Two wars, with supporting cyber phases. Espionage & crime: DPRK's complex ops, Grayling APT, data exposure and ransomware.

Summary

By the CyberWire staff

At a glance.

Disinformation in the war between Hamas and Israel.
Hacktivism in Hamas's campaign against Israel.
Russian hacktivist auxiliaries conduct DDoS attacks against Israeli sites.
KillNet and the IT Army of Ukraine say they'll follow ICRC guidelines.
The current state of DPRK cyber operations.
Grayling cyberespionage group active against Taiwan.
Magecart campaign abuses 404 pages.
Breach reported at 23andMe.
Voter records in Washington, DC, compromised.
CISOs and their willingness to pay ransom.
Patch Tuesday.

Disinformation in the war between Hamas and Israel.

The war that intensified Saturday with major attacks into Israel by Hamas has been accompanied by extensive disinformation, some of it directed by authorities (for the most part Hamas and governments sympathetic to Hamas) but much of it also spontaneously posted, especially in X, the platform formerly known as Twitter, but in other platforms as well. TikTok (where, for example, footage from video games has been presented as video of Israeli airstrikes) and Telegraph (where, for example, unverified and often false claims of successful cyberattacks have proliferated) have been prominent among those other platforms. But Twitter seems to have been particularly receptive to disinformation, in part because the sale of blue checks has eroded such filters that media outlets had once imperfectly but usefully provided: it's now more difficult to determine what reports originate from organizations that vet their reporting. X has also tended to promote inflammatory false information, amplifying it because such content generates engagement. And the platform's influencer culture gives careless influencers outsized clout with users.

Hacktivism and state action in Hamas's campaign against Israel.

"At least 15 known cybercriminal, ransomware, and hacktivist groups," by the Register's count, "have announced their active participation in disruptive attacks targeting institutions in Israel and Palestine." International supporters of both parties to the conflict are also coming under cyberattack. Some of the groups have long been aligned with Hamas, others with Israel, and still others are ramping up operations against a long-term enemy whose support for Israel or Hamas serves as either pretext or provocation. While most of the activity has been familiar distributed denial-of-service (DDoS) or nuisance-level defacement, some of it has targeted, SecurityWeek reports, infrastructure (especially electrical power distribution) and military command-and-control (especially Israeli Iron Dome anti-rocket systems). It seems the attempts against infrastructure and C2 have so far had limited effect. According to HackRead one pro-Hamas group, AnonGhost, seems to have been able to exploit a vulnerability in the Israeli Red Alert civil defense app to transmit false warnings of missile strikes.

Group-IB has been following both sides' hacktivist activity, and ReliaQuest has published a useful overview of the conflict in cyberspace, along with some brief recommendations for actions organizations can take during what should be a period of heightened alert. That said, US NSA cybersecurity director Rob Joyce commented yesterday that the cyber phases of the war have so far been largely confined to nuisance-level hacktivism. “But we’re not yet seeing real [nation] state malicious actors,” the Wall Street Journal quotes Joyce as saying. Israel has taken action against Hamas funding, seizing Hamas-linked Binance cryptocurrency accounts, Financial Magnates reports. Israel has also worked with British authorities to freeze at least one Barclays account linked to Hamas fundraising.

Russian hacktivist auxiliaries conduct DDoS attacks against Israeli sites.

Among the hacktivist groups who've rallied to support Hamas in its current attack against Israel are two familiar Russian auxiliaries, KillNet and Anonymous Sudan. When the Israel government service site gov[dot]il was knocked offline over the weekend (it was back in operation Monday), KillNet claimed credit and counted coup. "Israeli government, you are responsible for this bloodshed. Back in 2022, you supported the terrorist regime in Ukraine," Cybernews quotes a KillNet Telegram post. "You betrayed Russia. Today, Killnet officially informs you of this! All government systems of Israel will be subject to our attacks!" Anonymous Sudan claimed responsibility for the Red Alert hack.

KillNet and the IT Army of Ukraine say they'll follow ICRC guidelines.

The BBC reports that prominent and opposing hacktivist auxiliaries stated over the weekend that they intended to abide by the guidelines officials of the International Committee of the Red Cross (ICRC) recommended last week. Russia's KillNet and the IT Army of Ukraine both said that they intended to follow rules that would clarify the extension of international humanitarian law to activities in cyberspace. The guidelines aim principally at protecting civilians and civilian infrastructure from harm. See CyberWire Pro for an extended consideration of the ICRC's recommendations.

The CyberWire's continuing coverage of Russia's war against Ukraine, with special attention to the cyber phases of that war, may be found here.

Real time cloud security powered by runtime insights. Secure every second.

In the cloud, every second counts. Attacks move at warp speed; security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights and open source Falco. We correlate signals across cloud workloads, identities, and services to uncover hidden attack paths and prioritize real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation. Visit our website to learn more.

The current state of DPRK cyber operations.

North Korea has recently been active against blockchain and decentralized finance ("DeFi") targets, it was reported at the end of last week. Mixin Network, which facilitates blockchains transactions, disclosed losses amounting to a bit less than $150 million in a late September attack. US deputy national security adviser for cyber and emerging technology Anne Neuberger told Bloomberg that the "tradecraft" looked like the DPRK's.

