Blog
Learn More About the Industry
Learn More About the Industry
02 June 2023
RUSSIAN ANTIVIRUS COMPANY’S EMPLOYEES TARGETED BY HACKERS
On 25 March 2022, the U.S. Government added Russian antivirus company Kaspersky to its Covered List – meaning it deemed the company posed an unacceptable risk to U.S. national security. Yesterday, the company revealed that hackers had targeted its employees via a text messaging scheme. The unidentified hackers sent employees the message that contained a zero-click exploit. https://news.yahoo.com/kaspersky-says-attackers-hacked-staff-172245117.html
ANOTHER FILE TRANSFER TOOL IS BEING LEVERAGED BY HACKERS Over the past few years, hackers have learned to leverage vulnerabilities within the software supply chain to infiltrate computer networks. Three months ago, a popular file transfer software app’s vulnerabilities was used by the Clop ransomware crew to hack into 130+ organizations. History is (once again) repeating itself, as another file transfer app’s newly discovered vulnerability is being capitalized on by hackers. The vendor has released a patch to address the flaw – but the race is on between hackers and SysAdmins. https://techcrunch.com/2023/06/02/hackers-launch-another-wave-of-mass-hacks-targeting-companyfile-transfer-tools/
NEARLY 2.5 MILLION PEOPLE AFFECTED BY NEW HEALTHCARE BREACH
Another day, another healthcare network breach is announced. This time, a Massachusetts-based nonprofit healthcare provider is the victim. According to the U.S. Department of Health and Human Services breach portal, the company notified authorities on 24 May 2023 of the breach event. Approximately 2,550,902 individuals are affected by the breach of a network server. Hackers slipped into the server and maintained access within the network between 28 March 2023 and 17 April 2023. https://www.bleepingcomputer.com/news/security/harvard-pilgrim-health-care-ransomware-attack-hits25-million-people/?&web_view=true
THE NEW/IMPROVED BLACKCAT RANSOMWARE HAS BEEN RELEASED
In November 2021, the BlackCat ransomware crew boldly debuted its impressive ransomware-as-a-service business model. However, its software’s ability to infiltrate networks began dropping by as much as 28% - so it went back to the drawing board to devise something even more devious. That day has come, as the groups “Sphynx” ransomware is now floating in the wild. Sphynx can live within several popular operating system environments and can better evade detection once its hooked into a victim’s network. https://thehackernews.com/2023/06/improved-blackcat-ransomware-strikes.html?&web_view=true
03 May 2023
MICROSOFT EMAIL ENCRYPTION VULNERABLE TO STRUCTURAL LEAKS
Email security 101 lists encryption of email contents as a best practice – an absolutely true statement that should be embraced whenever possible. However, the security realm is always evolving to offset hacker’s ability to crack algorithms with their always-improving hacking tools. One of the world’s most popular email platforms is under the microscope for its use of an algorithm that the NIST says contains a “severe security vulnerability” – an adversary who collects a vast amount of encrypted emails can crack its key. https://www.bankinfosecurity.com/microsoft-email-encryption-vulnerable-to-structural-leaks-a-20262?&web_view=true
RANSOMEXX LEAKS 52GB OF BARCELONA HEALTH CENTERS' DATA
Last week, unnamed hackers penetrated the network defenses of the “Consorci Sanitari Integral”, which is one of Barcelona, Spain’s largest healthcare entities who treats over one million patients each year. Hackers leveraged a social engineering attack against an employee and provided access to the hospital network (presumably via an IT/helpdesk scam). A few days later, the ransomware actor(s) leaked 52GB of data presumably stolen from the hospital’s network. Hospital IT staff are restoring systems from backups. https://www.bankinfosecurity.com/ransomexx-leaks-52-gb-barcelona-health-centers-data-a-20260?&web_view=true
LOCKBIT 3.0 MALWARE FORCED NHS TECH SUPPLIER TO SHUT DOWN SITES
Increasingly, ransomware actors are targeting/breaching companies who provide goods/services to a wider range of entities (i.e. industry, government agencies). This time around, the infamous Lockbit ransomware crew infiltrated the network of a software provider firm who is relied upon by United Kingdom’s “National Health Service”. The intrusion forced healthcare professionals to revert back to typewriters, pens and paper to continue treating British citizens. https://www.theregister.com/2022/10/14/nhs_software_hosting_provider_advanced_ransomware_lockb it/?&web_view=true
BEWARE OF FAKE UPDATE NOTIFICATIONS HITTING YOUR INBOX
