Cyber Intelligence Weekly

Cyber Intelligence Weekly (November 19, 2023): Our Take on Three Things You Need to Know

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here:

Before we get started on this week’s CIW, I’d like to highlight a new article by our very own Erin Conway, CPA, where she breaks down the recent amendments to NYDFS cybersecurity regulation, 23 NYCRR Part 500.

In this article she dives into the changes and updates for valuable insights on staying compliant. Since 2017, the cybersecurity landscape has evolved, leading NYDFS to fortify requirements for covered entities, effective Nov 1, 2023.

Explore key updates, like "Class A companies," enhanced governance, BCDR plans, and more. A detailed timeline ensures readiness for changes, crucial for compliance. Financial institutions under NYDFS should prioritize proactive steps to boost cybersecurity programs. Consult Echelon Risk + Cyber for effective navigation.

Stay informed, stay compliant! Read Erin Conway's insightful article here:

Away we go!

1. Hackers Weaponize SEC Disclosure Rules Against Victim

In somewhat shocking (but I'm not shocked) fashion, the notorious ransomware gang ALPHV/BlackCat has filed a complaint against its own victim, MeridianLink, to the U.S. Securities and Exchange Commission (SEC). According to a report from BleepingComputer, the cybercriminal group claims that the digital lending company failed to report a significant data breach. This alleged failure to disclose is contrary to the new SEC rules that mandate a disclosure of such breaches within four business days. The hackers posted screenshots on their website showing the filled-out complaint form on the SEC’s website and the response they received after submission.

The incident underlines the growing audacity of cybercriminal groups. ALPHV/BlackCat alleges it executed a “significant” breach against MeridianLink on November 7th, accusing the company of not adhering to disclosure requirements under the SEC's new rules. However, these rules are not set to take effect until mid-December 2023. MeridianLink, while confirming the cyber incident, has maintained that no user data was compromised.

This development marks an alarming escalation in cybercrime tactics, with hackers not only breaching security systems but also using legal frameworks to pressure their victims. ALPHV/BlackCat, known for its aggressive extortion strategies, has threatened to publish the stolen data from MeridianLink unless their demands are met. The group, notorious for its leak site where it posts data of non-compliant victims, had earlier published sensitive photos of breast cancer patients from the Lehigh Valley Health Network, showcasing their ruthlessness.

This incident poses a new challenge for cybersecurity professionals and corporate legal teams. It demonstrates that ransomware groups are evolving, now leveraging not just technical vulnerabilities but also legal and regulatory frameworks to exert pressure on their targets. The move by ALPHV/BlackCat to use the SEC complaint system in this manner is unprecedented and signals a new, dangerous direction in digital extortion tactics. Security experts now need to consider not only the technical aspects of cybersecurity but also the legal implications of such breaches, as ransomware groups continue to find innovative ways to exploit their victims.

2. Law Enforcement’s Struggle Against the 'Scattered Spider' Cyber Gang

In recent months, the U.S. Federal Bureau of Investigation (FBI) has been grappling with a formidable challenge: a highly aggressive cybercrime gang, known to some as "Scattered Spider," that has wreaked havoc across corporate America. This group has been particularly notorious for their involvement in significant cyber-attacks, including the damaging attacks at major casino operators like MGM Resorts International and Caesars Entertainment. Despite being aware of the identities of several gang members, the FBI has faced obstacles in making arrests, leaving industry experts puzzled and calling for action, according to a new Reuters report.

This sophisticated hacking group, active since 2021, has targeted a wide array of industries, from telecommunications to healthcare. Their tactics are not only technologically advanced but also alarmingly aggressive, involving threats of physical violence and extortion. The FBI's efforts to combat this group have been hampered by various factors. Firstly, there's a notable manpower shortage in the bureau, as many skilled cyber agents are being lured away by the private sector's higher salaries. Secondly, the reluctance of victimized companies to cooperate with law enforcement has been a significant impediment, often resulting in lost opportunities to gather crucial evidence. Lastly, the decentralized and elusive nature of the hacking group, often operating in small, loosely connected clusters, has made it challenging for the FBI to mount a coordinated response.

Despite these challenges, there are signs of progress. The FBI's Newark field office has taken charge of the investigation and is reportedly making headway, thanks in part to the assignment of a new special agent to the case. The seriousness of the threat posed by this group is underscored by their brazen tactics, including threats of violence and extortion. As the FBI and other agencies continue their efforts to dismantle this group, the cybercrime landscape remains a battleground.

3. Ransomware Syndicate Alleges Theft of 430 GB of Data in Stanford University Hack

Stanford University is currently grappling with a cybersecurity crisis. The Akira ransomware gang has publicly claimed responsibility for a significant data breach at the prestigious institution, alleging to have stolen a staggering 430 gigabytes of sensitive data. This collection reportedly includes confidential documents and personal information. Akira's brazen announcement highlighted Stanford's influential status and hinted at the imminent online leak of the purloined data if their ransom demands were not met. These demands, while unspecified, are known to typically range from $200,000 to a hefty $4 million.

In response to this alarming situation, Stanford University has acknowledged the breach but remains tight-lipped about receiving any ransom demands. Their focus has been on an intensive investigation, primarily conducted by the Stanford University Department of Public Safety (SUDPS). While they have managed to secure the impacted systems and have reassured that daily operations remain uninterrupted, the full extent and impact of the breach are still under scrutiny. The university, prioritizing the integrity of its information systems, is collaborating with external security specialists to gauge the breadth of the breach and is committed to updating the community once the investigation concludes.

This incident not only puts the personal information of students and faculty at risk but also raises broader concerns about the university's cybersecurity posture. Notably, the SUDPS handles sensitive crime reports and risk evaluations, and the potential disclosure of such information could have severe repercussions.

This breach is one of several that Stanford has faced in recent years, including previous attacks by the Clop ransomware gang and issues related to third-party software breaches. The Akira gang, known for its indiscriminate targeting across various sectors, is believed to be an offshoot of the now-defunct Conti ransomware operation, using sophisticated methods like compromised credentials and phishing to infiltrate networks.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here:

Sign Up for Weekly Cyber Intelligence Delivered to Your Inbox

Sign up to get Cyber Intelligence Weekly in your inbox.