Mandiant this morning published its assessment of the current organization and conduct of North Korean offensive cyber operations. It sees an evolution in both complexity and cooperation as Pyongyang continues to run both espionage and financial crime. Attribution of operations to specific North Korean groups is increasingly "muddled" as those groups share tools and targets, and collaborate temporarily. Some of the groups are isolated from the central authority and are self-funding through financial crime even as they remain aligned with North Korean goals. The attack techniques are more adaptable than they've been in the past, and the days of regarding all North Korean activity as the work of the "Lazarus Group" are, Mandiant believes, now over.

Grayling cyberespionage group active against Taiwan.

The Symantec Threat Hunter Team, part of Broadcom, this morning described what it characterizes as a hitherto unknown advanced persistent threat (APT), "Grayling," which conducted cyberespionage against Taiwan between February and May of this year. It's operations are marked by a distinctive sideloading technique, and its targets have tended to be in the manufacturing, IT, and biomedical sectors. While Taiwan has been Grayling's principal area of interest, the group may also have prospected targets in the Pacific, in Vietnam, and in the United States. There's no attribution, but Symantec blandly points out that whoever's running the APT has a strategic interest in Taiwan.

Magecart campaign abuses 404 pages.

Researchers at Akamai have discovered a Magecart web skimming campaign that’s been targeting Magento and WooCommerce websites for the past few weeks. The researchers note, “Magecart attacks typically begin by exploiting the vulnerabilities in the targeted websites or by infecting the third-party services that these websites are using. In this campaign, all the victim websites we detected were directly exploited, as the malicious code snippet was injected into one of their first-party resources. In some instances, the malicious code was inserted into the HTML pages; in other cases, it was concealed within one of the first-party scripts that was loaded as part of the website.” For more on the current Magecart campaign, see CyberWire Pro.

Join the Lacework CISO book club!

Get a copy of the classic novel, The Phoenix Project, and join quarterly interactive discussions with cybersecurity leaders. Sign up here.

Breach reported at 23andMe.

A threat actor is selling data belonging to nearly one million customers of DNA testing company 23andMe, BleepingComputer reports. The threat actor is selling the information for $1,000 per one-hundred profiles, or $100,000 for one-hundred-thousand profiles. Dataconomy notes that the database is titled “Ashkenazi DNA Data of Celebrities.” The database is focused on individuals with Ashkenazi Jewish ancestry, although it’s unclear if any of them are celebrities. 23andMe thinks the attack was carried out by credentail stuffing: the attackers took credentials obtained in other breachers of other online services and used them to access accounts whose owners had "recycled" those credentials. For more on the data exposure at 23andMe, see CyberWire Pro.

Voter records in Washington, DC, compromised.

CyberScoop reports that a threat actor breached Washington, DC’s local election authority and accessed 600,000 lines of voter data, which included the last four digits of voters’ social security numbers, driver’s license numbers, and home addresses. The threat actor is offering the data for sale on a criminal forum. The District of Columbia Board of Elections (DCBOE) said in a statement, “DCBOE continues to assess the full extent of the breach, identify vulnerabilities and take appropriate measures to secure voter data and systems. This remains an active investigation and DCBOE will release additional information as it becomes available.”

Microsoft Federal: Mission innovation, secure by design

Cybersecurity is a national security priority. That’s why Microsoft is setting the standard with security built-in. And our 8,000 threat hunters analyze 65 trillion+ signals daily, partnering with federal agencies to protect their digital estate. We help strengthen cybersecurity at scale—from identity, data, and apps to endpoints, infrastructure, and networks—so you can focus on what matters: your mission. Visit aka.ms/FedCyber today to get started.

CISOs and their willingness to pay ransom.

Splunk has published a report looking at how Chief Information Security Officers (CISOs) are dealing with threats, finding that 96% of the surveyed CISOs said their organizations sustained a ransomware attack in the past year. 83% of these respondents said they paid the ransom: “The most significant number paid somewhere between $25,000 to $99,000 (44%), while more than half of respondents paid more than $100,000, a stunning 9% of respondents (or one in 11) paid $1 million or more.” The researchers add, “Of those who paid, 18% paid the ransom directly, 37% paid through cyber insurance and 28% paid through a third party.” For more on the CISO's role in this and other forms of risk management, see CyberWire Pro.

Patch Tuesday.

Today is Patch Tuesday. Most vendors, as we write, have yet to issue their fixes and mitigations, but Help Net Security has some predictions about what to expect.

Schedule a Complimentary Threat Briefing On LUCR-3 (aka Scattered Spider)

Learn the cloud TTPs of LUCR-3 (aka Scattered Spider), the group responsible for breaching the cloud environments of some of the largest enterprises in the world. Permiso is now offering complimentary threat briefings on this threat group with Ian Ahl, SVP of P0 Labs and former head of advanced practices at Mandiant. Learn how to better defend against cloud attacks orchestrated across identity providers, Iaas, Saas and CI/CD pipelines. Schedule your briefing today.

Notes.

Today's issue includes events affecting China, the Czech Republic, the Dominican Republic, the European Union, Gaza, India, Iran, Israel, the Democratic People's Republic of Korea, the Republic of Korea, NATO/OTAN, Portugal, Romania, Taiwan, Russia, Ukraine, the United Kingdom, the United Nations, the United States, and Vietnam.

Dateline: Russia's hybrid war against Ukraine.

