Welcome reader to your CybersecurityHQ report

Headlines

In a Securities and Exchange Commission filing on Tuesday, Halliburton confirmed a recent cyberattack stole data from the oil and gas company. The attack exfiltrated sensitive information about their systems, and Halliburton is working to find out just how extensive the breach was.

The attack was first discovered by Halliburton in August. In response, the Houston-based company shut off some of its systems—though it still continues its global operations.

The sheer size of the company makes the attack noteworthy. It is among the largest diversified energy services companies, with annual revenue of $23 billion and 48,000 employees.

The ransomware gang RansomHub likely carried out the attack. Since February of this year, they’ve breached at least 210 victims, making them a highly successful ransomware-as-a-service (RaaS) operation. Their streak has included major attacks on Patelco, Rite Aid, Christie’s auction house, and Frontier Communications.

The US Federal Trade Commission released a report Tuesday showing Americans have had $65 million worth of crypto stolen so far 2024 from Bitcoin ATM scams. It claims that in all of 2023, that number was as high as $114 million.

These scams work in a variety of ways, but most use social engineering to impersonate a company like Apple or Microsoft. The scammers will claim suspicious activity has been found on an account, prompting people to enter in their account details. The majority of victims are older adults.

This comes alongside an FBI warning released on Tuesday that North Korean hacking groups are targeting crypto companies, using social engineering and malware to steal assets.

Supposedly, North Korean hackers have been observed doing research on targets in cryptocurrency exchange-traded funds (ETFs) and related products. If so, this could be a sign that these groups are planning attacks on companies that own these kinds of crypto assets.

The FBI says that these actors will typically begin their attacks with social engineering by targeting employees with job offers and investment opportunities. As the FBI says, "The actors usually communicate with victims in fluent or nearly fluent English and are well versed in the technical aspects of the cryptocurrency field.”

Hacking groups linked to North Korea (including prominent names like Kimsuky, Lazarus Group, and Andariel) have stolen $3 billion worth of cryptocurrency since 2017, according to a 2023 report by Recorded Future.

Russia’s largest social media and networking service VK (VKontakte) recently suffered a data breach that affected 390 million users. The data contains “basic identification and location details.” The data wasn’t taken directly from VK, instead being accessed through a third party. This is all according to threat actor Hikki-Chan, who is offering the data nearly for free on BreachForums.

VK is a massive platform, though it’s not widely known outside of Russia. It has 1.1 billion visitors every month.

The company was founded by Pavel Durov, who is the chief executive of Telegram (more on that company’s latest legal issues below), in 2006. But in 2021, a combination of Russian state-owned companies bought up controlling shares in the company. After Russia’s military invasion of Ukraine, Apple removed VK from its App Store.

This is not VK’s first major breach. Like so many large social media platforms, it has been the target of multiple major attacks. In 2016, hackers stole 171 million VK accounts by capturing a database with full names, email addresses, and plain-text passwords. Another major breach in 2022 saw 32 million records stolen, complete with photos, names, among other data.

Telegram’s international legal woes continue with South Korean police opening up an investigation into the app for its potential complicity in a wave of illegal deepfake pornography targeting young women. On Monday, National Police Agency commissioner Cho Ji-ho spoke to Parliament about the investigation.

It all comes after last week’s pledge by the South Korean government to fight sexually exploitative deepfakes. The country has witnessed a disturbingly high amount of deepfake creations. Its singers and actresses account for 53% of targets, according to a Security Hero report from 2023.

In 2024, South Korean police have taken up 297 deepfake sex crime cases. Those cases tend to have teenagers as both the victims and perpetrators.

These images are typically shared in encrypted groups chats on messaging apps like Telegram. Police have found chat groups linked to schools and universities, with students and teachers used to create deepfake pornographic images.

The app has also been used for related sex crimes. A sex ring was discovered in 2019 that used the app to blackmail dozens of women and children into creating pornographic content. The 20-year-old head of the operation, Cho Ju-bin, was sentenced to 42 years in prison for the activity.

This latest round of scrutiny comes alongside the founder of Telegram, Pavel Durov, being held in French custody and now being officially charged with crimes related to his app’s complicity in child pornography, drug trafficking, and fraud.

Zscaler’s forecast for fiscal 2025 came in well below expectations, leading to a 12% dip in shares. Despite a year filled with headlines illustrating the high risks of cyberattacks, they’re finding spending for their services weaker than predicted. With rising interest rates and uncertainty around the state of the global economy, many enterprise-level firms are choosing to step back on cybersecurity spending.

And yet, the sector as a whole still looks healthy. Giants like Palo Alto Networks are performing remarkably well, and reports as recent as late August are still showing promising signs of growth.

Gartner’s latest forecast projects as much as 15% growth in total cybersecurity spending in 2025.

That large increase in spending is a culmination of multiple factors. A talent crunch means that great cybersecurity will be in short supply. A continuing rise in threats keeps ramping up demand. And as industries continue to flock to the cloud, cybersecurity becomes more and more foundational to the operation of swathes of the economy.

But Gartner’s report says the single biggest driver is the adoption of generative AI by threat actors. As their press release for their forecast reads, “Since the release of GenAI, attackers are increasingly employing tools along with large language models (LLMs) to carry out large-scale social engineering attacks, and Gartner predicts that by 2027, 17% of total cyberattacks/data leaks will involve generative AI.”

Interesting Read

With ransomware once again in the news, a new article in Government Technology by Nikki Davidson looks at a unique public solution: a total ban on making ransomware payments. While it seems extreme at first, real world examples provide some helpful data.

For instance, North Carolina began the effort in 2021 with legislation that prohibits both public ransomware payments and negotiations with cyber criminals. Florida passed a watered down version the next year.

These laws affect public institutions, and they are intended on having a general effect of making these targets much less appealing. After all, if government agencies can’t pay out, then there is no point attacking them in the first place.

But some experts warn that the stakes can be extraordinarily high, and taking the principled approach might cost lives.

Twitter Highlights

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team