CyberWire Daily: Insider Threats, Data Breaches, and Maritime GPS Spoofing

Cybersecurity Breaches and Incidents

• ⚠️ CrowdStrike fired an insider who allegedly shared screenshots of internal systems with hackers, though the company states its systems were never compromised.
• 🎯 Google's threat intelligence reports that hackers stole data from over 200 Salesforce instances via third-party apps, exploiting integrations rather than the core platform.
• 🔒 Cox Enterprises confirmed a breach of its Oracle EBS instance, leading to the theft of personal information for nearly 9,500 individuals.
• ✈️ Spanish airline Iberia disclosed a breach affecting customer names, email addresses, and loyalty card numbers, attributed to a third-party vendor.
• 🎓 Harvard University reported a voice phishing attack compromised alumni affairs and development systems, exposing data like email addresses and phone numbers.

Exploited Vulnerabilities and Hacking Tactics

• 💻 Attackers exploited a recently patched vulnerability in Windows Server Update Services (WSUS) to deploy the ShadowPad backdoor.
• ⚖️ Two alleged hackers pleaded not guilty to charges related to a cyber attack against Transport for London.
• 🚢 Maritime GPS spoofing and jamming are increasing, with incidents reported in the Eastern Mediterranean, Black Sea, Western Pacific, and Red Sea.

Business Briefing and Funding

• 💰 US-based Doppel raised $70 million in a Series C round to expand its digital risk protection portfolio.
• 📊 Bedrock Data, a US-based data security firm, raised $25 million in a Series A round to accelerate product development.
• ☁️ Cloudflare announced its intention to acquire Replicate, a US-based AI model development company, to enhance its Cloudflare Workers offering.

Maritime GPS Jamming and Spoofing Deep Dive

• 🛰️ GPS signals, originally designed for military precision, are now crucial for civilian navigation, enabling trillions in economic value.
• 🌊 The maritime industry relies heavily on GPS for navigation, autonomous operations, and avoiding hazards, making it vulnerable to interference.
• 🔊 Jamming involves overwhelming receivers with noise, while spoofing replicates GPS signals with a timing delay to manipulate a receiver's perceived location.
• 🌍 Adversaries can use spoofing to lure ships into restricted waters or create false pretenses for boarding or attack, impacting exclusive economic zones and freedom of navigation operations.
• 🛡️ Mitigation strategies include developing next-generation GPS systems, implementing navigation message authentication, and exploring terrestrial or quantum-based navigation solutions.

Financial Crime and Money Laundering

• 🏦 A Russia-linked crime network acquired a stake in a Kyrgyzstani bank to launder cybercrime profits and channel funds into Russia's war chest.
• 💰 The operation involved low-paid couriers collecting cash, converting it to crypto, and funneling it through the acquired bank to support Russia's military lender.