Weekly News Wrap-up
Cybersecurity News: December 13, 2021
DOJ Announces New Initiative to Use False Claims Act to Enforce Compliance with Data Privacy and Security Laws and Contract Requirements
JD Supra
“This new initiative significantly expands the potential liability of federal contractors and healthcare provider that participate in federal healthcare programs related to data privacy and cybersecurity issues.” Read More
Cybersecurity Takes the Wheel as Auto Industry’s Top Priority
Dark Reading, Yash Prakash
“The auto industry’s reliance on software and connectivity will only become more pronounced in the years to come. Building effective cybersecurity into all aspects of new vehicles and systems is essential to ensuring the future success of the automotive industry.” Read More
27 flaws in USB-over-network SDK affect millions of cloud users
Bleeping Computer, Bill Toulas
“These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded.” Read More
SolarWinds hackers have been quietly targeting governments, cloud providers
SC Magazine, Derek B. Johnson
“The SolarWinds campaign was about who were the vendors you trust and all the different software in your environment, and this threat actor leveraged that one-to-many relationship pretty well. When we fast forward to now and talking about the cloud service providers, that’s them again saying why spend a lot of effort targeting a dozen individual companies when I can instead target one company that can then get me into those dozen ones.” Read More
GraphQL API authorization flaw found in major B2B financial platform
ZD Net, Jonathan Greig
“It is tempting to believe that mobile apps create an obscurity layer that is hard for attackers to crack, but decades of experience show that security through obscurity just doesn’t get the job done. Organizations need to make sure every transaction requires authorization and every step of a transaction is checked to make sure the permissions are appropriate for what is being attempted.” Read More
Cybersecurity News: December 6, 2021
Phishing actors start exploiting the Omicron COVID-19 variant
Bleeping Computer, Bill Toulas
“Threat actors are quick to adjust to the latest trends and hot topics, and increasing people’s fears is an excellent way to cause people to rush to open an email without first thinking it through.” Read More
APT Groups Adopt New Phishing Method. Will Cybercriminals Follow?
Dark Reading, Kelly Sheridan
“By altering document formatting properties of [a rich text format] file, the attacker can weaponize it to access remote content by specifying a URL resource instead of an accessible file destination.” Read More
Yanluowang Ransomware Now Targeting US Companies
PC Magazine, Nathaniel Mott
“Symantec says that Yanluowang attacks typically involve an initial reconnaissance phase followed by credential harvesting, data exfiltration, and finally the encryption of the victim’s files.” Read More
HHS: APT targeting biomanufacturing with stealthy Tardigrade malware
SC Magazine, Jessica Davis
“The main role of this malware is still to download, manipulate files, send main.dll library if possible, deploy other modules and remain hidden [and for] espionage, tunnel creation, and for a bigger payload.” Read More
Credentials exposed for majority of US financial firm employees
SC Magazine, Karen Hoffman
“Employees and humans are the weakest points in terms of an organization’s cybersecurity posture and our findings related to the vast number of exposures in circulation are a serious cause for concern. These exposed credentials are the keys for threat actors to access companies’ sensitive data and critical systems.” Read More
Cybersecurity News: November 29, 2021
FBI warns of phishing targeting high-profile brands’ customers
Bleeping Computer, Sergiu Gatlan
“When cyber criminals gain access to a consumer’s online and email accounts, cyber criminals may be able to intercept emails with 2FA codes that are used to make significant changes to online accounts, update passwords, verify user access, or change security rules and setup before the account owner is notified and aware.” Read More
Holiday Scams Drive SMS Phishing Attacks
Dark Reading, Robert Lemos
“As the holidays approach, the volume of short message service (SMS) phishing has almost doubled from the same period in the prior year, continuing a trend of SMS-text phishing growing as a vector to attack mobile users and their devices.” Read More
GoDaddy security breach impacts more than 1 million WordPress users
Tech Republic, Lance Whitney
“The hosting company discovered unauthorizing access by a third party to its Managed WordPress hosting environment. [It] found that the third party used a compromised password to access the provisioning system in its legacy code base for Managed WordPress.” Read More
Hackers Exploit ProxyLogon and ProxyShell Bugs in Phishing Blitz
Infosecurity Magazine, Phil Muncaster
“Delivering the malicious spam using this technique to reach all the internal domain users will decrease the possibility of detecting or stopping the attack, as the mail getaways will not be able to filter or quarantine any of these internal emails.” Read More
Verizon’s Visible cell customers hacked, leading to unauthorized purchases
ARS Technica, Ax Sharma
“We have learned of an incident wherein information on some member accounts was changed without their authorization. … Our investigation indicates that threat actors were able to access username/passwords from outside sources and exploit that information to log in to Visible accounts.” Read More
