Friday Five: Hacking Groups Ramping Up Efforts, Apple's Broken Promise, & More
This past week's headlines detail how threat actors are taking advantage of ongoing conflict, violent threats, and shifting tactics. Stay up-to-date on the latest in this week's Friday Five!
CYBER OPERATIONS LINKED TO ISRAEL-HAMAS FIGHTING GAIN MOMENTUM BY AJ VICENS
Amid the ongoing conflict between Israel and Hamas, hacktivist groups are making unverified claims of cyberattacks, escalating their operations to influence the war's perception. While it's unclear if these claims are accurate, experts anticipate more significant cyber operations as the conflict continues. These activities may involve state-sponsored threat actors using information operations to manipulate global perception through various means, including social media manipulation and the creation of fictitious hacktivist groups. The Middle East has been a fertile ground for hacking groups, with Hamas, Hezbollah, and Iran-associated actors conducting cyber espionage, data theft, and industrial control system targeting. Experts warn that state-backed groups may use hacktivist groups as fronts to conceal their attacks, with Iranian hacking groups posing a significant threat in the region.
CISA AND HHS LOOK TO HELP THE HEALTH SECTOR RAMP UP CYBER HYGIENE BY ALEXANDRA KELLEY
The Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Health and Human Services have released a cybersecurity toolkit to help protect the healthcare sector from cyberattacks. The toolkit offers various cybersecurity resources for healthcare entities, including guidance on cyber hygiene, addressing resource constraints, and sharing information on potential breaches. This initiative aims to address the increasing threat of cyberattacks on healthcare, which has exposed vulnerabilities in the system and eroded patient trust. The toolkit aligns with the cybersecurity executive order issued by the Biden administration in May 2021, emphasizing the importance of improving cyber incident sharing in the healthcare sector.
MICROSOFT: OCTO TEMPEST IS ONE OF THE MOST DANGEROUS FINANCIAL HACKING GROUPS BY IONUT ILASCU
Microsoft has identified a highly sophisticated threat actor known as Octo Tempest, which targets organizations for data extortion and ransomware attacks. Octo Tempest has evolved its tactics, shifting from selling SIM swaps and stealing accounts to deploying ransomware. The group has targeted a wide range of sectors, including gaming, hospitality, retail, manufacturing, technology, and financial services, gaining initial access through advanced social engineering, often targeting technical administrators to reset passwords and multi-factor authentication methods. The group has demonstrated advanced social engineering capabilities, mimicking individuals' speech patterns and using direct threats of violence to obtain logins, and their diverse tactics and living-off-the-land techniques make detection challenging.
IPHONES HAVE BEEN EXPOSING YOUR UNIQUE MAC DESPITE APPLE’S PROMISES OTHERWISE BY DAN GOODIN
Apple's privacy feature that was supposed to hide iPhones' and iPads' Wi-Fi addresses when joining a network, which was released as a part of iOS 14, hasn't worked as advertised for three years. This failure allows devices to continue displaying their real Wi-Fi addresses, making them trackable on networks. While the fallout for most users may be minimal, those with strict privacy concerns could be significantly impacted, given Apple's promise to reduce tracking across different Wi-Fi networks. Apple released a patch for the vulnerability in iOS 17.1 after researchers discovered it, but it's unclear how this basic failure went unnoticed for so long.
CISA NEEDS MORE MONEY AND LESS RED TAPE, REPORT SAYS BY NATALIE ALMS
A report on the role of the Cybersecurity and Infrastructure Security Agency (CISA) in protecting the .gov domain suggests that CISA needs better planning frameworks and coordination mechanisms to address growing cybersecurity threats to federal civilian agencies. The report recommends that CISA commission an independent report on its roles and responsibilities in federal network defense, and Congress should formally designate CISA as the agency receiving reports on major cyber incidents. It also calls for consistent funding for programs like CISA’s Continuous Diagnostics and Mitigation. The report suggests that Congress should formalize and fund CISA’s Joint Collaborative Environment for cyber information sharing and establish an entity to collect, analyze, and share cybersecurity statistics.