Cybercrime , Fraud Management & Cybercrime , Incident & Breach Response
Breach Roundup: Ex-Verizon Worker Cops to Spying for China
Also: Turn in Volodymyr Kadariya, Get $2.5 Million from Uncle SamEvery week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week, an ex-Verizon employee pleaded guilty, SonicWall fixed critical flaws, South Korean hackers exploited a zero-day, U.S. retailer Dick's Sporting Goods was breached, the U.S. government offered a big reward, Grok AI will send election queries to Vote.gov, and HIPAA is 28 years old.
See Also: Gartner Guide for Digital Forensics and Incident Response
Ex-Verizon Employee Pleads Guilty to Spying for China
Former software engineer Ping Li of Florida pleaded guilty on Friday to conspiring to serve as an agent for the People’s Republic of China. Li, who reportedly worked for Verizon for over 20 years and subsequently worked for India-based multinational IT firm InfoSys, used his access to provider a China Ministry of State Security handler with information about dissidents, pro-democracy advocates and members of the Falun Gong movement. He also provided details related to cybersecurity incidents involving U.S. companies.
Li, 59, was born in mainland China and later became a naturalized U.S. citizen. As part of his plea agreement, he acknowledged conspiracy to act as an unregistered foreign agent.
Li shared information through anonymous online accounts and during trips to China. In one instance, Li sent the name and biographical details of a Falun Gong member. While apparently at InfoSys - Li described it as "the second-largest IT company in India," prosecutors said - his Chinese handlers asked for internal cybersecurity training material.
Li now faces up to five years in prison. His attorney, Daniel Fernandez, acknowledged Li's mistake but argued that the information the software engineer provided was publicly available.
SonicWall Fixes Critical Firewall Vulnerability
SonicWall issued security updates to fix a critical vulnerability in its firewall devices that could allow unauthorized access to attackers. The flaw, tracked as CVE-2024-40766 with a CVSS score of 9.3, is due to improper access control in SonicOS, potentially enabling unauthorized access and, under certain conditions, causing the firewall to crash.
The vulnerability affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and earlier versions. SonicWall has resolved the issue in updated firmware versions.
South Korea-Linked Hackers Exploit Zero-Day Flaw
A South Korea-linked hacker group tracked by cybersecurity firm Eset as APT-C-60, exploited a zero-day vulnerability in WPS Office to deliver malware.
The hackers used the flaw, which allows remote code execution, to deploy a custom backdoor named SpyGlace targeting users in East Asia. The vulnerability affected WPS Office versions released since August 2023, but only on Windows. Kingsoft, the developer of WPS Office, silently patched the flaw in March 2024 with version 12.1.0.16412. But Eset later discovered that the patch was incomplete, leading to a second vulnerability, which has since been fixed.
Dick's Sporting Goods Discloses Cyberattack, Data Exposed
U.S. sporting goods retailer Dick's Sporting Goods revealed that a cyberattack last Wednesday exposed "confidential information," locking employees out of their accounts and disabling phone lines at stores. The company's IT staff is manually verifying identities before granting employees access, Bleeping Computer reported.
In a regulatory filing, Dick's stated that on Aug. 21, 2024, it detected unauthorized access to its systems, including those containing confidential data.
Despite the breach, Dick's reported no disruption to business operations and stated that it does not currently consider the incident material.
$2.5M US Reward for Angler Exploit Kit Hacker
The U.S. government offered a reward of up to $2.5 million for information leading to the arrest of Belarusian national Volodymyr Kadariya after indicting him for participation distributing Angler Exploit Kit.
Prosecutors unsealed a 2023 indictment against Kadariya earlier this month after arresting alleged co-conspirator Maksim Silnikau, a Belarussian and Ukrainian dual-national (see: Suspected Ransom Cartel Operator Extradited to the US).
"Kadariya facilitated the distribution of malware and malvertisements by co-conspirators through numerous means, including by directing the actions of co-conspirators and managing computer infrastructure involved in the dissemination of malware," his indictment says.
The most common method used to distribute Angler was malvertising - exploiting automated online advertising tools to smuggle malicious links. "Angler was one of the few exploit kits during its time that offered fileless infections, where malware never touches the disk and only resides in memory to avoid detection," Malwarebytes said in a blog post. Angler has been inactive since June 2016.
Grok AI Will Direct Election Searches to Vote.gov
Social media platform X said the Grok AI search assistant will direct users who enter election-related terms to vote.gov after receiving pressure from state officials to do so. The Elon Musk-owned platform faced criticism after Grok generated inaccurate data about state ballot deadlines for the November U.S. presidential election. Secretaries of state from Michigan, Minnesota, New Mexico, Pennsylvania and Washington highlighted the issue in a letter to Musk.
The misinformation potentially reached millions of X users. "We welcome this change, ensuring that voters receive reliable information," the state officials said in a joint statement.
Happy Birthday to HIPAA
It's been 28 years since U.S. President Bill Clinton signed the Health Insurance Portability and Accountability Act of 1996 into law. If it feels as if time has gone quickly, that may be because the HIPAA Privacy Rule didn’t go into effect until 2003 and the Security Rule wasn't activated until 2005.
"HIPAA is the cornerstone law that advances patient privacy, data protection, and health information security in our nation’s healthcare system," said Melanie Fontes Rainer, director of HHS OCR, in a statement last week commemorating the regulations.
Recent updates to the regulation include a final rule published in April that makes changes to the Privacy Rule to prevent medical records from being used against people who obtain or provide legal reproductive healthcare services (see: HHS Beefs Up Privacy Protection for Reproductive Health Info) .
HHS OCR is expected to issue this year an update to the HIPAA Security Rule to reflect how healthcare delivery and the cybersecurity landscape have evolved over the past two decades. "We're taking a look at it to make sure we're building into it practices - like end-to-end encryption - and things like that," said Fontes Rainer in a recent interview with ISMG.
Other Coverage From Last Week
- Patelco Breach Affected 726,000 Customers and Employees
- Cisco Bolsters AI Security by Buying Robust Intelligence
- Microsoft Copilot Fixes ASCII Smuggling Vulnerability
- Iranian Hackers Target US in Ransomware and Espionage Attacks
With reporting from Information Security Media Group's Akshaya Asokan in Southern England, Marianne Kolbasuk McGee in the Boston exurbs and David Perera in Washington, D.C.