Even though every modern operating system (and most applications) can update themselves (if you activate automatic updates), ransomware groups have begun targeting home computer users with related scams. The phishing/ransomware campaign (coined Magniber) purports to deliver a software update for the victim’s computer if they click an embedded hyperlink. Once clicked, ransomware is promptly installed onto the computer and the extortion ploy is then executed. https://www.zdnet.com/article/this-unusual-ransomware-attack-targets-home-pcs-so-beware/?web_view=true
09 September 2022
WARNING ISSUED FOR IRANIAN HACKING GROUP “PHOSPHORUS”
Phosphorus, also known as “Charming Kitten” and “APT35”, is perhaps best known for its attacks levied against the U.S. presidential campaign in 2019. The state-sponsored group is both technically capable and relentless, with a diverse portfolio of hacking ploys, to include social media and smartphone campaigns. Yesterday, the cyber intelligence division within the world’s largest software company issued an alert which documents Phosphorus members moonlighting for personal gain. https://thehackernews.com/2022/09/microsoft-warns-of-ransomware-attacks.html?&web_view=true
POPULAR OUTDOOR APPAREL COMPANY HACKED
“Credential Stuffing” has nothing to do with Thanksgiving meals – instead, the term describes a criminal practice of purchasing stolen user credentials (typically from the Dark Web) and then leveraging computer systems against the account information to hack their way into a network. One of merica’s most popular outdoor apparel companies recently fell victim to this style of attack, and recently divulged that 194,905 customer accounts had been
hacked via the company’s website. https://www.bleepingcomputer.com/news/security/200-000-north-face-accounts-hacked-in-credentialstuffing-attack/?&web_view=true
AMERICAN LAPTOP/PRINTER COMPANY ISSUES SECURITY ADVISORY
Perhaps best known for its printers that are a staple of home offices and businesses around the world, the U.S. company appears to have resolved a bug within a ‘Support Assistant’ app identified within CVE-2022-38395. The bug was identified within a troubleshooting application, typically installed onto a client’s machine as part of the device driver installation suite, which could permit an attacker to escalate their privileges on the system via a DLL hijacking exploit. Users should evaluate the patch to the ‘Support Assistant’ application to protect their systems from potentially being hacked. https://www.bleepingcomputer.com/news/security/hp-fixes-severe-bug-in-pre-installed-support-assistant-tool/?&web_view=true
IOT TESTING/VALIDATION GUIDE RELEASED
As Internet of Thing (IOT) devices become increasingly commonplace across government agencies, laboratory spaces and private businesses, ensuring they are safe to integrate into a network environment is problematic at best. An anti-malware non-profit has released a guide to aid with IOT device vetting to minimize risks associated with these sometimes-challenging devices. https://www.securityweek.com/amtso-publishes-guidance-testing-iot-securityproducts?&web_view=true
07 September 2022
NEW SOCIAL MEDIA PHISHING CAMPAIGN IDENTIFIED
A hugely popular U.S. based photo & video sharing social network platform, who boasts 1.2 billion active users, is a frequent target of criminals seeking to make a quick buck. The platform assigns a coveted ‘blue badge’, which signifies the platform has verified the account belongs to a celebrity, company or brand (and therefore is trustworthy). The phishing message claims the recipient’s account is eligible to receive a blue badge by filling out/submitting a (bogus) form.
RECENTLY PASSED CHIPS BILL HAS MANUFACTURING “GOTCHA”
The recently passed US Chips and Science Act has several goals in mind: address semiconductor supply chain issues (a national security concern), bring back manufacturing jobs to America and reduce our nation’s reliance on Asian produced semiconductors. The $50 billion initiative also stipulates that U.S. tech companies, who receive federal funding, are prohibited from building ‘advanced technology’ facilities inside of China for the next 10 years – which could result in pushback from the Chinese government via tariffs on American exports and/or restricting the flow of Chinese goods that reach American docks. https://news.yahoo.com/us-bars-advanced-tech-firms-032226056.html
IRANIAN CYBER ATTACK RESULTS IN POLITICAL DISCORD
Two months ago, Albania’s computer network that its government employees rely on was hacked, with data exfiltrated, ransomware deposited on servers and public services impacted. Forensic examiners dubbed the new ransomware “ROADSWEEP” and linked it to Iran state-sponsored hackers. Fallout over the event continues – yesterday, Albania announced it will cut diplomatic ties to Iran and has ordered its diplomats to leave Iran within 24 hours. The White House National Security Council also announced that the United States will pursue further action against Iran (NFI). https://news.yahoo.com/albania-cuts-iran-ties-orders-104851580.html
30 August 2022
LIBRARY BOOK DISTRIBUTOR BROUGHT DOWN BY RANSOMWARE
