Law enforcement in 50 countries recently arrested 31 individuals in a global operation targeting ransomware, banking malware, and phishing.  Named Synergia and running from September to November 2023, the operation resulted in the identification of more than 1,300 suspicious command-and-control (C&C) servers, 70% of which have been taken down.  The Interpol-led operation extended to the APAC, EMEA, and other regions, involving 60 law enforcement agencies across 50 participating countries.

Two new regulatory filings have revealed the surging costs associated with ransomware and other cyber-related incidents.  Clorox had a major operational disruption in an attack discovered on August 14 last year, forcing it to revert to manual ordering and processing.  A new SEC filing late last week revealed expenses associated with the incident of $49m in the six months to December 31, 2023.

Escape's security research team conducted a scan of 189.5 million URLs and discovered the exposure of over 18,000 Application Programming Interface (API) secrets. Forty-one percent of the exposed secrets were highly critical, which could pose financial risks to organizations. Hundreds of Stripe, GitHub/GitLab tokens, RSA private keys, OpenAI keys, AWS tokens, Twitch secret keys, cryptocurrency exchange keys, X tokens, and Slack and Discord webhooks have all been exposed.

Resecurity identified malicious actors selling a large number of AnyDesk customer credentials on the dark web. This credential leak is suspected to be the result of infostealer infections. The leaked information could be of significant value to both Initial Access Brokers (IABs) and ransomware groups familiar with AnyDesk, which is one of the tools often used after successful network intrusions.

There has been little research on how to run a password update campaign efficiently and with minimal Information Technology (IT) costs. Therefore, a team of computer scientists at the University of California, San Diego, collaborated with the campus' IT Services to analyze the messaging for a campuswide mandatory password change that affected nearly 10,000 faculty and staff members. Email notifications to update passwords yielded diminishing returns after three messages.

Gartner analysts predict that deepfakes, which are Artificial Intelligence (AI)-generated replicas of a person's likeness, will lower confidence in face biometric authentication solutions for 30 percent of companies by 2026. According to Akif Khan, VP analyst at Gartner, face-based identity verification and authentication systems will struggle to catch up with AI imitations as they become more realistic and easy to generate. Currently, most face biometric solutions rely on Presentation Attack Detection (PAD) to determine the "liveness" of a person trying to authenticate using their face.

Hydropower, one of the oldest forms of energy generation in the US, makes up 6 percent of the country's electricity supply. However, as the country continues to modernize the electric grid, hydropower, like other technologies, is increasingly relying on digital control systems, thus calling for training and recruitment of the next generation of cybersecurity experts. Pacific Northwest National Laboratory (PNNL) has launched the Training Outreach and Recruitment for Cybersecurity in Hydropower (TORCH) program at the University of Texas at El Paso (UTEP).

The U.S. Treasury Department recently announced sanctions against a half dozen Iranian government officials for their role in targeting devices at a Pennsylvania water utility in November 2023.

According to Gcore, Distributed Denial-of-Service (DDoS) attack trends for the second half of 2023 reveal alarming increases in scale and sophistication. The maximum attack power increased from 800 Gbps to 1.6 Tbps. User Datagram Protocol (UDP) floods dominate, making up 62 percent of DDoS attacks. Transmission Control Protocol (TCP) floods and Internet Control Message Protocol (ICMP) attacks continue to be popular, comprising 16 percent and 12 percent of total activity, respectively. All other DDoS attack types, including SYN, SYN+ACK flood, and RST Flood, made up for only 10 percent.

From April 2022 to November 2023, the Russian state-sponsored hacking group APT28 conducted NT LAN Manager (NTLM) v2 hash relay attacks using various methods, focusing on high-value targets worldwide. The attacks targeted organizations involved in foreign affairs, energy, defense, transportation, and more. This article continues to discuss APT28's targeting of high-value organizations with NTLM v2 hash relay attacks.