Cybersecurity News: November 22, 2021
California Pizza Kitchen spills over 100,000 employee Social Security numbers
Tech Crunch, Carly Page
“The company said it learned of a ‘disruption’ to its systems on September 15 and moved to ‘immediately secure’ its environment. By October 4, the company said it had determined cybercriminals had infiltrated its systems and gained access to certain files, including employee names and SSNs.” Read More
US, UK warn of Iranian hackers exploiting Microsoft Exchange, Fortinet
Bleeping Computer, Sergiu Gatlan
“FBI and CISA have observed this Iranian government-sponsored APT group exploit Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021 to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.” Read More
New banking Trojan SharkBot makes waves across Europe, US
ZD Net, Charlie Osborne
“With the discovery of SharkBot we have shown new evidence about how mobile malware [is] quickly finding new ways to perform fraud, trying to bypass behavioral detection countermeasures put in place by multiple banks and financial services during the last years.” Read More
10,000+ websites and apps are vulnerable to Magecart
Helpnet Security
“Victims are often the last to know as it’s only later that organizations find that their data was sold or exploited, with the problem extending beyond any single vendor or client relationship. For enterprises in particular, Magecart attacks pose a significant challenge because it is problematic to set up a solution at scale.” Read More
Ohio hospital diverting ambulances, canceling appointments amid cyberattack
SC Magazine, Jessica Davis
“The latest advisory shows the health system is still working to safely restore systems and operations and warns province residents that it appears protected health information was stolen in the attack.” Read More
Cybersecurity News: November 15, 2021
Senators add CISA cyberattack/ransomware reporting amendment to defense bill
ZD Net, Jonathan Greig
“The amendment would update current federal government cybersecurity laws to improve coordination between federal agencies, force the government to take a risk-based approach to security, as well as require all civilian agencies to report all cyber-attacks to CISA, and major cyber incidents to Congress.” Read More
Mobile banking boom presents new risk, security concerns
SC Magazine, Karen Hoffman
“This is a massive target opportunity, to make scams so appealing to fraudsters. No longer are you looking for unauthorized access from an unusual device and location. Now you have to spot the anomaly within a legitimate user transaction that the victims themselves are orchestrating.” Read More
A stalker’s wishlist: PhoneSpy malware destroys Android privacy
ZD Net, Charlie Osborne
“Even though thousands of South Korean victims have fallen prey to the spyware campaign, it is unclear whether they have any connections with each other. But with the ability to download contact lists and send SMS messages on behalf of the victim, there is a high chance that the malicious actors are targeting connections of current victims with phishing links.” Read More
Robinhood discloses data breach impacting 7 million customers
Bleeping Computer, Lawrence Abrams
“At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people.” Read More
Mobile phishing exposure in the energy industry surged 161% in 2021
Helpnet Security
“As the energy industry modernizes and relies more heavily on mobile devices and cloud solutions, these insights into mobile phishing and app threats can help organizations strengthen their security program.” Read More
Cybersecurity News: November 8, 2021
Amazon Spoofed in New Attack
Infosecurity Magazine, Sarah Coble
“To incite the victims to make the call to Amazon, the attackers include high-price items on the fictitious emailed invoice.” Read More
Medical school exposes personal data of thousands of students
ZD Net, Charlie Osborne
“The server, which did not have authentication controls in place and was, therefore, accessible by anyone to view, contained 157GB of data, or just under an estimated 200,000 files.” Read More
FBI: Ransomware targets companies during mergers and acquisitions
Bleeping Computer, Sergiu Gatlan
“Impending events that could affect a victim’s stock value, such as announcements, mergers, and acquisitions, encourage ransomware actors to target a network or adjust their timeline for extortion where access is established.” Read More
Manufacturers forced to improve cyber security of wireless devices under new EU rule
IT Pro, Connor Jones
“To demonstrate compliance, manufacturers will have a choice of either submitting a self-assessment, or they can rely on a third-party assessment performed by an independent inspection body.” Read More
UMass Memorial notifies 209K patients 8 months after data breach discovery
SC Magazine, Jessica Davis
“The review determined the accounts contained a range of information from patient and health plan participants that included names, medical record numbers, health insurance details, clinical data, treatments, dates of birth, diagnoses, subscriber IDs, benefits election information, and procedures, among other data.” Read More
Cybersecurity News: November 1, 2021
Ransomware Soars 148% to Record-Breaking Levels in 2021
Infosecurity Magazine, Phil Muncaster
