Cyber Intelligence Weekly (June 11, 2023): Our Take on Three Things You Need to Know // Echelon Risk + Cyber

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Before we get started on this week’s CIW, I’d like to highlight the fact that we’ve reached 25,000 subscribers to Cyber Intelligence Weekly! It is fitting that we hit the 25k mark on this 100th edition of the blog. I am truly humbled by this great community of IT and cybersecurity leaders and look forward to growing this community with you. Please share this newsletter today with one person that you would like to see increase their cyber knowledge and let’s spread the word!

Away we go!

1. Operation Triangulation: Apple Fixes Zero-Day Vulnerabilities Exploited

Apple recently responded swiftly to the discovery of several zero-day vulnerabilities that were being exploited to deploy Triangulation spyware on iPhones via iMessage zero-click exploits. The vulnerabilities, tracked as CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439, were reported by Kaspersky security researchers. The spyware campaign, dubbed "Operation Triangulation," had been active since 2019 and was still ongoing, impacting iPhones in multiple countries, including Russia. The vulnerability prompted concerns with Russia's FSB intelligence agency claiming that Apple had collaborated with the NSA to provide a backdoor, an accusation Apple vehemently denies.

In response to these critical vulnerabilities, Apple promptly released patches for affected devices. The security updates, available for macOS Ventura 13.4.1, macOS Monterey 12.6.7, macOS Big Sur 11.7.8, iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, watchOS 9.5.2, and watchOS 8.8.1, address the zero-day vulnerabilities by implementing enhanced checks, input validation, and state management. It is crucial for users to update their devices to the latest software versions to protect themselves against potential exploitation.

These recent vulnerabilities mark the ninth instance this year where Apple has urgently addressed zero-day threats. The company has been actively combatting exploits that target iPhones, Macs, and iPads, illustrating the continuous efforts made by both security researchers and malicious actors to identify and exploit vulnerabilities. Apple's commitment to promptly patching these vulnerabilities underlines the company's dedication to maintaining the security and privacy of its user base.

The discovery and subsequent resolution of the zero-day vulnerabilities exploited in the Triangulation spyware campaign highlight the ongoing cat-and-mouse game between security researchers and cybercriminals. Apple's swift response in releasing security patches serves as a reminder of the critical role played by software updates in safeguarding user devices. As threats continue to evolve, it is essential for users to remain vigilant and prioritize regular updates to ensure the highest level of security for their devices.

2. Third-Party Vendor Hack, Data Breach Impacting Pilots in Major Airlines

American Airlines and Southwest Airlines, two of the largest airlines in the world, recently disclosed data breaches that originated from a hack targeting a third-party vendor called Pilot Credentials. Upon researching Pilot Credential on LinkedIn, it appears to have only two employees (see screenshot below), interesting…

This vendor apparently manages the pilot applications and recruitment portals for multiple airlines. The breach, which occurred on April 30, compromised personal information provided by pilot and cadet applicants. Although the breach was limited to the vendor's systems and did not impact the airlines' own networks, it still raised concerns regarding the security of sensitive information that the airlines manage. American Airlines reported that 5,745 pilots and applicants were affected, while Southwest Airlines reported a total of 3,009 individuals impacted.

The notification letters state that upon discovering the data breaches, both American Airlines and Southwest Airlines immediately took action. They notified the affected individuals and regulatory authorities, including relevant law enforcement agencies, and are actively cooperating with ongoing investigations. While there is no evidence suggesting that the exposed personal information has been misused for fraudulent purposes, both airlines have decided to redirect pilot and cadet applicants to self-managed internal portals as a precautionary measure.

These recent breaches are not the first instances of data security incidents faced by American Airlines. In 2022, the company disclosed a breach resulting from a phishing attack that compromised employee email accounts. Similarly, in 2021, American Airlines was affected by a breach through a third-party air information tech provider.

The data breaches impacting American Airlines and Southwest Airlines underscore the critical importance of robust cybersecurity measures within the aviation sector. The breach, originating from a third-party vendor, serves as a reminder of the need for airlines to thoroughly evaluate the security practices of their partners and vendors.

3. UPS Canada Data Breach Exposes Customers to Targeted Smishing Attacks

Per a recent Brian Krebs report, United Parcel Service (UPS) Canada has reported a data breach that has left its customers vulnerable to highly targeted SMS phishing, commonly known as "smishing" attacks. The breach involved fraudsters exploiting UPS' online shipment tracking tool to harvest phone numbers, personal information and other relevant details of recent orders and shipments. These cybercriminals then proceeded to send convincing SMS messages that impersonated UPS and other prominent brands. The messages were individually addressed to recipients and included specific details about recent orders, creating an illusion of legitimacy.

The fraudulent messages informed customers that their packages would not be delivered unless an additional delivery fee was paid. This tactic aimed to deceive recipients into making payments for non-existent charges. UPS Canada became aware of the fraud and the subsequent smishing campaign and immediately took steps to investigate the incident. They have been working closely with partners in their delivery chain and law enforcement agencies to understand how the fraudsters obtained the customer data.

To address the breach, UPS Canada has implemented measures to limit access to customer information and ensure a more secure environment for its users. However, the extent of the breach and the number of affected customers remain unclear. UPS Canada has advised its customers to exercise caution and remain vigilant against smishing attempts. They encourage customers to learn more about fraud prevention and protection on the UPS Fight Fraud website.

It is crucial for individuals to be aware of the risks associated with phishing/smishing attacks and to stay informed about the latest security practices. By staying vigilant and adopting best practices for online security, customers can better protect themselves from falling victim to these types of scams. UPS Canada's response to this data breach emphasizes the importance of robust cybersecurity measures and serves as a reminder for organizations to prioritize the protection of customer data.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about