Expert Insights Cybersecurity News Recap: December 10 – 17 2024

Welcome to the weekly Expert Insights cybersecurity news roundup.

 🎉 This will be the penultimate cybersecurity news roundup we publish in 2024! The end of the year is coming up fast. 

Got a story to share with our team? Email [email protected].

1. Rhode Island Hit By Cyber Attack, Resident Personal Data Could Be Exposed

• Hundreds of thousands of people have potentially had data breached in a major cyberattack in the state of Rhode Island. The breach has affected residents enrolled in state social services programs since 2016, reports CSO Online.

• The hack targeted RIBridges, a system that supports health and social security programs including Medicaid and SNAP. State Governor Dan McKee announced the breach during a press conference, where he urged residents to take precautionary steps, such as changing passwords and freezing credit cards.

• The exact scope of the breach remains unknown. To continue issuing social security payments to residents, officials have reportedly switched to manual processing methods, which is likely to affect deadlines and delay new applications.

2. Illegal “Rydox Marketplace” Busted By The FBI For Selling Stolen Personal Information

• The FBI has closed down an illegal marketplace called “Rydox”, which was a hub of stolen personal information, access devices, and other tools for cybercriminals, reports The Hacker News.

• “[The] Rydox marketplace has conducted over 7,600 sales of personally identifiable information (PII), stolen access devices, and cybercrime tools, which generated at least $230,000 in revenue since its inception in or around February 2016….In addition, the Rydox site has offered for sale at least 321,372 cybercrime products to over 18,000 users including stolen PII such as names, addresses, and social security numbers; access devices such as stolen credentials for online accounts and credit card information; and cybercrime tools such as scam pages, spamming logs, and spamming tutorials,” the DOJ said in a statement.

• The FBI arrested three admins of the marketplace, all Kosovo nationals.  Rydox charged its registered users a one-time fee to become resellers, who then made 60% of every sale made on the platform. Cryptocurrency worth approximately $225,000 was seized from accounts controlled by the defendants.

3. North Koreans Indicted For Earning $88 Million USD Fraudulently Working For US Firms

• 14 North Koreas have been indicted for stealing the identities of US IT workers and then illegally becoming employed at US companies, reports AP News.

• The scammers reportedly generated more than $88 million USD, which was funnelled back to North Korea and used in the development of ballistic missiles, the FBI said.

• Victims included companies and individuals across the USA, who had identities stolen. But in other instances, Americans were paid by North Koreans to use their home WiFi connections or even to pose on camera for interviews as IT workers on behalf of the scammers.

• The FBI has long been warning organizations hiring remote staff to be aware of the risk of North Koreans posing as American citizens.

4. Spyware Was Installed On A Journalist’s Phone After It Was Unlocked By A Cellebrite Tool 

• A Serbian Journalist first had his phone breached by a Cellebrite tool, before it was loaded with a previously known spyware codenamed NoviSpy, according to a report by Amnesty International, reports The Hacker News.
  
• Amnesty’s report claims that the spyware was installed when the phone was in the hands of Serbian police in 2024. Amnesty links the Serbian Security Information Agency (BIA) to procuring spyware tools like NoviSpy, Pegasus, and Predator to monitor activists, journalists, and protest organizers since 2014, despite police denying these claims.

• NoviSpy enables extensive surveillance capabilities, including remote activation of the phone’s microphone and camera, capturing screenshots, tracking location, and exfiltrating sensitive data like messages and photos.
  
• Israeli company Cellebrite is investigating potential misuse of its tools and a zero-day exploit in its UFED software, tracked as CVE-2024-43047, which was patched by Qualcomm in October 2024 after being exploited to gain unauthorized device access.

5. Krispy Kreme Hit By Cyber Attack Impacting Online Orders

• Krispy Kreme experienced a cyberattack on November 29, 2024, disrupting its online ordering system in parts of the United States, while in-store operations and deliveries to retail and restaurant partners remained unaffected, reports BleepingComputer.

• The company immediately engaged cybersecurity experts to contain and investigate the breach, but the nature, scope, and type of attack (e.g., ransomware) have not yet been confirmed.

• The incident is expected to have a financial impact due to lost digital sales, recovery efforts, and associated fees, with Krispy Kreme’s stock price dropping by 2% following the announcement.

That’s all for this today. 👋

We’re back on Thursday for our weekly cybersecurity industry news roundup.

Expert Insights Cybersecurity Resources:

• The Top RMM Solutions For MSPs
• The Top Mobile Device Management (MDM) Solutions
• The Top Email Security Solutions For Office 365
• The Top Email Security Gateways
• The Top Multi-Factor Authentication (MFA) Solutions For Business
• The Top Phishing Protection Solutions
• The Top Cyber Threat Intelligence Solutions