Ukraine at D+593: Middle Eastern war's implications for the war in Ukraine. (CyberWire) Russia sees renewed war between Hamas and Israel as an opportunity to sap international support for Ukraine.

Russia sends dozens of drones into Ukraine in latest air strike (Reuters) Russia launched 36 Iranian-made attack drones against southern Ukraine overnight, damaging infrastructure in the Odesa region, authorities said.

Russia-Ukraine war: List of key events, day 594 (Al Jazeera) As we enter the 594th day of the war these are the main developments.

Russia-Ukraine war live: Moscow seeks return to UN human rights council; Russia wants war in Middle East, Zelenskiy says (the Guardian) Ukrainian president says Moscow wants a ‘new source of pain and suffering to undermine world unity

Russia-Ukraine war: List of key events, day 592 (Al Jazeera) As the war enters its 592nd day, these are the main developments.

Russia-Ukraine war at a glance: what we know on day 593 of the invasion (the Guardian) Ukraine replaces commander of Territorial Defence Forces; Zelenskiy appeals for world to unite to deal with ‘terrorist’ organisations and states

For NATO, Russian Officer Losses Matter (LinkedIn) The Russian junior officer losses have been staggering, and the inability to conduct effective counter-attacks against the slow but steady Ukrainian advance resides partly in the fact that the Russian Army is running low on capable company commanders.

Russia-Ukraine war at a glance: what we know on day 592 of the invasion (the Guardian) Volodymyr Zelenskiy says Israel has ‘unquestionable’ right to defence, draws parallels with the war in Ukraine

Ukraine-Russia war: Putin party official killed in Kherson car bomb (The Telegraph) A car bomb planted by Ukrainian partisans has killed the local head of Vladimir Putin’s political party in an occupied town in southern Ukraine.

Ukraine Counter-Offensive Update for Saturday: ‘A Truly Unique Weapon’ (KyivPost) Russian defence minister inspects factory for advanced missiles; Ukraine advances in western Zaporizhia Oblast; Russian forces ‘conduct regimental rotation.'

The minefields of Ukraine (The Hill) Giant Western mine-clearing vehicles are clearing paths, inch by inch, through the deadly minefields of Ukraine.

Russia-Ukraine war at a glance: what we know on day 591 of the invasion (the Guardian) Boy and his grandmother killed in Russian missile attack on block of flats in Kharkiv, hours after strike in regional village of Hroza that left 52 dead

Russia-Ukraine war live: Russian border region of Belgorod attacked, local governor says (the Guardian) Vyacheslav Gladkov said the attack came from Ukrainian forces, but the Guardian could not independently verify those claims

Former British Army Chief Says It's 'Perfectly Reasonable' For Ukraine To Strike Inside Russia (RadioFreeEurope/RadioLiberty) It is "perfectly reasonable" for Ukraine to strike targets deep inside Russia, in part to "degrade" Russia's military, says Richard Dannatt, a former head of the British Army. In an interview with RFE/RL's Georgian Service, Dannatt also says that given the slow pace of Ukraine's counteroffensive, Kyiv and its Western partners should prepare for a likely protracted conflict.

Aftermath Of Another Deadly Strike In Ukraine's Kharkiv (RadioFreeEurope/RadioLiberty) A residential building in the city center of Kharkiv, in eastern Ukraine, was struck by a Russian missile, killing a 10-year-old boy and injuring 16, Ukraine's interior minister said on October 6.

The Week In Russia: Wavering In The West, Horror In Ukraine (RadioFreeEurope/RadioLiberty) Yeltsin's fateful decision. Putin's last hope. An "absolutely horrifying" missile strike in Ukraine.

‘Russian retreat’: Kremlin reportedly setting up naval base in breakaway Georgian region (Stars and Stripes) News that Russia will establish a permanent naval base in Georgia’s breakaway region of Abkhazia is likely further proof that Ukraine is effectively winning the battle of the Black Sea off its coast, experts say.

Russia has been politically embarrassed, operationally dominated and tactically outfought (The Telegraph) Putin's bombarded Black Sea Fleet has withdrawn from Sebastopol. It is not yet a turning point, but is still seismic

As Ukraine reels from attacks on land, conflict at sea signals hope (the Guardian) Drones and missiles keep Russian fleet at bay and supplies and trade flowing at ports

Ukraine-Russia war live: Russian officers 'evacuate families' from key southern town (The Telegraph) Russian officers are “evacuating their families” from the key southern town of Tokmak as Ukrainian forces advance.

President Pavel to European Parliament: Ukraine’s security is our security (Radio Prague) In an address to the plenary session of the European Parliament in Strasbourg on Wednesday President Pavel expressed confidence that Europe would emerge triumphant from the present crisis.

Biden considering huge ‘one and done’ Ukraine aid package (The Telegraph) US president wants to get issue sorted until next election, say insiders, as Republican sceptics continue to cause problems

Kazakhstan drafts media law to increase use of Kazakh language over Russian (the Guardian) Legislation under debate stipulates share of state language on television and radio should grow to 70%

Russia’s Economy Goes All In on War (Wall Street Journal) President Vladimir Putin aims to outlast the West, which is struggling to supply weapons and ammunition to Ukraine.

