Breach Update: Brazilian Authorities Detain US Department of Defense Personnel

This week, ISMG presents a summary of significant cybersecurity incidents and breaches worldwide. Notable events include the arrest of a hacker known as USDoD by Brazilian authorities, the gradual restoration of the Internet Archive following substantial attacks, a Microsoft advisory regarding Kerberoasting, increasing phishing threats associated with file-sharing services, Google’s initiatives to enhance memory safety, and Amazon’s report of over 175 million customers adopting passkeys.

Current Developments

The Federal Police of Brazil confirmed the arrest of a hacker identified as “USDoD,” who claimed responsibility for breaching the FBI’s InfraGard cybersecurity forum in 2022. This individual allegedly impersonated a U.S. CEO to infiltrate the platform, which includes member data for over 80,000 participants.

USDoD reportedly offered to sell the information, including 47,000 email addresses, for $50,000 via BreachForums. Furthermore, he is linked to the December 2023 breach of National Public Data, impacting 1.3 million U.S. residents. Authorities executed search and seize warrants in his home city of Belo Horizonte, Minas Gerais, where he is believed to have previously stored and offered federal police data for sale.

After suffering a series of cyberattacks, including a Distributed Denial of Service (DDoS) assault and a breach affecting 31 million users, the Internet Archive has partially restored its services. Users can access a simplified version of the site, while the famed Wayback Machine is now operational in read-only mode. Although the archive itself is secure, the organization plans to resume web crawling soon.

Microsoft has issued a warning about the escalating threat of Kerberoasting attacks, which exploit the Kerberos authentication protocol to obtain Active Directory credentials. Increasingly, threat actors are utilizing GPUs to enhance their ability to crack passwords, emphasizing the need for organizations to remain vigilant against such low-tech yet highly effective attacks.

Microsoft has reported a surge in phishing campaigns leveraging legitimate file-sharing platforms like OneDrive and Dropbox. These schemes involve attackers prompting victims for authentication, ultimately leading to business email compromise and data theft. The utilization of trusted vendor accounts for malicious file hosting exemplifies a growing concern among cybersecurity officials.

In a move to bolster security, Google has committed to prioritizing memory-safe programming languages in software development, pivoting from traditional choices like C++. The company notes that a significant percentage of vulnerabilities resulting in zero-day exploits fall under the category of memory safety issues. Google plans to integrate Rust more extensively within Android development and is exploring advanced safety measures through comprehensive bug testing techniques.

Volkswagen Group has responded to claims by the ransomware group 8Base, which asserted it had stolen sensitive information from the company. According to reports, Volkswagen’s IT infrastructure was unaffected. The group has reportedly targeted over 400 victims since early 2023, using data theft to extort ransoms from organizations.

Amazon has announced that over 175 million customers now utilize its passwordless sign-in feature, enhancing security and efficiency. Passkeys, which leverage biometric authentication, store credentials securely on devices, offering a robust solution against prevalent phishing attacks and data breaches.

Additional Insights from Last Week

Coverage includes reporting from Information Security Media Group’s David Perera in Washington, D.C.