A 190 year old North Carolina-based company who proclaims to be the world’s largest supplier of library books was recently hit with a ransomware attack that crippled its business. On 23 Aug 2022, the company’s network was taken over by hackers, bringing down its servers, phone lines and service centers. The ransomware actor has yet to be identified; services to 5000+ libraries are currently impacted. https://www.bleepingcomputer.com/news/security/leading-library-services-firm-baker-and-taylor-hit-by-ransomware/?&web_view=true
STUDENT LOAN MIDDLEMAN COMPANY IS BLEEDING STUDENT PII
An Oklahoma-based private company which assists students in processing/obtaining student loans is currently dealing with a hacking problem. On 22 July 2022, hackers infiltrated a 3rd party’s network that housed 2,501,324 student records after locating, and then exploiting, a network vulnerability. PII, including the student’s SSN, were exposed. A class action lawsuit is being considered by a law firm. https://www.bleepingcomputer.com/news/security/nelnet-servicing-breach-exposes-data-of-25m-student-loan-accounts/?&web_view=true
IMPACT OF MARKETING COMPANY BREACH WAS UNDERESTIMATED
Back on 28 April 2022, a Wisconsin-based company who specializes in custom printing solutions for 3000+ customers was hit by a cyber-attack. Unlike a corner packing/printing store, this one accommodates a vast number of medical and government customers, which made the hack significant. Several states’ Attorney General offices are investigating the data breach, which has swelled to over 2.7 million victims whose medical data was likely compromised.
FTC SUES IDAHO COMPANY FOR COLLECTING/SELLING GEODATA
In the 21st century, technology continually tracks consumer’s whereabouts – and cellular phones are amongst the worst offenders thanks to its embedded GPS functionality. Making matters worse are companies who collect, and then sell, this geographic location data, which can expose an American citizen to stalking, potential physical violence and more. The FTC has filed a lawsuit against an Idaho-based company who collects 94 billion geodata transactions month and sells access to the collected information to other companies via a $27k subscription – which the FTC argues is an invasion of privacy issue. https://www.bleepingcomputer.com/news/security/us-govt-sues-kochava-for-selling-sensitive-geolocation[1]data/?&web_view=true
23 August 2022
Ethernet LEDs Can Be Used to Exfiltrate Data From Air-Gapped Systems
A researcher from the Ben-Gurion University of the Negev in Israel has published a paper describing a method that can be used to silently exfiltrate data from air-gapped systems using the LEDs of various types of networked devices. https://www.securityweek.com/ethernet-leds-can-be-used-exfiltrate-data-air-gapped-systems
Indexsinas SMB Worm Campaign Infests Whole Enterprises
The Indexsinas SMB worm is on the hunt for vulnerable environments to self-propagate into, researchers warned – with a particular focus on the healthcare, hospitality, education and telecommunications sectors. Its end goal is to drop cryptominers on compromised machine. https://threatpost.com/indexsinas-smb-worm-enterprises/167455/?web_view=true
3 June 2022
INTERNATIONAL EFFORT BRINGS DOWN MOBILE MALWARE GROUP
An 11-country law enforcement effort recently chalked up a rare win in the cyberwar fight by taking down the FluBot crew. The malware affected an operating system found in millions of smartphones, tablets, IoT devices and other electronics, and was designed to locate/steal stored financial credentials once it infected a device. FluBot was identified as the world’s second most active banking Trojan. https://thehackernews.com/2022/06/flubot-android-spyware-taken-down-by.html
COSTA RICA STILL BEING TARGETED BY CYBER-ATTACKS
The past few weeks have been very problematic for Costa Rica’s computer networks – and hackers have turned their aggression towards the country’s hospitals and clinics. A cyber-attack against the country’s “Costa Rican Social Security Fund” resulted in its digital record-keeping system being taken offline, which immediately rippled across 1200+ medical facilities and thousands of patients. The Costa Rican President had declared a national emergency on 8 May 2022 because of severe cyber-attacks attributed to Conti, a Russian-based hacking crew that pledged to overthrow Costa Rica’s government. https://news.yahoo.com/latest-cyberattack-costa-rica-targets-210813525.html
THE DOJ SEIZES THREE MALICIOUS INTERNET DOMAINS
Last week, the Department of Justice (DOJ) seized three Internet domains that were being used by cybercriminals via a warrant issued by the District of Columbia. The websites were used to peddle stolen PII and offered DDOS services to hackers to “rent”. One of the online databases possessed over seven billion entries culled from over 10,000 data breaches. https://thehackernews.com/2022/06/doj-seizes-3-web-domains-used-to-sell.html
