Monthly Threat Report November 2024: More Breaches and New EU Regulations
Introduction
The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on cybersecurity incidents from the month of October 2024.
Executive Summary
- The EU has adopted a new law that aims to increase the security of IoT Devices and has potential larger implications on the security posture of digital products in the EU in the future.
- The summer Olympic games earlier this year weather Report ed more than 140 different cyber-attacks successfully.
- The Internet Archive suffered a data breach that involves the data of 31 million end users.
- We’re likely to see an increase in the amount of shipping and shopping brand impersonation attacks in the coming weeks due to the holidays
- Attackers will seek to inject malicious communications into the communication stream of the recent US elections.
Threat Overview
If you’re a long time reader of the Monthly Threat Report by Hornetsecurity you know that we frequently discuss hard data gleaned from our scanning services. We moved to a quarterly cadence with the data review, and in the in-between months we focus more on predictions, threat-analysis, news commentary and others.
NOTE: This month’s threat report will be somewhat shorter due to the fact that we’ve also been working on our annual Cyber Security Report. The Cyber Security Report is MUCH larger than these monthly occurrences and covers data for an entire year from the analysis of 55.6 Billion emails. If you’re interested in the annual Cyber Security Report, you’ll be able to find it HERE.
Major Incidents and Industry Events
The EU Cyber Resilience Act
The EU has recently adopted a new law that will impact the security requirements for digital products, including hardware and software. According to the official press release:
The new law introduces EU-wide cybersecurity requirements for the design, development, production and making available on the market of hardware and software products
The release specifically calls out IoT devices and insuring that they’re:
made secure throughout the supply chain and throughout their lifecycle.
This is welcome news due to the fact that IoT devices have historically been some of the easiest devices to breach. They’re devices that are typically deployed with little oversight and rarely get a second look to install firmware and security patches. In fact many attackers leverage low-security IoT devices within their attack chain to gain a foothold within a target environment.
For a little more info on how these new regulations will be applied, the press release states:
The regulation will apply to all products that are connected either directly or indirectly to another device or to a network. There are some exceptions for products for which cybersecurity requirements are already set out in existing EU rules, for example medical devices, aeronautical products, and cars.
Additional scrutiny regarding IoT devices can only be a good thing for the industry and will help secure environments in the long run.
The Olympic Games Fought Off 140 Different Cyber Attacks
This is more of an update on previously discussed items, but if you’ve not been keeping track, the Olympic games in Paris this year weathered an enormous amount of cyber-attacks. The final count came to more than 140 different disparate cyber attacks, and despite this, the games continued on without a hitch. There are a number of reasons for the volume of attacks. Many of them are nation state driven in an effort to drive a political message or to embarrass a western nation on the national stage. Others were just plain cyber-crime.
In fact, if you’d like to know more about how attackers targeted the Olympic games, we covered this in a recent episode of the security swarm podcast – embedded below:
The Internet Archive was Breached
Another notable attack from October involved the Internet Archive. The Internet Archive is an organzation whose missions is to (you guessed it) Archive the internet. They also provide a number of other historical services such as retaining historical software applications.
The breach involved the personal data of 31 million users. The stolen data included email addresses and encrypted passwords. Attackers also conducted a DDOS attack along with javascript defacing of their webpage. The good news, if there is any, is the fact that their archived data remains unaffected and the organziation’s mission can continue.
We’ll provide more updates as applicable.
Predictions for the Coming Months
Holiday Increase in Brand Impersonations
As we approach the holidays we’re likely to see an increase in the amount of shipping and online shopping brand impersonation attacks. It’s an annual trend we see happen around this time of year every year. Threat actors know that more people will be using shipping services during the holiday shopping period, and are looking to cash in on consumer behavior during this time period.
Attacks Looking to Take Advantage of US Election Results
Regardless of which side you fall on regarding the results of the recent US election, you may be targeted by threat actors. Attackers will seek to inject themselves into the communication stream of political communications and try to capitalize on the emotions surrounding this election cycle. Hackers know that when targets are making emotional decisions they are more likely to make mistakes and ultimately fall victim to a cyber attack.
Monthly Recommendations
- If you do business in the EU make sure you take some time to review the new Cyber Resilience Act and make changes within your business accordingly to make sure you conform with new regulations, if applicable
- Educate end users on the projected increase in brand impersonation attempts as well as the possibility of recieving malicious fake political communications.
About Hornetsecurity
Hornetsecurity is a leading global provider of next-generation cloud-based security, compliance, backup, and security awareness solutions that help companies and organisations of all sizes around the world. Its flagship product, 365 Total Protection, is the most comprehensive cloud security solution for Microsoft 365 on the market. Driven by innovation and cybersecurity excellence, Hornetsecurity is building a safer digital future and sustainable security cultures with its award-winning portfolio. Hornetsecurity operates in more than 120 countries through its international distribution network of 12,000+ channel partners and MSPs. Its premium services are used by more than 75,000 customers.