A surge in rail traffic on North Korea-Russia border suggests arms supply to Russia, think tank says (AP News) A U.S. think tank says recent satellite photos show a sharp increase in rail traffic along the North Korea-Russia border, indicating the North is supplying munitions to Russia.

Russia Says It Will Step Back From Nuclear-Test Treaty (Wall Street Journal) The move threatens to exacerbate tensions amid the war in Ukraine.

Murderous Putin is sure of his own impunity. He could not be more wrong | Peter Pomerantsev (the Guardian) The Russian dictator believes himself to be above international law but there are many ways to make him pay for his war crimes

What Russia Really Wants (Foreign Affairs) How Moscow’s desire for autonomy could give America an edge over China.

There Are No Rules (The Atlantic) States and quasi-states are using extreme, uninhibited violence against civilian populations.

Zelensky Compares Assault by Hamas on Israel to Moscow’s Invasion of Ukraine (New York Times) Volodymyr Zelensky, the Ukraine president, told a NATO meeting that “terror will have no allies” if the world unites against acts of aggression.

Russia cites ‘concern’ but does not condemn Hamas attack on Israel (Washington Post) Russia has labeled opposition figures such as Alexei Navalny as “terrorists” and, since invading its neighbor, the Kremlin routinely denounces defensive Ukrainian strikes as “terrorist attacks.”

WSJ News Exclusive | Iran Helped Plot Attack on Israel Over Several Weeks (Wall Street Journal) The Islamic Revolutionary Guard Corps gave the final go-ahead last Monday in Beirut.

Ukraine cyber-conflict: Hacking gangs vow to de-escalate (BBC News) Ukrainian and Russian hacktivists tell the BBC they will comply with newly-created cyber-war rules.

Israel’s government, media websites hit with cyberattacks (Cybernews) Hacktivists, including cyber gangs such as the infamous Killnet, a Russian hacker group, are targeting various Israeli organizations following deadly attacks by Hamas militants.

Website of Jerusalem Post crashes after multiple cyberattacks (OpIndia) Hackers targeted the website of Jerusalem Post with multiple cyberattacks, Israel's leading and best-selling English newspaper.

Dark Horse Ukraine Proves Resistant to Onslaught of Russian Cyber Attacks (KyivPost) Often in the shadows, the cyber front and its defense is a key element of Ukraine’s war effort – and it's been largely successful at foiling Russian cyber-attacks.

US restricts trade with 42 Chinese entities over Russia support (Reuters) The support covers the supply of integrated circuits in weapons used against civilian targets in Ukraine.

U.S. Prepares Crackdown on Russian Oil Sanctions Evasion (Wall Street Journal) Treasury Secretary Janet Yellen says the U.S. is likely to start enforcing the $60-a-barrel price cap on Russian oil.

Attacks, Threats, and Vulnerabilities

The Israel–Hamas Conflict: Implications for the Cyber Threat Landscape (ReliaQuest) The implications of the Israel–Hamas conflict on the cyber threat landscape, including hacktivist and nation-state-actor activity, plus steps to protect your data.

Hackers Send Fake Rocket Alerts to Israelis via Hacked Red Alert App (Hackread) The Red Alert App is available on iOS; however, its Android version has been removed for unknown reasons

Hacktivism erupts in Middle East as Israel declares war (Register) Groups range from known collectives to new outfits eager to raise their profile

The Israel-Hamas War Erupts in Digital Chaos (WIRED) Hacktivism is increasingly a feature of modern kinetic warfare. It’s playing out with particular ferocity in the conflict between Israel and Hamas.

Hacktivists in Palestine and Israel after SCADA and other industrial control systems (Cybernews) Both pro-Israeli and pro-Palestinian hacktivists have joined the fight in the cyber realm. Industrial control systems (ICS) seem to be one of the most lucrative targets for them, and there are hundreds exposed.

Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks (SecurityWeek) Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

The Israel-Hamas War Is Drowning X in Disinformation (WIRED) People who have turned to X for breaking news about the Israel-Hamas conflict are being hit with old videos, fake photos, and video game footage at a level researchers have never seen.

As false war information spreads on X, Musk promotes unvetted accounts (Washington Post) Information researchers said that the new outbreak of violence between Israel and Hamas is an early test of how the revamped X conveys accurate data during a major crisis.

Elon Musk’s X Cut Disinformation-Fighting Tool Ahead of Israel-Hamas Conflict (The Information) Elon Musk’s X, in the months before conflict erupted in Gaza, ceased utilizing a software tool used to identify organized misinformation now spreading across the platform formerly known as Twitter. In recent months, the company shut down an internal product that could identify when different ...

US opinion divided amid battle for narrative over Hamas attack on Israel (the Guardian) Groups express opposing views over root cause of the attack, alongside differences over whether Gaza is still occupied

Opinion Hamas attack is an intelligence failure that may take Israel years to unravel (Washington Post) The vicious Hamas assault of terrorism on Saturday truly was Israel’s 9/11 — not simply in the anguished demand for revenge that has followed the attack but also in the strange blindness that preceded it.

Rhysida ransomware gang claims attacks on governments in Portugal, Dominican Republic (Record) A notorious ransomware gang has claimed attacks against two government institutions this week, both of which confirmed they faced a range of issues due to the incidents.

North Korea Suspected in Massive Hack of DeFi Project Mixin (Bloomberg) Tradecraft of breach matches that of others by North Korea. US offers tips to companies on avoiding North Korean hires.

