The Darkest Cybersecurity Awareness Month Yet
Outages, Cyberattacks, and Panic Marks the Start of CSAM 2024
This year’s Cybersecurity Awareness Month (CSAM) is anything but typical. We are witnessing an unprecedented, hyper-activated surge in cyber threats like never before. The nationwide carrier outages at the end of September were merely the beginning of something more alarming, rolling into the onset of CSAM. The disruptions didn’t stop there—they spread across platforms like PlayStation Network, popular streaming services, game servers, and even financial services like Zelle. Then, on the second day of CSAM, panic escalated when Bank of America users logged in to find their accounts showing $0 balances. It's as though threat actors chose this moment to declare their revolt, casting a Halloween-like chill over the nation with these widespread service breakdowns.
September 2024’s key incidents signal an escalation of cyber threats leading up to the election, with state-sponsored espionage aimed at undermining public trust, civic engagement, and democracy itself. Ahead in this newsletter, you'll find a detailed roundup of the incidents shaping this volatile cybersecurity landscape.
A highly sophisticated cyber threat group known as GreenCharlie has intensified its focus on U.S. political and government entities. This Iranian-affiliated group has been identified in a series of recent cyberattacks, utilizing advanced phishing techniques and malicious software to compromise targeted systems. Their agenda seems clear: to exert influence on U.S. politics through malicious cyber operations.
GreenCharlie specializes in highly-targeted phishing attacks, designed to trick victims into clicking on harmful links or downloading infected files. The group employs the GORBLE and POWERSTAR malware strains, which are used to infiltrate systems and steal sensitive data. To obscure their activities, GreenCharlie uses services like ProtonVPN and ProtonMail, a common tactic among Iranian Advanced Persistent Threat (APT) groups.
Iran and its associated cyber-espionage actors have a long-standing history of conducting influence operations, particularly during U.S. elections. Their hack-and-leak strategies aim to undermine political candidates, manipulate voter behavior, and sow division within the electorate.
As these cyberattacks continue to rise in sophistication and scope, organizations must strengthen their cybersecurity defenses. Implementing robust security measures is critical in safeguarding political institutions from the growing wave of cyber-espionage activities.
Fortinet confirmed a data breach where a threat actor named Fortibitch stole 440GB of files from the company's Microsoft SharePoint server. In a post on a hacking forum, Fortibitch claimed to have hacked Fortinet's Azure SharePoint, exfiltrating sensitive data and sharing credentials to access stolen files in an S3 bucket, allowing others in the cybercriminal community to access the data.
As part of an extortion attempt, Fortibitch demanded a ransom to prevent the publication of the stolen data. However, Fortinet stood firm, refusing to pay the ransom in line with its commitment against capitulating to extortion efforts.
This incident highlights the persistent threat of data breaches, even among cybersecurity vendors. Fortinet's decision to refuse the ransom sets a commendable precedent for other organizations grappling with similar threats.
Dell has faced two data breaches within a week this month, marking a hat-trick of unfortunate incidents this year. The latest breach, allegedly executed by the hacker known as "Chucky," exposed 3.5GB of sensitive internal files through compromised Atlassian tools. This comes on the heels of a previous breach attributed to the hacker "grep," which compromised the personal information of over 10,000 Dell employees.
The sophistication of the attackers, "Chucky" and "grep," is evident in their methodical targeting of Atlassian tools like Jira, Jenkins, and Confluence, allowing them access to a wealth of sensitive data, including Jira files, database tables, and schema migration records.
Both breaches have been classified as "10: High" on the severity scale, prompting serious concerns regarding Dell's cybersecurity posture. Earlier this year, another incident resulted in the exfiltration of 49 million customer records, further emphasizing the significant risks faced by the company. The exposure of such sensitive data carries considerable implications, including potential legal and financial consequences and damage to Dell's reputation. These repeated breaches pose a threat to customer trust, undermining confidence in Dell's ability to safeguard their information.
The Federal Trade Commission (FTC) proposed a $2.95 million penalty against security camera vendor Verkada for security failures and privacy regulation violations, including breaching the CAN-SPAM Act by sending unsolicited promotional emails without clear opt-out options.
In 2021, hackers exploited a vulnerability in Verkada's customer support system, gaining access to the Command platform and extracting sensitive data from over 150,000 cameras, including video footage and customer information. They publicly disclosed the breach and released recorded video as evidence. This incident followed a December 2020 breach where a flaw in Verkada's firmware led to the installation of the Mirai botnet and denial-of-service attacks.
