Top Cybersecurity Stories For The Week Of 12-16-24 To 12-20-24

Host Rich Stroffolino will be chatting with our guest, Bethany De Lude, CISO, The Carlyle Group about some of the biggest stories in cybersecurity this past week. You are invited to watch and participate in the live discussion. We go to air at 12:30pm PT/3:30pm ET. Just go to YouTube Live here https://youtube.com/live/Zb2Oe9WaAKY or you can subscribe to the Cyber Security Headlines podcast and get it into your feed.

Here are the stories we plan to cover:

Recorded Future highlights the business impact of data breaches
Recorded Future’s Insikt Group has identified a 76% increase in publicly reported data breaches from 2022 to 2023, and even though there are two more weeks remaining in this year, Recorded Future’s data project a further 5% increase in 2024 compared to 2023. The group points out “the costliest impacts of data breaches in the last several years have been operational disruption, legal risks, and declining sales due to churn and loss of customer trust.” They add the real risk lies in “companies falling behind in their security strategy and failing to adopt a new way of thinking.”
(Recorded Future)

Rhode Island and ConnectOnCall grapple with data breaches
Two stories this week that highlight the theft of what appears to be low priority data, but really is not. First, Rhode Island’s RIBridges system, managed by Deloitte, was hit by a ransomware attack likely tied to the Brain Cipher gang, exposing sensitive data like Social Security numbers and banking details of residents applying for public assistance programs. Then Healthcare SaaS company had to notify over 900,000 patients of a data breach in its telehealth subsidiary ConnectOnCall, which also included health-related data.
(Bleeping Computer), (The Register) (Bleeping Computer)

US weighs TP-Link ban
In other “banning things from China” news, the Wall Street Journal’s sources say that investigators at the US Commerce, Defense, and Justice departments have opened separate investigations into the router-maker TP-Link. The Defense Department is reportedly investigating national-security vulnerabilities in routers from China, and the Justice Department will look at if TP-Links price discrepancies violate antitrust laws for selling below cost. TP-Link accounts for roughly 65% of the US home router market. Back in October, Microsoft reported multiple Chinese threat actors were using a botnet made up almost entirely of TP-Link routers called CovertNetwork-1658 to compromise Azure accounts.
(WSJ)

Interpol kills off Pig Butchering
In recent years, the proliferation of online relationships and investment scams has made “Pig butchering” a fairly common thing to hear on this show. It derives from the idea that threat actors are metaphorically attempting to fatten up a potential victim for a more significant return. Now, Interpol is calling on the cybersecurity community, media, and law enforcement to retire the term in favor of the more descriptive “romance baiting.” Europol said referring to the practice as pig butchering dehumanizes and shames victims and that romance baiting highlights the emotional manipulation in these schemes, with more emphasis put on the threat actor’s tactics. This comes as part of a broader effort by Interpol to encourage victims of these frauds to come forward to authorities.
(Bleeping Computer)

BeyondTrust suffers cyber issue
BeyondTrust, a cybersecurity company specializing in Privileged Access Management (PAM) and secure remote access solutions, itself suffered a cyberattack in on December 2. “Its products are used by government agencies, tech firms, retail and e-commerce entities, healthcare organizations, energy and utility service providers, and the banking sector.” After detecting "anomalous behavior" it was determined that “hackers gained access to a Remote Support SaaS API key that allowed them to reset passwords for local application accounts.” "BeyondTrust immediately revoked the API key, and notified known impacted customers. It is not yet clear whether the threat actors were able to use the compromised Remote Support SaaS instances to breach downstream customers.
(BleepingComputer)

UnitedHealth’s AI-driven insurance claims chatbot left exposed to the internet
The healthcare giant Optum has now restricted access to an internal AI chatbot that had been used by employees to inquire about how to handle patient health insurance claims and disputes according to standard operating procedures (SOPs). This after Mossab Hussein, chief security officer and co-founder of cybersecurity firm spiderSilk, saw that its IP address was accessible online for anyone with a web browser. No password was required. The chatbot “did not appear to contain or produce sensitive personal or protected health information.” A spokesperson for Optum, whose parent company is UnitedHealth Group, told TechCrunch in a statement that “Optum’s SOP chatbot was a demo tool developed as a potential proof of concept but was never put into production and the site is no longer accessible.”
(TechCrunch)

CISA delivers new directive for securing cloud environments
On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA) instructed Federal civilian agencies to strengthen security practices for cloud services. CISA’s Binding Operational Directive (BOD) 25-01 instructs agencies to identify its in-scope cloud tenants by February 21st, 2025. Agencies will also need to bring their environments in line with CISA’s Secure Cloud Business Applications (SCuBA) configuration baselines by June 20th. So far, CISA has only finalized configuration baselines for Microsoft 365, but soon plans to release baselines for other cloud platforms, starting with Google Workspace.
(CyberScoop and Bleeping Computer)