North Korea Suspected in Massive Hack of DeFi Project Mixin (OODA Loop) The massive breach of a decentralized finance project bears the hallmarks of a North Korean attack, according to a senior White House official. Mixin Network, which helps blockchains handle transactions more efficiently, said it had

Assessed Cyber Structure and Alignments of North Korea in 2023 (Mandiant) Historically Mandiant has made assessments on the Democratic People’s Republic of Korea’s (DPRK) cyber program based on Mandiant responses to intrusions, defector accounts, and OSINT reporting, in conjunction with government disclosures of DPRK units and motivation information.

Grayling: Previously Unseen Threat Actor Targets Multiple Organizations in Taiwan (Symantec) Intelligence gathering is likely motive in campaign targeting a variety of sectors.

Vietnam tried to hack U.S. officials, CNN with posts on X, probe finds (Washington Post) The attempts appear to have been unsuccessful, but came as the U.S. and Vietnam were negotiating an agreement that President Biden signed last month in Hanoi

Google Cloud mitigated largest DDoS attack, peaking above 398 million rps (Google Cloud Blog) Google Cloud stopped the largest known DDoS attack to date, which exploited HTTP/2 stream multiplexing using the new “Rapid Reset” technique.

IZ1H9 Campaign Enhances Its Arsenal with Scores of Exploits (Fortinet Blog) FortiGuard Labs unmasks IZ1H9 and explores the aggressive exploits in the Mirai-Based DDoS Campaign. Learn more.…

Hackers hijack Citrix NetScaler login pages to steal credentials (BleepingComputer) Hackers are conducting a large-scale campaign to exploit the recent CVE-2023-3519 flaw in Citrix NetScaler Gateways to steal user credentials.

The Art of Concealment: A New Magecart Campaign That’s Abusing 404 Pages (Akamai) The Akamai Security Intelligence Group detected a Magecart web skimming campaign that is targeting an extensive list of websites, including large organizations in the food and retail industries

Formbook Takes the Throne as Most Prevalent Malware (Hackread) September 2023’s Most Wanted Malware: Remcos Wreaks Havoc in Colombia and Formbook Takes Top Spot after Qbot Shutdown, reveals Check Point.

Recently Patched TagDiv Plugin Flaw Exploited to Hack Thousands of WordPress Sites (SecurityWeek) Recently patched TagDiv Composer plugin vulnerability exploited to hack thousands of WordPress sites as part of the Balada Injector campaign.

Maintainers warn of vulnerability affecting foundational open-source tool (Record) The maintainers of a popular open source tool that serves as a foundational support for many network protocols like SSL, TLS, HTTP, FTP, SMTP are warning of two vulnerabilities that will be announced this coming week.

Credential Harvesting Campaign Targets Unpatched NetScaler Instances (SecurityWeek) Threat actors are targeting Citrix NetScaler instances unpatched against CVE-2023-3519 to steal user credentials.

Hacker Claims to Have Data of 7 Million 23andMe Users from DNA Service (Hack Read) 23andMe Investigating Potential Data Breach, Says Credentials May Have Been Gathered From Other Breaches.

23andMe user data breached in credential-stuffing attack (Engadget) 23andMe user data is circulating on hacker forums. The company confirmed the leak occurred through a credential-stuffing attack, according to BleepingComputer.

‘Your DNA is for sale on the black market’: 23andMe data breach exposes customers (The Daily Dot) A TikTok user said that 23andMe's data breach could've been easily avoided if the company followed better security protocols.

23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews (WIRED) At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it's working to verify the data.

23andMe data breach affects a million users with Jewish heritage (Dataconomy) Discover how a 23andMe data breach exposed Ashkenazi Jewish ancestry data, raising vital privacy concerns in the digital age

Caesars Entertainment says social-engineering attack behind August breach (Cybersecurity Dive) In a filing with the Maine attorney general, the gaming company said the attack began in mid-August and impacted tens of thousands of the state's residents.

MGM believes insurance “sufficient to cover” $100mn cyber attack hit | The Insurer (The Insurer) MGM Resorts International has estimated a $100mn negative impact to its Q3 results from a cyber attack in September and around $10mn in one-time expenses, with the c...

MGM Resorts says cyberattack cost $100 million, resulted in theft of customer info (Record) Filings with the Securities and Exchange Commission reveal the cost of a recent cyberattack that disrupted operations at MGM's Las Vegas casinos.

MGM Resorts confirms hackers stole customers' personal data during cyberattack (Yahoo Life) MGM Resorts has confirmed hackers stole an unspecified amount of customers' personal information during a September cyberattack that will cost the hotel and casino giant an estimated $100 million. The hotel and casino giant first disclosed it had been targeted by a large-scale cyberattack on September 11. In a regulatory filing on Thursday, the company admitted that the hackers responsible for the attack obtained some personal information belonging to customers who transacted with MGM Resorts prior to March 2019.

D.C. voter records for sale in cybercrime forum (CyberScoop) The District of Columbia Board of Elections became aware Thursday of the breach, which occurred via its hosting provider.

Hackers access voter information in DC Board of Elections data breach (WTOP News) The D.C. Board of Elections announced Friday that in a data breach, hackers were able to access thousands of D.C. residents’ voter records.

