Welcome to the next edition of Forcepoint Security News—curated news meant to provide a quick look at what's happening around the cybersecurity industry. Lots of activity since the last issue.
Before we dive in, I’ve got to say just a bit about ChatGPT. The amount of money and attention the AI-powered chatbot continues to amaze. This New York Times story provides insight into Microsoft’s investment of billions of dollars into OpenAI, the company behind ChatGPT. And this WSJ interview of Microsoft CEO Satya Nadella from Davos makes the company’s plans clear—to infuse all of Microsoft’s products with AI.
Here are other stories getting our attention:
Forcepoint Security News
PayPal is notifying thousands of users that their accounts were accessed through a large-scale credential stuffing attack that exposed some personal data. The attack occurred between December 6 and December 8, 2022. PayPal reportedly detected and mitigated it at the time. According to the company, 34,942 users were impacted by the incident. Hackers had access to account holders' full names, addresses, social security numbers, and tax identification numbers. PayPal is offering impacted users a free-of-charge two-year identity monitoring service and recommends that users change their passwords and activate two-factor authentication.
Royal Mail trials ‘operational workarounds’ following suspected ransomware attack
British postal company, Royal Mail has been impacted by a suspected ransomware attack. The company announced it had been impacted by a “cyber incident” last week, although it has not been confirmed that the incident was a ransomware attack. The Record has seen a copy of an extortion note sent to Royal Mail, claiming to be from the LockBit ransomware group, and printed out using printers connected to the company’s network. The unusual method of sending the note had prompted some speculation that it could have been delivered by a third party seeking to hijack any payment made to the actual attackers. Royal Mail is currently trying "operational workarounds" to get services moving again and has resumed export of letters which do not require a customs declaration to all international destinations. Royal Mail continues to work with external experts, the security authorities and regulators to mitigate the impact of this cyber incident.
In a story that features commentary from our Global CTO Petko Stoyanov, a group of Chinese researchers has claimed to have developed a method to break RSA encryption using a quantum computer that already exists, which could have serious implications for data protection and surveillance. This is significant because it was previously believed that a quantum computer with tens of millions of qubits would be needed to break RSA encryption. The Chinese researchers' claims are being met with skepticism and it is unclear whether their method is accurate. Congress recently passed a law requiring federal agencies to prioritize the acquisition of IT systems using post-quantum cryptography. Cybersecurity experts have worried that quantum computers will eventually become powerful enough to break encryption within minutes as opposed to years.
T-Mobile reported that a hacker obtained data, including names, birth dates, and phone numbers, from 37 million customer accounts. The breach lasted for over a month and was discovered on January 5th, with the leak being stopped the following day with the help of outside cybersecurity experts. The company stated that there is no evidence that its systems or network were compromised, and that the mechanism the hacker exploited did not provide access to more sensitive information such as Social Security numbers, government identification numbers, or passwords or payment card information. This is T-Mobile's second major breach in less than two years, with a cyberattack in 2021 exposing data from nearly 77 million T-Mobile customer accounts.
Hackers breached CircleCi in December by stealing an engineer's 2FA-backed session cookie through malware that the company's antivirus software did not detect. The hacker used the engineer's privileges to steal data from some of the company's databases, including customer's environment variables, tokens, and keys. The company has rotated all customer tokens, added further detections for the behavior exhibited by the information-stealing malware to their antivirus and mobile device management systems and increased the security of its 2FA implementation. This is another example of the increased targeting of multi-factor authentication by threat actors and highlights the importance of properly configuring MFA platforms to detect when a session cookie is used in a new location and request further MFA validation. One thing worth noting: Customers running Forcepoint RBI would be safe from this type of attack.