Cybersecurity Current Events - Dec. 9th, 2024

This weekend in cybersecurity has been marked by significant developments that highlight the challenges and opportunities in digital security. The European Union introduced sweeping new laws to strengthen cybersecurity measures, setting a bold precedent for member states. Deloitte and ENGlobal Corp are facing the aftermath of major breaches, exposing vulnerabilities in high-profile organizations.

In the U.S., advisories emphasized secure encryption for messaging apps, reflecting rising concerns about data privacy. Meanwhile, pressure mounts on Russia to address cybercrime, with actions against notable figures like Mikhail Matveev signaling a shift in international expectations.

Legacy systems remain a critical issue as exploits in end-of-life devices come to light, reminding organizations of the risks of outdated technology. Lets take a look!

1. Deloitte Breach: Confidentiality in Question

• Summary: The notorious ransomware group Brain Cipher has claimed responsibility for breaching Deloitte UK and exfiltrating over 1 terabyte of sensitive data. The group alleges that this data, which includes confidential information, was taken from the professional services giant. However, on December 7, 2024, Deloitte issued a statement clarifying that the breach only affected a single client’s external system and did not involve its internal network or systems.
• Timeline: Reported December 6, 2024.
• Actors: Brain Ciper ransom group.
• Implications: If the allegations are true, this breach could raise serious concerns about the security practices of large firms like Deloitte, especially regarding third-party or client data. The fact that the breach was reportedly limited to external systems could still indicate vulnerabilities in how Deloitte manages its clients’ sensitive information, and it underscores the risks that come with sharing data between clients and vendors. This incident also highlights the growing threats posed by ransomware groups targeting high-profile organizations. Deloitte’s reassurance that no internal systems were compromised may help mitigate concerns, but the event raises questions about data protection standards within the professional services industry.
• Actionable Steps: Enable multi-factor authentication (MFA) for all accounts and conduct regular audits of privileged access. Monitor and investigate unusual account activity.
• Additonal Resources: For more details, visit Cybersecurity News.

2. EU Cybersecurity Strengthening Laws

• Summary: The European Union adopted new legislation aimed at bolstering cybersecurity capabilities across member states. The measures include frameworks for better incident reporting, collaboration, and enhancing critical infrastructure resilience against cyber threats.
• Timeline: On December 8, 2024, the legislation was formally adopted following months of deliberations in Brussels. Member states are expected to align with these measures in early 2025.
• Actors: The European Commission spearheaded the legislative efforts with input from the European Union Agency for Cybersecurity (ENISA) and cybersecurity representatives from member states.
• Implications: The laws are expected to improve collaboration and incident response across the EU, creating a more unified approach to cybersecurity with increased standards for protecting critical infrastructure, such as energy, transportation, and healthcare. Organizations operating in the EU will face stricter compliance requirements, necessitating investments in security measures.
• Actionable Steps: Organizations should review the new laws and ensure alignment with updated cybersecurity frameworks and enhance systems to meet stricter reporting requirements within stipulated timelines. Building partnerships with national and EU-level cybersecurity entities will help to streamline threat intelligence sharing. Conduct vulnerability assessments to ensure compliance with new critical infrastructure protection standards.
• Additonal Resources: Full Details of the New EU Laws

3. ENGlobal Corp Cybersecurity Incident

• Summary: ENGlobal Corp, a provider of engineering and automation solutions, reported a cybersecurity incident that disrupted internal operations and raised concerns about potential data breaches. Early investigations suggest unauthorized access to sensitive corporate information.
• Timeline: Incident reported publicly on December 2, 2024. Details of breach specifics and investigation status remain ongoing.
• Actors: The identity of the attackers remains unconfirmed, but early indicators suggest a ransomware group targeting engineering and industrial services sectors.
• Implications: Disruption in ongoing engineering projects and automation services. Possible erosion of trust among clients dependent on their systems for critical infrastructure projects. Risk of intellectual property or sensitive client data being leaked.
• Actionable Steps: Enhance Endpoint Security by deploying advanced threat detection tools to monitor for unusual activity.Ensure secure, regular backups of critical data, stored offline to avoid encryption risks..
• Additonal Resources: Visit the full incident report at Board Cybersecurity Tracker for the latest updates.

Other Notable Events in Cybersecurity

U.S. Advisory on Encryption Apps

The U.S. government has urged businesses and individuals to prioritize secure communication through end-to-end encrypted apps following reports of sophisticated Chinese telecom hacking campaigns. These attacks highlight the vulnerabilities in unsecured communication channels.

Increased Pressure on Russian Cybercriminals

The Russian government has sentenced 15 individuals associated with the Hydra dark web marketplace. Sentences ranged from 8 years to life imprisonment for crimes such as drug trafficking, ransomware facilitation, and laundering over $5 billion in cryptocurrency since 2015. Followed by the news that Russian authorities have arrested and charged Mikhail Matveev, also known as "Wazawaka," for developing malware used by prominent ransomware gangs like Conti and LockBit. This crackdown signals a stricter stance by Russia on cybercrime and highlights the increasing international pressure on Russia to act against cybercriminals operating within its borders.

End-of-Life Device Exploits Continue

Hackers have continued to intensify their focus on devices no longer receiving security updates, such as GeoVision’s surveillance systems. These exploits underscore the importance of timely upgrades and decommissioning vulnerable devices.

The cybersecurity landscape continues to evolve with critical incidents, regulatory shifts, and advancements. As breaches, legislative changes, and advisories shape the field, organizations must proactively adapt to safeguard their data and operations. Collaborative efforts, both on a global scale and within industries, remain essential in tackling these challenges head-on.

Partnering with EIP Networks for People-First Cybersecurity

EIP Networks remains committed to a person-first approach to cybersecurity, delivering tailored solutions to meet your organization's unique needs. Stay ahead of threats by engaging with our current events and weekly roundups here on our Blog, LinkedIn or X (Twitter), and learn how to fortify your security posture by booking a consultation with our expert team. #WeDoThat