DC Board of Elections investigates voter data breach (NBC4 Washington) The District is now working to determine just how much voter information might have been accessed.

ALPHV ransomware gang claims attack on Florida circuit court (BleepingComputer) The ALPHV (BlackCat) ransomware gang has claimed an attack that affected state courts across Northwest Florida (part of the First Judicial Circuit) last week.

Metro Transit deal with a cyber attack, leaving riders with disabilities stranded (KSDK) Metro Transit reported a cyber attack on October 2nd, this weekend the ride service said it was still effecting Call-A-Ride, they are unable to provide service.

Android Devices With Backdoored Firmware Found in US Schools (SecurityWeek) Tens of thousands of Android devices have been shipped to end-users with backdoored firmware, Human Security warns.

Volex - Regulatory News (Volex) Get access to our Regulatory News announcements.

UK opposition leader targeted by AI-generated fake audio smear (Record) Private sector analysts said an audio clip of Labour Party leader Keir Starmer was likely a deepfake. British government officials urged the public to ignore it.

Why One Of The Largest Cyber-Attacks Is Still A Mystery (SlashGear) In 2009, cyber researchers uncovered one of the largest and most powerful espionage networks in history. We still don't know who was responsible.

Security Patches, Mitigations, and Software Updates

October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty (Help Net Security) Todd Schell from Ivanti offers his forecast for October 2023 Patch Tuesday and an overview of what happened during September.

Trends

Ukraine, Israel, South Korea top list of most-targeted countries for cyberattacks (Record) Microsoft’s Digital Defense Report 2023 said that nation-state hackers appear to be pivoting toward espionage and away from digital destruction — a strategy that tends to have a longer-term outlook.

Victims reported $2.7 billion in social media scam losses since 2021: FTC (Record) Social media scams have cost victims who reported losses to the Federal Trade Commission $2.7 billion since 2021 — likely a “small fraction” of the total money stolen via platforms like Facebook and Instagram.

Great news — social media is falling apart (Business Insider) I don't know where to post: there are too many social platforms, and the old giants are dying. The age of social media is splintering.

New Global Survey Reveals 97% of Organizations Face Challenges Securing IoT and Connected Devices (Keyfactor) Findings indicate that leveraging PKI solutions effectively is key to solving IoT security challenges.

CISA publishes top 10 most common security misconfigurations (Register) Calls for wider adoption of security-by-design principles continue to ring loudly from Uncle Sam

PHILIPPINES THREAT OVERVIEW - CYFIRMA (CYFIRMA) EXECUTIVE SUMMARY This report provides a high-level overview of the most notable cybersecurity threats facing the Philippines. It examines a...

Marketplace

Israel's tech sector could face disruptions after attacks, investors say (Reuters) Tech companies operating in Israel are expected to fortify security as they could face disruptions, said investors and analysts, as the Israeli military shifted to a war footing that may include a full-scale invasion of the Gaza Strip.

Israeli Startup Community, at Home and Abroad, Prepares to Fight (Wall Street Journal) Venture firms and startup leaders are trying to safeguard workers while managing their businesses as employees and executives join the war.

Israeli Tech Workers Head to the Front Lines of War with Hamas (The Information) Israel’s tech industry is moving to the front lines of the country’s sudden war against Palestinian terrorist group Hamas. Employees of Israeli software companies have been drafted to Israel’s military reserves to join or support an incursion into the Hamas-controlled Gaza Strip after the group ...

minds.ai Raises Seed Funding to Optimize Semiconductor Manufacturing Operations (PR Newswire) minds.ai announced today that it has raised $5.3 million in seed funding to drive innovation in the application of AI in semiconductor...

IT Unemployment Soars to 4.3% Amid Overall Jobs Growth (Wall Street Journal) Joblessness in IT last month surpassed the national rate of 3.8%, a sign that entry-level IT hiring might be slowing as AI-enabled automation takes hold.

2023 CISO Compensation Benchmark Report (IANS) Download a summary version of IANS’ 2023 Security Budget Benchmark Report to find cross-industry key compensation information for CISOs.

Juniper makes 440 redundant to pursue better margins (Register) Not even AI offers a lot of upside right now

Ping Identity's YOUniverse 2023 Underscores Commitment to Customers and Acceleration to Cloud - Oct 10, 2023 (News Release Archive) Annual Event Unveils Fresh Integration Roadmap and New Toolkit for Easy Cloud Migration

Products, Services, and Solutions

Armis Expands Collaboration with CrowdStrike (Fast Mode) Armis and CrowdStrike: helping organisations secure IoT and OT environment

Mercury to Bring Raytheon's Advanced Cyber Resiliency and Intrusion Detection Tools to the Mercury Processing Platform (Investors Observer) Mercury Systems, Inc. (NASDAQ: MRCY, www.mrcy.com ), a technology company that delivers processing power for the most demanding aerospace and defense missions, today announced it is working with Raytheon, an RTX business, to increase survivability and resiliency of its mission-critical solutions by incorporating Raytheon’s advanced cyber resiliency and intrusion detection tools into Mercury’s processing platform.

