Google Cloud is Rolling Out Mandatory MFA; Interpol Operation Targets Ransomware, Phishing, and Info Stealers; German Legislation Aims to Protect Legitimate Cybersecurity Research

Google Cloud plans to establish mandatory multi-factor authentication by the end of 2025. This month (November 2024), Google Cloud will begin encouraging the 30 percent of users who have not yet adopted MFA to do so. In early 2025, Google Cloud will start 'requiring MFA for all new and existing Google Cloud users who sign in with a password.' By the end of 2025, Google Cloud expects to 'extend the MFA requirement to all users who federate authentication into Google Cloud.' They will offer flexible options for MFA adoption.

An INTERPOL operation involving law enforcement agencies and private sector partners in multiple countries has resulted in more than 40 arrests and the disruption of dozens of servers allegedly used to conduct criminal activity. Operation Synergia II targeted criminal operations involved in phishing, ransomware, and information stealers. More than 22,000 suspicious IP addresses were taken down and nearly 60 servers seized.

Germany's Federal Ministry of Justice is proposing an amendment to computer criminal law 'to clearly distinguish legally between actions in IT security research that are not to be disapproved of and behavior that is punishable. The bill is intended to eliminate the existing legal uncertainty and also to increase the scope of punishment for serious offenses that endanger or impair critical infrastructure.'

On October 30, 2024, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka, who is accused of extorting companies after stealing hundreds of millions of customer records from Snowflake cloud data storage accounts. The 26-year-old was taken into custody under a provisional US arrest warrant, and appeared in court on November 5, 2024 "as part of extradition proceedings." Mandiant has been tracking threat cluster UNC5537 and its compromise and sale of Snowflake-stored data since April, 2024, and believes that the cloud storage accounts were breached using credentials previously stolen and leaked in infostealer attacks; the accounts in question were not protected by MFA. Among the 165 compromised accounts were Live Nation Entertainment (Ticketmaster), Advanced Auto Parts, Lending Tree, Neiman Marcus, Santander Bank, State Farm, and AT&T, who reportedly paid $370,000 (US) for deletion of stolen phone records. KrebsOnSecurity identifies aliases and actors associated with UNC5537 including John Erin Binns Ð who was arrested in Turkey in May, 2024, for involvement in a 2021 T-Mobile breach Ð and two nicknames believed to be used by Moucka, associated with SIM-swapping attacks, data breaches, and violent online harassment, swatting, doxxing, and extortion from extremist "harm groups." Allison Nixon, Chief Research Officer at Unit 221B, is aware that other closely-associated threat actors are still at large, but calls Moucka's arrest "a good start," as he is "one of that tiny minority that causes disproportionate harm."

On Wednesday, November 6, Cisco released updates to address a critical command injection vulnerability in the web-based management interface of their Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points. The improper validation of input issue could be exploited to execute arbitrary command with root privileges on vulnerable systems. Users running Cisco Unified Industrial Wireless Software Release version 17.15 are urged to update to version 17.15.1. Users running Cisco Unified Industrial Wireless Software Release versions 17.14 and earlier are urged to migrate to a fixed release. Cisco also released updates to address more than a dozen additional vulnerabilities in their products.

Memorial Hospital and Manor in the US state of Georgia is experiencing IT outages related to a ransomware attack. Specifically, hospital staff are unable to access their electronic health record (EHR) system. The attack has also disrupted the availability of Memorial Hospital and Manor's email system and website. The hospital posted a notification on their Facebook page on Sunday, November 3, noting that they had detected a ransomware attack the previous day.

Court systems in the northwestern US state of Washington are experiencing outages after the Washington State Administrative Office of the Courts (AOC) detected 'unauthorized activity on the Washington courts network.' AOC 'proactively took down [their] systems to secure them.' Some Washington state court systems have reported that their electronic filing systems and phones were unavailable; others have rescheduled certain hearings. The suspicious activity was identified over the weekend; the systems have been offline since Sunday, November 3.

'From housing to health care to national security, algorithms are making consequential decisions, diagnoses, recommendations, and predictions that can significantly alter our lives,' says Senator Ed Markey (D-MA), who introduced the Eliminating Bias in Algorithmic Systems (BIAS) Act to the US Senate in December, 2023. The same bill was introduced in the House of Representatives on November 1, 2024, and is co-sponsored by a total of eighteen Democrats in the House and Senate. Sen. Markey emphasizes that the impact of AI and "Big Tech" compounds the risks, requiring the federal government to "protect [marginalized] communities and ... address algorithmic harms." The law would direct "all Federal agencies that use AI technology to create an office of civil rights." These offices would investigate and enact measures to mitigate algorithmic discrimination through their agencies' relationships with "industry, representatives, businesses, [and] civil rights advocates;" these reports would then be passed to congressional committees to generate additional legislative and administrative recommendations.

The South Korean government's Personal Information Protection Commission (PIPC) has stated that Meta violated the Personal Information Protection Act (PIPA) by illegally collecting data from approximately 980,000 users and sharing those data with advertisers, and has fined the company 21.6 billion won ($15.6 million US). Meta disregarded legal safeguards for personal data, "reject[ed] access to personal data without legitimate rationale," and was negligent in identity verification during account recovery, leading to data breaches for at least 10 users. The PIPC press release issued on November 7, 2024, states that "Put simply, Meta analyzed users' behavioral data, including the pages they hit the 'Like' button, ads they clicked on Facebook, etc., to create and operate advertising topics associated with sensitive data (specific religious affiliations, homosexuality, whether a user is a transgender or North Korean defector) collected from the users." Both Meta and Google have repeatedly incurred tens of millions in fines from the PIPC for similar violations.