prompting the ICO to take strict action to ensure compliance and safeguard sensitive information in the future.
CentroMed Data Breach Exposes Personal Information of 400,000 Individuals
CentroMed, a healthcare provider in San Antonio, experienced a data breach compromising the personal and health information of 400,000 individuals. The breach, discovered on May 1, 2024, involved unauthorised access to names, addresses, birthdates, medical details, Social Security numbers, and financial data.
CentroMed is notifying affected individuals and advising vigilance in monitoring financial statements. This incident follows a previous breach in 2023 involving 350,000 people.
Optus to Challenge Federal Court Decision Over Deloitte Report in Data Breach Case
Optus is set to challenge a Federal Court decision denying its claim of legal professional privilege over a Deloitte report prepared following a major cyberattack in September 2022. The court found that the report, commissioned to identify the causes and improve cyber risk management, was not primarily for obtaining legal advice.
As a result, Optus must produce the report for the ongoing class action lawsuit. This case highlights the complexities of claiming privilege over documents created for multiple purposes.
Kakao Fined $11.1 Million for 2023 Data Breach Affecting 65,000 Users
The Personal Information Protection Commission has fined Kakao 15.1 billion won ($11.1 million) for a 2023 data breach that exposed the personal data of over 65,000 users. The breach involved hackers exploiting vulnerabilities in KakaoTalk's open chat service.
Despite Kakao's contention that the leaked data did not constitute personal information, the commission held the company accountable for negligence in protecting user data. Kakao plans to challenge the fine legally.
Chinese Hackers 'Unfading Sea Haze' Infiltrate Military and Government Networks for Six Years
The cyber-espionage group "Unfading Sea Haze," linked to Chinese interests, has been undetected on military and government networks in the South China Sea region since 2018. Using sophisticated methods such as spear-phishing, file-less malware, and commercial RMM tools, they collected intelligence and maintained persistence.
The group's activities align with those of known Chinese state-sponsored actors, notably APT41. To counter such advanced threats, organisations are advised to enhance security measures, including patch management, MFA, and network segmentation.
Enjoyed this week’s digest? Why not share it with a friend? Let these topical events lead your security conversations, and become the expert. Oh, and don’t forget to subscribe :)