Fortinet Launches New High-Performance Switches to Securely Connect the Modern Campus (Fortinet) FortiSwitch 600 and 2000 deliver intelligent, scalable connectivity that seamlessly integrates with AIOps and FortiGuard AI-Powered Security Services

Jumio Scales AI-Powered Digital Trust Solutions through NextWealth Partnership (Business Wire) Expansion of partnership a key step in Jumio’s mission to leverage technological innovation to eradicate increasingly complex online fraud and financial crime

CyberHealth™ Platform: Now Available as Standalone Software with New Packages (ClearDATA) The roadblocks healthcare cloud compliance and security teams face today are mounting. Limited resources, hiring challenges, lack of in-house healthcare expertise, and an ever-evolving landscape of cybersecurity threats and regulations create complications and can lead to security and compliance gaps. They add up to risks that IT, security, and compliance leaders managing PHI and other

AvePoint Launches AvePoint Opus, AI Powered Information Lifecycle Management Solution (MarketScreener) Next generation solution enables customers to better manage information, reduce costs and improve efficienciesJERSEY CITY, N.J., Oct. 10, 2023 -- AvePoint , the most advanced platform to optimize...

Cemtrex Subsidiary, Vicon Industries, Launches Anavio, A New Cloud Based, Security Software-as-a-Service Platform For Safer, Smarter Schools (Stock Titan) Cemtrex Inc. (Nasdaq: CETX, CETXP), an advanced security technology and industrial services company, today announced that

EnGenius Unveils the Most Intuitive Security Gateway for SMB, Branch Offices, and WFH Environments (PR Newswire) EnGenius, a leading innovator in connectivity solutions, is thrilled to announce the launch of its latest product, the XG60-FIT gateway, a...

FireTail Earns SOC 2 Type 2 Certification (Business Wire) Compliance achievement supports the solution’s recent AWS Marketplace availability

Immuta Enhances Integration with Starburst to Meet Growing Data Mesh Demands (PR Newswire) Immuta, a data security leader, today announced its latest enhancements to its integration with Starburst, the analytics anywhere company,...

Technologies, Techniques, and Standards

Israel’s Failure to Stop the Hamas Attack Shows the Danger of Too Much Surveillance (WIRED) Hundreds dead, thousands wounded—Hamas’ surprise attack on Israel shows the limits of even the most advanced and invasive surveillance dragnets as full-scale war erupts.

Don’t Be a Target: How to Identify Adversarial Propaganda (HS Today) Adversarial disinformation campaigns and influence operations are “gray zone” activities that use technology and tactics to disguise themselves.

CISA, Government, and Industry Partners Publish Fact Sheet for Organizations Using Open Source Software (Cybersecurity and Infrastructure Security Agency) Fact sheet provides software security challenges and recommendations to improve security and risk management of OSS use at operational technology vendors and critical infrastructure facilities

Cybersecurity Awareness Month 2023 Blog Series | Using Strong Passwords and a Password Manager (NIST) Today’s blog is the second one in our 2023 Cybersecurity Awareness Month series and examines different factors associated with

Your Medical Devices Are Getting Smarter. Can the FDA Keep Them Safe? (Wall Street Journal) Use of AI means devices and apps can learn and change over time, creating challenges for regulators who approve them

DHS to release AI guidance for critical infrastructure (Nextgov.com) The agency hopes to serve as a “vanguard” in critical infrastructure’s safe and ethical use of AI, according to one official.

Using the FAIR model to quantify cyber-risk | TechTarget (Security) Organizations need ways to measure the financial implications of possible cyber attacks. Explore how the FAIR model works to quantify cyber-risk.

Design and Innovation

SolarWinds Commemorates Cybersecurity Awareness Month by Highlighting Software Industry’s Secure by Design Progress (Business Wire) SolarWinds (NYSE:SWI), a leading provider of simple, powerful, secure observability and IT management software, commemorates Cybersecurity Awareness Month by highlighting the software industry’s progress toward becoming more Secure By Design.

Can AI Do Empathy Even Better Than Humans? Companies Are Trying It. (Wall Street Journal) Artificial Intelligence is getting smart enough to express and measure empathy. Here’s how the new technology could change healthcare, customer service—and your performance review.

'Really frightening': IT leaders on cybersecurity in the age of AI (Computing) The already tricky job of prioritising security interventions is being made even more difficult by the arrival of deepfakes and generative AI.

‘It’s a Cult’: Inside Effective Accelerationism, the Pro-AI Movement Taking Over Silicon Valley (The Information) “Pharma Bro” Martin Shkreli, Y Combinator president Garry Tan and Notion co-founder Chris Prucha looked up at the cartoon of a shirtless man, his six-pack abs gleaming against a swirling galactic background. They were eager to listen to what the man had to say. The cartoon was the avatar for ...

Fujitsu and RIKEN develop superconducting quantum computer at the RIKEN RQC-Fujitsu Collaboration Center, paving the way for platform for hybrid quantum computing (Fujitsu Global) Fujitsu and RIKEN develop superconducting quantum computer at the RIKEN RQC-Fujitsu Collaboration Center, paving the way for platform for hybrid quantum computing

Academia

NSA recognizes Missoula College for cyber defense excellence (KECI) The University of Montana's Missoula College was designated by the National Security Agency as a Center of Academic Excellence in Cyber Defense.The designation

Legislation, Policy, and Regulation

China Loosens Cross-Border Data Transfer Controls (cyber/data/privacy insights) On September 28, 2023, the Cyberspace Administration of China (CAC) released draft Provisions on Regulating and Promoting Cross-Border Data Flows (see the Chinese version and the unofficial English translation) for public comments. The commenting period ends on October 15, 2023. While this draft is

UK Watchdog Pledges Swift Action if Crypto Firms Break New Promotion Rules (Bloomberg) Tougher financial promotions rules apply to crypto from Oct. 8. Watchdog will add firms to warning list starting on Sunday.