GERMAN AGENCY ISSUES WARNING OF LOOMING CYBER-ATTACKS
BaFin is Germany’s financial regulatory authority which falls under Germany’s Federal Ministry of Finance. This past Monday, its leadership issued a cybersecurity warning to the country’s financial institutions which have experienced an uptick in DDOS attacks that are attributed to Germany’s support of Ukraine. https://news.yahoo.com/1-germany-issues-fresh-warning-151906843.html
ISRAELI COMPANY IDENTIFIES SMARTPHONE VULNERABILITY
Smartphones, like computers, possess firmware chips inside of their case which store rudimentary (but vital) code required for the device to function. An Israeli cybersecurity firm has identified an exploitable vulnerability within a smartphone’s modem firmware chip – and millions of devices are affected. The chips are manufactured by UNISOC – a semi-conductor company based in Shanghai, China. A security patch is pending release. https://thehackernews.com/2022/06/critical-unisoc-chip-vulnerability.html
PORTLAND CITY GOVERNMENT SCAMMED OUT OF $1.4 MILLION
A cybersecurity breach has proven costly for the city of Portland, OR, who fell victim to a Business Email Compromise (BEC) scam that netted attackers a $1.4 payday. Last month, the FBI issued an alert regarding BEC scams that have conned businesses out of an astounding $43 billion between June 2016 and December 2021. In this latest incident, cybercriminals compromised a city government email account and ultimately conducted the fraudulent financial transaction. In 2019, Portland’s public school district
was scammed out of nearly $2.9 million via a BEC scam. https://therecord.media/cybercriminal-scams-city-of-portland-ore-for-1-4-million/?web_view=true
PROOF OF CONCEPT IOT RANSOMWARE MADE PUBLIC
Cybersecurity researchers love to publish proof of concept papers to spotlight their skills – but they can be a double edged sword, as they can also “steer” cyber-criminals
attention to an exploit they hadn’t previously considered. Internet of Thing (IoT) devices give cybersecurity/IT professionals headaches – primarily because many IoT manufacturers pay little attention to securing the devices. The proof of concept, aptly coined “Ransomware for IoT”, seeks out and then attacks IoT devices to enable the attacker to move laterally across a network. https://thehackernews.com/2022/06/researchers-demonstrate-ransomware-for.html
02 July 2021
COMPLEX MALWARE WORM TARGETING INFRASTRUCTURE
The Indexsinas worm is particularly complex malware that incorporates code previously stolen from the NSA that first surfaced in 2019. Hackers are now leveraging the worm with over 1300 attack machines to infiltrate computer networks – favoring the healthcare, hospitality, education and telecommunications sectors. The malware disguises itself when operational by cloning names one typically sees within the operating system to explore running processes within memory. Cybersecurity researchers have documented roughly 2000 attacks that leveraged the Indexsinas worm. https://threatpost.com/indexsinas-smb-worm-enterprises/167455/?web_view=true
RANSOMWARE AUDIT TOOL RELEASED BY CISA
CISA’s “Cyber Security Evaluation Tool” has been amended to include a new ransomware audit component coined “Ransomware Readiness Assessment”. The tool helps cybersecurity personnel evaluate their computer network for their cybersecurity posture to defend against ransomware malware. https://www.bleepingcomputer.com/news/security/cisa-releases-new-ransomware-self-assessment-security-audit-tool/?&web_view=true
DHL DELIVERY SCAMS CONTINUE TO REAP PROFIT
DHL, a Germany parcel delivery company that is widely uses to transport packages to/from Europe, continues to be leveraged by cybercriminals for spear phishing and SMS phishing campaigns. Recipients receive an email or SMS text message that is personalized, displays the DHL logo and claims the potential victim is receiving a package but needs to first log into an online account to update the system to ensure delivery – and personal information is then requested that leads to identify theft. Although the current bout of DHL phishing is primarily affecting Malta and England, these scams are quite common in the U.S. – it is a best practice to manually check the status of a shipping number via the shipper’s website. https://timesofmalta.com/articles/view/parcel-delivery-scams-at-least-20-people-a-day-are-falling-victim.879662
GERMAN INDUSTRIAL SECTOR EQUIPMENT REQUIRES PATCHING
Weidmueller, a Germany company specializing in industrial solutions equipment, has issued emergency patches for their wireless LAN equipment that is popular within the machinery, energy, manufacturing, transportation, and building infrastructure sectors. CISA has previously issued security advisories for Weidmueller’s products. https://www.securityweek.com/weidmueller-patches-dozen-vulnerabilities-industrial-wlan-devices?&web_view=true