FTC alleges that Verkada misrepresented its compliance with HIPAA and the Swiss-US Privacy Shield agreements, penalties include:
Verkada is required to pay a $2.95M civil penalty to ensure future compliance with the law.
The company is prohibited from misrepresenting its privacy, security practices, or compliance with standards like HIPAA and the Privacy Shield.
For the next 20 years, Verkada must report any cybersecurity incidents to the FTC within 10 days of notifying other government entities, providing detailed information about the incident.
Verkada's commercial emails must now include clear unsubscribe options to allow users to easily opt out of receiving promotional messages.
The FTC penalty serves as a warning to businesses about the importance of security and privacy. Failing to implement strong security measures and follow regulations can result in hefty financial penalties and damage to reputation.
CVE-2024-7261 - CVSS 9.8
A critical command injection vulnerability was identified in Zyxel business routers, designated CVE-2024-7261. This flaw enables remote attackers to execute arbitrary commands on the host operating system.
The vulnerability arises from an input validation error in the CGI program of specific models of access points and security routers. By exploiting the improper handling of user-supplied data within the "host" parameter, unauthenticated attackers can send crafted cookies to vulnerable devices, potentially gaining complete control over the router.
Zyxel has also uncovered seven additional high-severity vulnerabilities in its APT and USG FLEX firewalls. Among these, CVE-2024-42057 (CVSS v3: 8.1) stands out as particularly critical. This command injection flaw in the IPSec VPN feature can be remotely exploited without authentication.
Mitigating the Threats
☑️ Ensure all Zyxel devices are updated with the latest firmware versions.
☑️ Utilize hardware and software from vendors committed to providing regular security updates.
☑️ Regularly assess your network for vulnerabilities and take proactive measures to address them.
☑️ Educate your staff on best practices for online security and how to recognize and report potential threats.
Claims surfaced regarding breach of 4.6M U.S. voter registration data being exposed in unsecured databases. This prompted the FBI and CISA to issue a joint public service announcement to clarify the situation.
While it’s true that voter information may be circulating online, it is unlikely that this is the result of a cyberattack. Most voter registration details are publicly accessible or can be obtained through legal means. Malicious actors are leveraging this to sow distrust in the integrity of U.S. elections. Importantly, there is no evidence that any cyberattack has compromised the integrity of ballots or voter data.
⚠️Don't believe what you see online about "hacked" or "leaked" voter information. Remember, voter registration data is often publicly accessible.
⚠️ Be aware of misinformation campaigns, they are real threats. Be discerning about the information you consume and share.
To bolster security for the upcoming 2024 Elections, here are some actionable steps that election officials and organizations can adopt:
✔️ Enable Multi-Factor Authentication for your accounts & make it a priority.
✔️ Transition your website to a top-level .gov domain. This helps the public easily recognize your site as official.
✔️ Collaborate with partners to create a strategy for managing security incidents.
✔️ Proactively identify and address potential security weaknesses. Leverage the Cytex Risk Assessment to uncover blind spots, get real-time remediation steps, and strengthen your security posture. Perform a 15min interactive risk assessment now: Cytex Risk Assessment
This October, cybersecurity isn’t just about awareness—it’s about confronting a rapidly escalating threat landscape. By working collectively, we can safeguard the integrity and security of the 2024 U.S. Elections.
Cytex proudly extends its multimillion-dollar commitment by offering FREE Security & Phishing Training modules to organizations involved in elections, municipalities, and critical infrastructure throughout Cybersecurity Awareness Month. This initiative focuses on safeguarding U.S. election infrastructure during a time when threat actors intensify efforts to exploit political events.
Election officials are frequently targeted by cybercriminals who use phishing attacks to distribute malicious links or attachments disguised as election-related documents, such as absentee ballot applications.
79% of cyber-espionage incidents are enabled by phishing - CISA
At Cytex, we believe that strong cyber-defense is not only an enterprise necessity but also a societal responsibility. By providing our gamified Phishing Simulation & Security Training modules for FREE, we aim to help state and local governments, election officials, and vendors enhance cybersecurity and resilience in this critical period.
With Cytex, you can transform your first line of defense into a powerful Human Firewall. No hidden terms—secure your access now: https://cytex.io/free-phishing.
Cytex provides AI powered cybersecurity, risk management, and compliance operations in a unified resilience platform.
Interested? Find out more at → https://cytex.io