What’s in the paper for last week’s top cybersecurity news? More governments are labelling TikTok as a security threat, while data breaches are constantly rising across industries. Industry experts are estimating over 33 billion records to be compromised globally by the end of 2023.
Let’s take a look at some of the top security news and incidents from this week:
US healthcare insurance data being actively sold on the dark web
In a recent development, it has been revealed that hackers have managed to acquire sensitive information from an online health insurance marketplace that is utilized by members of Congress as well as residents of Washington, D.C. The data that has been stolen from the marketplace is being sold by hackers on various online forums.
According to the memo issued by leaders of the House of Representatives, the stolen data pertains to numerous lawmakers, including their spouses, dependents, and employees from both major American political parties. Additionally, the data of senators and their staff have also been compromised. However, the full extent of the breach is yet to be known and the cause and size of the breach are still being investigated.
The FBI has been roped in to investigate the breach, and they have confirmed that they were able to purchase stolen congressional data on a dark web criminal forum. In light of this development, the DC Health Link, which is the online insurance marketplace that was breached, has confirmed that customer information had been exposed on a public forum. House Speaker Kevin McCarthy and House Democratic Caucus Leader Hakeem Jeffries have also posted a widely reported letter to the marketplace’s executive director detailing the stolen data and the implications of the breach.
Czech Republic labels TikTok as a security threat
In a significant development, the state cybersecurity watchdog in the Czech Republic has officially warned that the popular Chinese application TikTok poses a security threat. This follows similar warnings from the US, the European Commission, and Canada.
The Czech National Office of Cyber and Information Security has made the warning mandatory for people covered by the Czech Cybersecurity law, which includes those working with critical communication systems and accessing information systems.
Additionally, the cybersecurity office has advised politicians and decision-makers to refrain from using the app. For the general public, they were encouraged to think carefully about what they are sharing via the app and consider whether to continue using it.
Lukáš Kintr, director of the cybersecurity office, said that the warning was based on a comprehensive analysis of information about the TikTok app obtained from public sources and their allies. He added that the app’s growing user base in the Czech Republic, combined with the legal environment in China and the amount of data being collected and handled, left them with no choice but to label TikTok as a security threat.
A new data breach is impacting U.S. House members and staff
the FBI has launched an investigation into a data breach that has affected members and staff of the US House of Representatives. The breach occurred when their account and sensitive personal information were stolen from the servers of DC Health Link, the organization that administers healthcare plans for members, staff, and families of the House.
Individuals impacted by the breach received an email notification from Catherine L. Szpindor, the US House Chief Administrative Officer, earlier today. The DailyCaller was the first to report on the matter. In the email, Szpindor stated that “DC Health Link suffered a significant data breach yesterday, potentially exposing the Personal Identifiable Information (PII) of thousands of enrollees. As a Member or employee eligible for health insurance through D.C. Health Link, your data may have been compromised.”
The news of the breach has caused concern among lawmakers and their staff, and the investigation by the FBI is ongoing. Further details about the nature and extent of the breach are yet to be disclosed.
Lazarus group targets South Korean financial entity
The Lazarus Group, a North Korea-linked threat actor, has been found to have weaponized software vulnerabilities to target a financial business entity in South Korea. The group breached the entity twice within a year, first in May 2022 and again in October 2022.
According to AhnLab Security Emergency Response Center (ASEC), the first attack involved exploiting a vulnerability in a widely used certificate software, while the second attack exploited a zero-day in the same program. However, ASEC has not disclosed further details, stating that the vulnerability has not been fully verified, and a software patch has not yet been released.
The Lazarus Group gained initial access through an unknown method and then used the zero-day exploit to move laterally. They also deployed a BYOVD (Bring Your Own Vulnerable Device) attack to disable the AhnLab V3 anti-malware engine.
The use of zero-day exploits and BYOVD attacks by threat actors raises concerns among cybersecurity experts, highlighting the need for increased vigilance and robust security measures.