Dutch Intelligence Uncovers Extensive Chinese Cyber Espionage

Dutch military intelligence has revealed that Chinese state-backed hackers have targeted Western governments, defense companies, and international organizations, with at least 20,000 victims worldwide in a few months. The hacking group, responsible for the 2023 attack on the Dutch defense ministry, has likely claimed many more victims. China's embassy has not responded to requests for comment, and Beijing has a history of denying allegations of cyber espionage. The Dutch intelligence agency has urged organizations to adopt an "Assume Breach" approach, assuming that a successful digital attack has already occurred or will occur soon.

Majority of Software Makers to Miss Biden's Cybersecurity Deadline

A recent survey by Lineaje found that 84% of software companies are not prepared to meet the June 11 deadline set by the Cybersecurity and Infrastructure Security Agency (CISA) to submit Software Development Attestation Forms, required for software security reporting. The forms aim to ensure software producers follow guidelines to secure their networks and share cyber incident information with the federal government. The survey attributed the lack of compliance to budget and staff restrictions, as well as limited awareness of the requirements. The federal government has emphasized the need for a secure software supply chain, citing past incidents like the SolarWinds breach. Despite the deadline, agencies are still working on a rule to require software companies to comply with the executive order.

Vulnerabilities Discovered in End-of-Life Netgear Routers

Security researchers have identified six vulnerabilities in older Netgear WNR614 N300 routers, which reached end-of-life three years ago. These vulnerabilities could allow attackers to bypass authentication, intercept sensitive communications, create weak passwords, and access device PINs and firmware. The flaws, tracked as CVE-2024-36787 through CVE-2024-36795, pose significant security risks. Researchers recommend deactivating vulnerable components, implementing robust password policies, encrypting sensitive data, and replacing the routers immediately.

Cyber Claims and Ransomware Attacks Reach Record Levels

According to Marsh's analysis, cyber claims and ransomware attacks reached record levels in 2023, with 1,800 cyber claims reported in the US and Canada. Ransomware incidents accounted for less than 20% of total cyber claims, but the median ransom demand soared to $20 million, and the median extortion payment increased to $6.5 million. Despite this, 77% of companies refused to pay the ransom, indicating growing resilience. To enhance cyber resilience, organizations should adopt proactive security measures, consider cyber risk across the enterprise, and use insurer-approved vendors to streamline claims management.