Intelligence
Cyber Intelligence Weekly Echelon

Cyber Intelligence Weekly (October 13, 2024): Our Take on Three Things You Need to Know

By
Posted on Oct 13 / 2024

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Before we get started on this week’s CIW, I’d like to highlight our cybersecurity awareness content, put out by some of our brightest consultants, check out this latest piece: "Expert Insights for Cybersecurity Awareness Month: Strategies to Enhance Protection."

This article was authored by our cybersecurity pros – Paul Interval, Paul Matvey, Steve Snider, and Josh Fleming, MSITM – each offering advice based on their practice areas to help you strengthen your organization’s cyber defenses. Check out the full article here: https://lnkd.in/eMVZsqtK ! 🌐🔒

https://echeloncyber.com/intelligence/entry/expert-insights-for-cybersecurity-awareness-month-strategies-to-enhance-protection

Away we go!

 

1.  U.S. Officials Scramble to Assess Impact of China’s Salt Typhoon Hacks on Wiretap Systems

U.S. officials are urgently investigating the recent breach of major U.S. broadband providers by Chinese-linked hackers from a group known as Salt Typhoon. This hacking campaign, targeting companies like Verizon, AT&T, and Lumen Technologies, compromised systems used by the U.S. government for court-authorized wiretaps. Lawmakers and cybersecurity experts fear the breach could have given the hackers access to sensitive surveillance efforts, including investigations by the FBI into Chinese espionage activities.

Members of Congress have requested urgent information from the telecom companies, demanding to know when they first became aware of the breach and what measures they are taking to secure their systems. Concerns are mounting that China may have gained insights into how the U.S. conducts surveillance on Chinese threats. While some investigators have labeled this a potential counterintelligence disaster, others argue that it is too early to determine the full extent of the damage.

Federal agencies and cybersecurity experts are working to uncover the hackers' intentions and whether more companies have been affected. In the wake of the breach, lawmakers have criticized both the telecom companies and federal agencies for failing to address longstanding vulnerabilities in wiretap systems. This breach is the latest in a series of sophisticated cyberattacks from China, following incidents targeting critical infrastructure like energy and water systems.

Despite the severity of the breach, the Biden administration has kept details of the investigation relatively contained, with only a select few officials being briefed. If the hackers gained access to foreign surveillance systems under the Foreign Intelligence Surveillance Act (FISA), the consequences could be even more severe, representing a significant failure of U.S. counterintelligence efforts.

 

2.  Internet Archive Breached, 31 Million Users' Data Exposed

One of my favorite online tools, the Internet Archive, widely known for its "Wayback Machine," recently suffered a significant data breach that exposed the personal information of 31 million users. The breach occurred after a threat actor compromised the website and stole a user authentication database containing email addresses, screen names, and bcrypt-hashed passwords. Visitors to archive.org were greeted with a JavaScript alert confirming the breach, which also referenced the popular data breach notification service, Have I Been Pwned (HIBP).

The breach was first reported when a 6.4GB SQL file named "ia_users.sql," containing the stolen data, was shared with Troy Hunt, the creator of HIBP. The data includes details like email addresses, password change timestamps, and other internal information. Hunt confirmed the validity of the breach by contacting affected users, including cybersecurity researcher Scott Helme, who verified that the compromised bcrypt-hashed password matched the one stored in his password manager.

In response to the breach, Internet Archive founder Brewster Kahle confirmed that hackers used a JavaScript library to display the alerts on the website. The organization has since disabled the compromised library and is working to enhance its security systems. Additionally, the site has been targeted by a series of DDoS (Distributed Denial of Service) attacks, which have taken archive.org and openlibrary.org offline multiple times. Although the data breach and DDoS attacks occurred simultaneously, they are not believed to be connected.

The Internet Archive has not yet released full details about how the breach occurred, and the investigation is ongoing. Users of the site are encouraged to check if their information has been exposed through HIBP and update their security measures, including changing passwords and monitoring accounts for unusual activity.

 

3.  Marriott Agrees to $52 Million Settlement Following Data Breaches

Marriott International and its subsidiary Starwood Hotels & Resorts have agreed to pay a $52 million settlement and implement new data security protocols after a series of data breaches that occurred between 2014 and 2020. These breaches compromised the personal information of hundreds of millions of customers. The Federal Trade Commission (FTC) and state authorities accused Marriott of failing to secure its networks, resulting in the theft of personal data, including payment card information, loyalty numbers, and passport details.

The breaches involved multiple incidents. The first breach occurred in 2014 when hackers gained access to Starwood's systems, exploiting inadequate security measures such as weak firewalls and the absence of multifactor authentication. This breach remained undetected for more than four years, during which hackers stole 339 million records. After acquiring Starwood in 2015, Marriott conducted an assessment but failed to discover the ongoing breach. Marriott itself experienced another breach in 2020, where hackers accessed guest information from over five million customers.

Under the FTC's settlement, Marriott has agreed to strengthen its cybersecurity practices. This includes implementing multifactor authentication, conducting regular vulnerability assessments, and improving access controls to reduce the risk of future breaches. The hotel chain will also need to investigate suspicious activity within 24 hours and allow customers to request the deletion of their data. Marriott will also be required to submit after-action reports and train its employees to ensure data security compliance.

The $52 million settlement marks a significant move to hold Marriott accountable for its cybersecurity failures. The company has committed to improving its data protection measures to avoid similar incidents in the future and to better safeguard customer information.

 

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about

Are you ready to get started?