Welcome reader to your CybersecurityHQ report.

Headlines

A ZDF report reveals that hackers targeted the German automaker Volkswagen for at least 19 years, stealing over 19,000 documents. Beginning in 2010, these hackers stole intellectual property multiple times, only ending in 2015. The documents focused on a handful of key elements — the company’s electric vehicle research, gasoline engine development, transmission development, and dual-clutch transmission research.

The operation is believed to have originated in China, given the times of day, IP addresses, and software. Volkswagen Group ranks among the top automakers globally, with their brands extending to Audi, Lamborghini, Porsche, Bentley, and more.

After 15 years without incident, MITRE has been successfully hacked by nation-state hackers using Ivanti edge devices to enjoy three full months of deep access to one of the institution’s unclassified networks. Ironically, the hackers used eight techniques developed by MITRE.

It began with the exploitation of two Ivanti COnnect Secure zero-day vulnerabilities, then used a compromised administrator account to gain further access. It’s sobering news that MITRE would be attacked. As president and CEO Jason Providakes said, “No organization is immune from this type of cyber attack, not even one that strives to maintain the highest cybersecurity possible.”

South Korean police are claiming an “all-out” attack by hacking teams with ties to North Korea. A spat of cyberattacks has been identified in connection with Lazarus, Kimsuky, and Andariel — all three groups are believed to be state-sanctioned by North Korea.

While the police won’t name the companies attacked, the methods appear fairly rudimentary. The threat actors went after subcontractors, finding employees who reused passwords from their personal accounts for official email accounts. North Korea denies involvement in any hacking campaigns.

Interesting Read

We almost always think of the cost of cybersecurity lapses in terms of ransom and recovery. The Hacker News recently ran a post highlighting the more pernicious and deeper costs associated with these incidents.

While the content is not groundbreaking, it highlights the many ways that cybersecurity professionals protect an organization. Security incidents can not only lead to astronomical ransoms and costly recovery, but they can also damage revenue in the long term, hurt customer perception, strain supplier relationships, jack up insurance premiums, and trigger regulatory fines.

Employment Tip: Join Hackathons

These events challenge participants to think critically and creatively, and if you perform well, they serve as a practical showcase of your abilities. But you might not even need to add it to a resume. Many companies and organizations scout for talent at these competitions.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team