This episode of Cybersecurity Today is brought to you by Elisa, a tale of quantum kisses, a new novel from host Jim Love. You can find this exciting sci fi adventure romance, a vision of a near term AI future at Amazon in the book section. Search for Elisa, E L I S A, that's Elisa, E L I S A, and Jim Love, or check out the book's website at Elisabook. com. Now back to our regularly scheduled programming. BlackBerry offloads Cylance's endpoint security products to Arctic Wolf.
AWS customers face a massive breach amid ShinyHunter's alleged regroup. Clop Ransomware claims responsibility for Cleo data theft attacks and Russia increases cyber attacks on critical infrastructure . Welcome to Cybersecurity Today. I'm your host, Jim Love. They called it the curse of the Bambino when Babe Ruth was sold to the New York Yankees in 1919 with the Boston Red Sox supposedly condemned to lose the World Series year after year because of that.
This next story might be called the Curse of Blackberry, where the company paid 1. 4 billion for what was regarded as the core of their new security offering, Cylance, only to sell it for a meager 160 million. BlackBerry acquired Cylance in 2018, hoping to combine AI driven endpoint security with its Internet of Things and embedded systems businesses. Then CEO John Chen called it a game changing move, indispensable to realizing the enterprise of things, he said.
But instead of a home run, it's been a strikeout. Cylance's revenue declined, and the integration never delivered the results BlackBerry promised. Now, Arctic Wolf has stepped in to acquire Cylance's endpoint products. The deal is structured as 80 million up front, 40 million over the next year, and 5. 5 million shares. Arctic Wolf CEO Nick Schneider said Cylance will be folded into the OpenXDR Aurora platform to simplify security operations, reduce alert fatigue, and improve risk management.
In his words, security has an operations and effectiveness problem. By incorporating Cylance's endpoint capabilities, we can deliver better outcomes for customers. BlackBerry, meanwhile, remains a strategic reseller of Silents products and a shareholder in Arctic Wolf, but there may be a win in this after all, because investors seem to approve, with BlackBerry's stock jumping nearly 15 percent on the news.
AWS customers are reeling from a massive data breach after vulnerabilities in public facing websites allowed hackers to access sensitive customer data. The attack has been linked to the re emergence of Shiny Hunters, a notorious hacking group operating under a new name, Nemesis. Cybersecurity researchers Noam Rotem and Ran Lokar, working with VPNmentor, uncovered the operation.
Hackers exploited misconfigurations across websites, gaining access to AWS credentials, proprietary source code, and even database secrets. The attackers scanned AWS IP ranges, used open source tools like Shodan, and deployed custom scripts to harvest credentials and infiltrate AWS services. This gave them the ability to send phishing emails, access systems, and extract valuable data. AWS quickly acted to mitigate the breach, quarantining compromised credentials and notifying affected customers.
Now AWS emphasized the importance of customers securing credentials properly, pointing to its shared responsibility model for cloud security. The breach highlights though how easily misconfigurations can be exploited, a recurring theme for cloud providers and their customers alike. For AWS, the breach is The breach highlights how easily misconfigurations can be exploited, a recurring theme for cloud providers and their customers alike.
Evidence suggested that the operation was orchestrated by former members of Shiny Hunters who ran the breach forum site before its takedown earlier this year. I have to say something about this story. And I know AWS always points to the shared responsibility model, but, and I'm not an infrastructure guy, but I had to provision a server recently using AWS. And I have to tell you, if you've ever seen that backend where you look at the security assignments and how they work, it's a dog's breakfast.
I have no way wonder at all why there are so many mistakes made in configuring those servers. Just a thought, maybe AWS needs to step up and get a UX designer in there. If everybody's making the mistake, maybe there's something wrong with the interface. The Klopp ransomware gang has taken responsibility for recent data theft, attacking a company named Cleo's managed file transfer platforms.
The group used zero day vulnerabilities tracked as CVE 2024 50623 and CVE 2024 55956 to breach corporate networks and steal sensitive data. Now, Cleo's platforms, including Harmony, VLTrader, and Lexicon are widely used by businesses to securely exchange files. The first vulnerability, CVE 2024 50623, was disclosed in October and allowed unrestricted file uploads, leading to remote code execution. Cleo released a patch soon after, but hackers continued to exploit the flaw.
And more recently, cybersecurity firm Huntress warned of further zero day exploits, leading to widespread data theft. In an interview with Bleeping Computer, Klopp couldn't say how much data they had stolen, but described it as quite a lot. The group claimed they were now deleting data from past breaches to focus on new companies compromised in these Cleo attacks. CLOP is no stranger to high profile attacks.
They've previously targeted organizations through similar managed file transfer vulnerabilities, including Movit and Accelium. This latest incident underscores the ongoing risks posed by zero day exploits in third party software. For Cleo users, it's another wake up call to patch vulnerabilities immediately and ensure systems are properly secured. And for those companies that Klopp says they're going to be targeting who were customers of Cleo, this has got to be keeping you up at night.
Russian aligned hacker groups are ramping up attacks on Western critical infrastructure, targeting energy, water, and utility systems. The two main groups, known as the People's Cyber Army, PCA, and Z Pen Test, have escalated their operations, tampering with operational technology controls, and posting their exploits on Telegram. Cyble Research reports that groups have targeted critical infrastructure across Canada, the U S Romania, Germany, and other Ukrainian allies.
Notable incidents include ransomware attacks on Romanian utility provider Electricia, which supplies power to 4 million users, and attacks on U. S. oil and water systems. In the U. S., PCA claims to have disrupted water treatment plants and oil well operations, causing downtime and environmental risks. Z pen test, or for my American listeners, Z pen test, which emerged in October has focused on industrial control systems, tampering with water pumping, gas flaring, and oil collection operations.
Cyble warned that these attacks expose vulnerabilities in critical systems that remain accessible to threat actors. While the groups claimed to operate independently, analysts suspect alignment with Russian government interests. Analysts believe these cyber attacks could be a precursor to larger espionage operations as Moscow faces mounting pressure over the war in Ukraine.
Seibel noted that while Russian hackers have shown increasing sophistication, they remain behind Chinese actors like Volt Typhoon in capability. For utilities and critical infrastructure operators, this surge in attacks is a stark reminder of the need for enhanced cyber security defenses. The consequences of operational disruptions are severe, and adversaries like Russia appear determined to exploit any weakness. That's our show for today.
You can find links in the show [email protected] or.ca. Take your pick. You can reach me with comments, questions, or tips at [email protected]. I'm your host, Jim. Love. Thanks for listening.