National Public Data confirmed a significant data breach that leaked names, Social Security numbers, and other personal information, affecting potentially billions of records. The breach is believed to have involved a third-party hacker, with data leaks occurring from late 2023 through summer 2024. NPD has cooperated with law enforcement but has not disclosed the number of affected individuals or offered compensation, advising people to monitor their credit reports. Troy Hunt has a deep dive into this breach, as it’s a data aggregator, and it’s several partial data sets, making it particularly complicated if you’re interested in diving in further.
Microsoft Azure’s AI Health Bot service was found to have critical vulnerabilities that allowed for privilege escalation and potential access to cross-tenant resources. These issues, identified by Tenable Research, were quickly patched but highlight risks associated with chatbot security. Exploitation could have enabled attackers to manage resources belonging to other Azure customers. The vulnerabilities stemmed from flaws in the service’s architecture, underscoring the need for secure development practices in the rapidly evolving AI landscape, especially in the healthcare sector, which is a prime target for cybercriminals.
The Hunters International ransomware group is targeting IT workers with a new malware called SharpRhino, a C# remote access trojan that facilitates initial infections and privilege escalation. It spreads through a typosquatting site mimicking a legitimate tool, and has been linked to notable cyberattacks against organizations like Austal USA and Hoya. The malware modifies system settings for persistence and can execute PowerShell commands, posing significant risks.
Six ransomware gangs accounted for over 50% of attacks in the first half of 2024, with LockBit 3.0 leading with 325 victims. Other notable gangs include Play, 8base, Akira, BlackBasta, and Medusa. Despite law enforcement efforts to disrupt these groups, ransomware infections have increased, and new strains like Brain Cipher have emerged, indicating a persistent and evolving threat landscape. In 2024, ransomware costs have surged, with the largest known payment reaching $75 million. The median ransom payment has increased dramatically from $200,000 in early 2023 to $1.5 million by mid-2024.
Why do we care?
Given that NPD is a data aggregator, this breach’s impact is magnified by the aggregation of multiple datasets, making it difficult to assess the full extent of the damage. The fact that this breach went on for several months before being detected raises serious concerns about the adequacy of monitoring and security measures in place at data aggregators. And why should they?
Be warned about ransomware groups targeting IT.