Jawboned (Knight Institute) We were jawboned. Repeatedly. Routinely.

Rep. Gaetz bill would jail feds who disclose security clearances (Military Times) The proposal would also levy a $1,000 fine for individuals who talk publicly about their clearance status.

Litigation, Investigation, and Law Enforcement

Delhi police bust international cyber fraud syndicate; 1 arrested (Nagaland Post) Delhi police claimed to have busted an international cyber fraud syndicate and unveiled a web of deception and financial scams, along with the arrest of a Ghana national. The arrested accused has been identified as Ebo Quansah Elijah, a resident of Ghana, officials said.

Ex-U.S. Army sergeant charged with trying to pass secrets to China (NPR) Joseph Schmidt, who worked in military intelligence, faces two charges for allegedly trying to hand national defense information to China. One alleged document was entitled "High Level Secrets."

In the Courtroom With SBF (The Information) Flanked by his two top lawyers, former FTX CEO Sam Bankman-Fried sat, mostly silent, on the 26th floor in a Manhattan courtroom for the first week of his criminal trial, where he’s being tried for fraud and conspiracy charges related to his role in the collapse of one of the world’s biggest ...

What’s Happening at the Sam Bankman-Fried Trial (Wall Street Journal) Follow FTX founder Sam Bankman-Fried’s criminal trial with daily observations from the courthouse.

Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist (WIRED) The same chaotic day FTX declared bankruptcy, someone began stealing hundreds of millions of dollars from its coffers. A WIRED investigation reveals the company’s “very crazy night” trying to stop them.

Court ruling nears on Optus cyberattack report (Australian Financial Review) A Federal Court justice is expected to rule shortly on whether Optus can stop a report by Deloitte on its 2022 cyberattack from being released.

Snap's AI chatbot draws scrutiny in UK over kids' privacy concerns (TechCrunch) Snap's AI chatbot has landed the company on the radar of the U.K.'s data protection watchdog which has raised concerns the tool may be a risk to Snap's AI chatbot has landed the company on the radar of the UK's data protection watchdog which has raised concerns the tool may be a risk to children's privacy.

ICE, CBP, Secret Service All Illegally Used Smartphone Location Data (404 Media) A bombshell government report also found that a CBP official used the data to track coworkers with no investigative purpose.

Darktrace boss refuses to travel to US to testify in Autonomy fraud trial (The Telegraph) Poppy Gustafsson has said she will not provide evidence for her former colleague’s defence

‘Cyber terrorist’ who hid data on James Bond-style cufflink refused parole (Peeblesshire News) Samata Ullah, then 34, created an online hub of information for terrorists all over the world.

All I wanted was a swimming pool. What I got was a $31,000 lesson in Zelle fraud. (Business Insider) In search of a status symbol, I wound up getting ripped off big-time. But the real scam is how America's payment apps treat their customers.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

2nd Annual Small Business Cyber Summit (Virtual, Oct 4 - 25, 2023) The Summit, sponsored by the US Small Business Administration, will meet each Wednesday in October. Administrator Isabella Casillas Guzman, head of the U.S. Small Business Administration (SBA) and voice for America's 33 million small businesses in President Biden's Cabinet, announced that the agency will host a free, virtual National Cyber Summit held throughout October 2023. This second annual cybersecurity forum will help introduce American small businesses to tools, tips, and resources to bolster their cybersecurity infrastructure in addition to exploring new trends and challenges entrepreneurs are increasingly facing.

Navigate 2023: Identity Security Accelerated (Austin, Texas, USA, Oct 9 - 12, 2023) Join us for Navigate, where you’ll explore the next frontier in identity security: Cutting-edge. Dynamic. Accelerated. Endless possibilities. Widely recognized as the industry event exclusively focused on bringing the deepest level of identity security knowledge, expertise and perspective to the market – Navigate is the “can’t miss” identity event of the year. Navigate is the forum for identity practitioners and senior decision-makers alike to get first-hand insight into “what’s next” in identity security. Now is the time to immerse yourself in the modern approach to identity security – the secure path forward to fully protect your business amid the velocity of changes happening across your business.

Join us for the 2023 Gone Phishing Tournament. (Virtual, Oct 9 - 27, 2023) The annual Gone Phishing TournamentTM allows you to benchmark your organization's phishing resilience against true global standards. It's not just an exciting event but also a proven way to build a robust cyber-aware culture within your organization.

Nexus (Miami Beach, Florida, USA, Oct 10 - 12, 2023) An invitation-only, non-commercial security leadership summit, exclusively focused on securing Cyber-Physical Systems (CPS). Nexus will bring together more than 250 industry leaders whose perspectives on securing critical infrastructure generates invaluable connections and new ideas that move us forward.

Honeywell Connect (Dallas, Texas, USA, Oct 10 - 12, 2023) Join experts and industry peers at Honeywell's premier software symposium dedicated to solving industrials’ most complex performance, sustainability, and OT cybersecurity challenges.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.