3 Interesting Articles

Comcast says hackers stole data of close to 36 million Xfinity customers
Tech Crunch: Hackers exploiting the critical-rated “CitrixBleed” vulnerability have accessed sensitive information of nearly 36 million Xfinity customers. This flaw, found in Citrix networking devices, has been under mass-exploitation since late August, with Citrix releasing patches in early October. However, many organizations, including Comcast’s Xfinity, failed to patch in time, leading to breaches. Xfinity confirmed that hackers had access to its internal systems from October 16 to October 19, but the malicious activity wasn’t detected until October 25. By November 16, Xfinity realized that customer data was likely acquired, including usernames, hashed passwords, names, contact information, dates of birth, partial Social Security numbers, and secret questions and answers. Comcast’s spokesperson declined to specify the number of affected customers, but a filing with Maine’s attorney general revealed that about 35.8 million customers were impacted. Comcast has not yet confirmed whether a ransom demand was made or if the incident has been reported to the U.S. Securities and Exchange Commission, as mandated by new data breach reporting rules. Comcast asserts that there is no evidence of leaked customer data or attacks on customers resulting from the breach.

Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant
U.S. Department of Justice: The Justice Department has launched a disruption campaign against the Blackcat ransomware group, also known as ALPHV or Noberus, which has affected over 1,000 victims globally, including critical U.S. infrastructure. The FBI developed a decryption tool, aiding over 500 victims worldwide, saving them from approximately $68 million in ransom demands. The group, known for its ransomware-as-a-service model, employs a multiple extortion approach, stealing sensitive data before encrypting systems and demanding ransoms for both decryption and non-disclosure. Blackcat targets sensitive data to pressure victims into paying and publishes stolen data on the dark web if ransoms aren’t paid. Ongoing investigations into Blackcat involve substantial international collaboration, with various countries contributing significantly to the efforts.

Intelligence Researchers to Study Computer Code for Clues to Hackers’ Identities
Wall Street Journal ($): U.S. government researchers are exploring methods to identify hackers by analyzing the code in their cyberattacks. The Intelligence Advanced Research Projects Activity (IARPA) aims to create technologies to expedite investigations and determine perpetrators more efficiently. The increasing number of attacks coupled with limited forensic resources has made it challenging to identify hackers, especially those targeting smaller organizations. While these new tools won’t replace human analysts, they will use AI to enhance the efficiency of investigations. However, the task is complex as hackers often conceal their identities and share tools, complicating attribution efforts. In addition, code analysis could reveal behavioral traits indicating a hacker’s origin or training, but the rise of generative AI poses additional challenges. As AI-generated tools become more common, different cybercrime groups may produce similar-looking tools, complicating investigations. But despite these challenges, AI’s potential to process vast data volumes could significantly aid law enforcement in connecting dots from various cyberattacks worldwide.

2 Stats You Should Know

98% of organizations currently have a relationship with a technology vendor that has experienced at least one recent data breach. (source)

In 2009, two Los Angeles traffic engineers were sentenced after pleading guilty to hacking into a city traffic system to set long red lights at busy intersections as part of a labor protest. Both got 2 years of probation. (source)

1 More Thing

🎄🔔 Introducing “Cyber Bells” – A Cybersecurity Carol 🔔🎄

As we celebrate this festive season, we’ve put a twist on a classic Christmas carol. Get ready to sing along to “Cyber Bells” – a melody that combines the joy of the holidays with the essentials of cybersecurity. It’s a reminder that while we jingle through the digital snowscape, keeping our data secure and systems safe is as important as ever!

Dashing through the net,
With a firewall so strong,
O’er the waves we go,
Safe all along.
Bells on data ring,
Making spirits bright,
What fun it is to surf and sing
A cyber-safe song tonight!

Chorus:
Cyber bells, cyber bells,
Safety all the way!
Oh, what fun it is to surf
In a secure cyber sleigh, hey!
Cyber bells, cyber bells,
Safety all the way!
Oh, what fun it is to surf
In a secure cyber sleigh.

Warm holiday greetings to all celebrating Christmas!