Back To Resource Center

Published: May 10, 2024

Security 3-2-1 Week of 5/10/2024

By Annie articles

3 Interesting Articles

U.K. Armed Forces’ Data Is Exposed in Hostile Cyberattack
NY Times ($): A significant data breach targeted a third-party payroll system used by the British Ministry of Defense, compromising the personal information of British Army, Navy, and Air Force members. This attack exposed the names, bank details, and addresses of serving personnel and veterans. Defense Secretary Grant Shapps stated that indications suggest a “malign actor” was involved and did not rule out state involvement, emphasizing the growing threats from cyberattacks. Prime Minister Rishi Sunak confirmed that the Ministry of Defense had taken the compromised network offline and was assisting those affected. Although no specific country was directly blamed, Sunak described China as a country with “fundamentally different values” that acts “authoritarian at home, assertive abroad.” The attack raised suspicions about Chinese involvement, as some lawmakers directly pointed the finger at China. In response, the Chinese Foreign Ministry dismissed the allegations as “utter nonsense,” reiterating China’s opposition to cyberattacks. The defense secretary assured that only a “tiny number” of addresses were exposed and that an investigation is underway. Nonetheless, lawmakers have called for a tougher stance against cyber threats and accused China of systemic espionage efforts targeting financially vulnerable individuals.

Microsoft Will Hold Executives Accountable for Cybersecurity
Dark Reading: Microsoft is making organizational changes to enhance its cybersecurity practices following criticisms from the U.S. government. Senior executives will be directly accountable with part of their compensation tied to meeting security milestones. Charlie Bell, Microsoft’s executive vice president of security, announced that a deputy CISO will be added to each product team and threat intelligence will report directly to the enterprise CISO. These changes come after the Cyber Safety Review Board (CSRB) identified gaps in Microsoft’s cybersecurity culture, which contributed to a breach by Chinese cyber-espionage group Storm-0558. To address these issues, Microsoft launched the Secure Future Initiative (SFI), emphasizing secure design, secure defaults, and secure operations. The SFI aims to strengthen security across six pillars: protecting identities, tenants, networks, engineering systems, monitoring threats, and accelerating remediation. Microsoft will implement measures like automatic key rotation, continuous least privilege access, and zero-trust access to source code. The full effect of these proposed changes will take time to materialize, but Microsoft’s comprehensive approach aims to ensure better security governance and bolster cybersecurity across its products and services.

Boeing confirms attempted $200 million ransomware extortion attempt
CyberScoop: In October 2023, Boeing was targeted by the LockBit ransomware group, which demanded a $200 million ransom. An indictment by the DOJ, which was unsealed on Tuesday, identified Dmitry Yuryevich Khoroshev as the primary administrator and developer behind LockBit. The indictment was part of international actions against the Russian national, which included sanctions by the U.S., U.K., and Australia. Boeing confirmed the attack, stating that it impacted their parts and distribution business but did not affect flight safety. Although LockBit leaked 43 gigabytes of Boeing’s data online, the company refused to pay the ransom. The indictment highlighted the “extremely large” ransom demands made by Khoroshev and his associates, who have amassed over $500 million in ransom payments since 2019. LockBitSupp, LockBit’s spokesperson, confirmed that Boeing was the unnamed company in the indictment but disputed the authorities’ identification of Khoroshev as LockBitSupp. Despite this, international efforts have continued to curb the ransomware gang’s operations.

2 Stats You Should Know

Between 2022 and 2023, there was an approximately18% increase in overall ransomware attacks, resulting in victims incurring over $1 billion in crypto payments. (source)

Stolen credentials have been a factor in nearly a third of all breaches over the past decade. (source)

1 More Thing

A quick word from our CEO/Founder, Jordan MacAvoy:

The #RSAConference this year was all about great vibes and even greater conversations! It felt like more people showed up this time around, and the energy was through the roof. AI was the hot topic on everyone’s lips—there’s so much potential there, but it’s tough to tell what’s really going to make a difference versus what’s just flashy demo stuff. Time will tell! I’d love to hear what you guys thought about the event. Did anything stand out to you? Reach out to me on LinkedIn to chat more.

Our large and diverse network of experts is here to help...

Charles M.

Principal

Charlies is a 14 year cyber security expert. He started his career in the U.S. armed forces and then transitioned into commercial roles. A security engineer by training, he's well-versed in tool deployment and administration.

Ellen K.

GRC Expert

Ellen bring a decade of GRC expertise to the TalPoint community. She's knowledgeable on a variety of frameworks and employs a methodical approach to compliance. She's available for needs assessments, gap assessments, internal audits, and for certain frameworks running independent 3rd party audits.

Zachary C.

Founder and CRO

Zachary bring a 20+ year career in risk management to the TalPoint community. He's worked across healthcare, finance, and supply chain manufacturing. His broad experience offers both a holistic view of risk as well as a common sense approach to risk management.