Security News You Can Use—Issue 17

Here are the stories getting our attention:

US releases Russian hackers and spies as part of prisoner swap

The United States, Germany, and Slovenia have coordinated a significant prisoner exchange with Russia and Belarus, facilitated by Turkey. This complex swap included the release of hackers, spies, and an assassin. Notably, U.S. citizens such as Wall Street Journal reporter Evan Gershkovich and Marine veteran Paul Whelan were freed. Russia gained the return of eight nationals, including notable hackers Roman Seleznev and Vladislav Klyushin, and spies Artem and Anna Dultsev. This exchange underscores a major diplomatic effort amidst current geopolitical tensions, illustrating the intricate balance of international relations.
 

Microsoft says massive Azure outage was caused by DDoS attack

A distributed denial-of-service (DDoS) attack caused a massive nine-hour outage on Microsoft's Azure and Microsoft 365 services worldwide. The attack triggered a spike in usage that overwhelmed Microsoft's DDoS protection mechanisms, leading to disruptions in services like Microsoft Entra, Intune, Power BI, and Azure App Services. An error in the implementation of Microsoft's defenses exacerbated the impact. Microsoft has since adjusted network configurations and performed failovers to mitigate the issue. They plan to release a detailed post-incident review within the next two weeks.
 

U.S. DOJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals

The U.S. Department of Justice has indicted Rim Jong Hyok, a North Korean hacker, for executing ransomware attacks on U.S. hospitals, laundering the proceeds to support North Korea's illicit activities. Hyok, associated with the Andariel group, used the Maui ransomware to target healthcare facilities, endangering lives. The DOJ and the State Department announced a $10 million reward for information leading to his capture. This hacker group has also attacked defense, technology, and government entities globally, obtaining sensitive military and technical data.
 

North Korean hacker got hired by US security vendor, immediately loaded malware

A North Korean hacker infiltrated the U.S. security firm KnowBe4 by posing as a U.S.-based software engineer using stolen identities and AI-generated photos. Despite passing interviews and background checks, the hacker's activities raised suspicions when a provided workstation attempted to load malware. KnowBe4's Security Operations Center (SOC) contained the threat before any significant damage occurred. The hacker used sophisticated methods, including manipulating session history files and attempting to execute unauthorized software with a Raspberry Pi. External cybersecurity experts and the FBI are investigating the incident, highlighting the advanced tactics of nation-state actors and the need for stringent security protocols.
 

Cost of Data Breach in 2024: $4.88 Million, Says Latest IBM Study

IBM's 2024 Cost of Data Breach Report reveals the average cost of a data breach rose to $4.88 million, a 10% increase from 2023. The study, based on data from over 600 companies across 17 industries in 16 countries, highlights the benefits of AI in reducing breach costs. Organizations using AI for detection and prevention saved $2.2 million on average. Staffing shortages and inadequate user training remain persistent issues, while involving law enforcement in ransomware incidents significantly reduced costs. The report emphasizes the need for businesses to enhance security measures, especially with the growing risks from generative AI.