Welcome reader to your CybersecurityHQ report.

Headlines

U.S. lawmakers are calling on the Securities and Exchange Commission (SEC) to enhance its cybersecurity measures following a hack of its X account. The incident involved some unauthorized person gaining control of the account and posting a false message about the commission approving Bitcoin exchange-traded funds (ETFs). The fake announcement spiked Bitcoin’s price.

The timing was particularly unfortunate, occurring just before the SEC officially approved the first U.S.-listed ETFs tracking Bitcoin. In response, Senators Ron Wyden (Democrat, Oregon) and Cynthia Lummis (Republican, Wyoming) sent a letter to the SEC. In the letter, they question the agency's cybersecurity protocols and call for a thorough investigation. They also highlight the SEC's lack of two-factor authentication (MFA) at the time of the hack. Wyden and Lummis urged the SEC to review its use of MFA, particularly phishing-resistant MFA, to close any remaining security gaps.

Last year’s cyberattacks on Denmark's energy sector were initially attributed to the Russia-linked Sandworm hacking group — but new findings from Forescout challenge this attribution. The attacks, which targeted 22 Danish energy organizations, occurred in two waves. On May 11, they exploited a security flaw in Zyxel firewalls (CVE-2023-28771). And from May 22 to May 31, they deployed Mirai botnet variants via an unknown initial access vector. This second wave was observed to use IP addresses linked to the Cyclops Blink botnet.

Forescout's investigation revealed that these two waves were unrelated and likely not the work of a state-sponsored group. The second wave was most likely part of a mass exploitation campaign against unpatched Zyxel firewalls. The origin of the attacks remains unknown. The attacks may have started as early as February 16, exploiting other known flaws in Zyxel. These attacks targeted entities across Europe and the US.

A 29-year-old Ukrainian has been arrested for leading a sophisticated cryptojacking operation that generated over $2 million (€1.8 million) in illegal profits. The hacker was arrested on January 9 in Mykolaiv, Ukraine — the end of an investigation that involved close collaboration between the National Police of Ukraine, Europol, and an unnamed cloud service provider.

Cryptojacking is a scheme that gains unauthorized control of computing resources as a means to mine cryptocurrencies. This almost always begins with compromised credentials that can be used to infiltrate cloud infrastructure. Privileges can be escalated to gain further permissions or hijack existing subscriptions for obfuscation.

Interesting Read

Security Intelligence recently ran this interesting read summarizing the big predictions for cybersecurity in 2024. Like so many of these articles, this one starts with a run down of the massive threat that generative AI proved to be in 2023 — stoking fears that things will only get worse over the course of the next year.

There are plenty of opportunities for cybercriminals to use their new bevy of tools (like GenAI). With so many conflicts worldwide, many people will be looking to pay good money to see attacks.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team