“As we see it, ransomware is on a nearly unimaginable upward trend, which poses a major risk to businesses, service providers, governments and everyday citizens.” Read More
Microsoft warns of new supply chain attacks by Russian-backed Nobelium group
Tech Republic, Lance Whitney
“The group’s likely goal is to obtain direct access that resellers have to the IT systems of their customers. If successful, Nobelium would then have a way to impersonate a technology provider and attack its downstream customers.” Read More
As fewer victims pay ransoms, Conti gang looks to sell victim data
SC Magazine, Joe Uchill
“In general, we’re just seeing fewer people pay. And so whenever that happens, the ransomware actors sort of try and launch new ventures as far as ‘how else can we coerce money out of people or monetize the data that was stolen.'” Read More
SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat
Dark Reading, Jai Vijayan
“We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers.” Read More
Gigabyte struck by ransomware for the second time in three months
Silicon Angle, Duncan Riley
“In most double extortion schemes, the data theft focuses on quantity rather than quality. The file tree from this dump suggests that in this case, the threat actor focused on quality.” Read More
Cybersecurity News: October 25, 2021
Threat Actors Abusing Discord to Spread Malware
Infosecurity Magazine, Phil Muncaster
“As of now, any type of file, malicious or not, whose size is less than 8MB can be uploaded and sent via Discord. Because the file content isn’t analyzed, malware can be easily spread via Discord.” Read More
Sticky business: Ransomware hits U.S. candymaker ahead of Halloween
NBC News, Kevin Collier
“Ferrara…has been able to resume production only “in select manufacturing facilities. The spokesperson declined to say what percentage of orders it expected to fill before Halloween.” Read More
Telecommunications Providers Worldwide Are Targeted in Sophisticated Cyber-Espionage Campaign
Dark Reading, Jai Vijayan
“[LightBasin] is a pretty advanced actor. They have very bespoke tools that are meant to target the global telephony infrastructure and they are very good at what they do.” Read More
Acer hit with second cyberattack in less than a week, Taiwanese authorities notified
ZD Net, Jonathan Greig
“…Acer is way behind in its cybersecurity effects on protecting its data and is a global network of vulnerable servers.” Read More
US links $5.2 billion worth of Bitcoin transactions to ransomware
Bleeping Computer, Sergiu Gatlan
“The total value of ransomware-related [Suspicious Activity Reports] from the first six months of 2021, $590 million, already exceeds the $416 million reported for the entire year of 2020.” Read More
Cybersecurity News: October 18, 2021
DocuSign phishing campaign targets low-ranking employees
Bleeping Computer, Bill Toulas
“While these emails are crafted to look like legitimate DocuSign messages, they are not being sent from the platform. On real DocuSign emails, users are never asked to enter passwords, but rather an authentication code is emailed to the recipient.” Read More
Customers On Alert as E-Commerce Player Leaks 1.7+ Billion Records
Infosecurity Group, Phil Muncaster
“The server was left unencrypted with no password protection in place. It contained 610GB of data, including customers’ full names, home and delivery addresses, phone numbers and billing details.” Read More
North American Orgs Hit With an Average of 497 Cyberattacks per Week
Dark Reading, Jai Vijayan
“Ransomware attacks overall so far in 2021 have increased by 93% compared with the same period last year. The attacks have touched one in 61 organizations globally, a 9% increase over last year.” Read More
Pacific City Bank discloses ransomware attack claimed by AvosLocker
Bleeping Computer, Bill Toulas
“…ransomware actors had unfortunately obtained the following information from its systems: loan application forms, tax return documents, W-2 information of client firms, payroll records of client firms, full names, addresses, Social Security Numbers, and wage and tax details.” Read More
NCSC CEO: Ransomware the “Most Immediate Threat” Facing UK Businesses
Infosecurity Group, James Coker
“…we expect ransomware will continue to be an attractive route for criminals as long as organizations remain vulnerable and continue to pay.” Read More
Cybersecurity News: October 11, 2021
Twitch confirms hack after source code and creator payout data leaks online
TechCrunch, Zack Whittaker
“…a leaker claims to have taken the video game streaming giant’s source code, as well as proprietary SDKs, or software development kits, which let developers integrate Twitch into their apps and services.” Read More
U.S. govt to sue contractors who hide breach incidents
Bleeping Computer, Ionut Ilascu
“The initiative will hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.” Read More
Large ransom demands and password-guessing attacks escalate
Helpnet Security
“Ransomware gangs may have overdone it this time: the involvement of law enforcement in these high-impact incidents forced several gangs to leave the field. The same can’t be said for TrickBot, which appears to have bounced back from last year’s disruption efforts, doubling in our detections and boasting new features.” Read More
Largest mobile SMS routing firm discloses five-year-long breach
Bleeping Computer, Ionut Ilascu
“…it is easy to infer the type of data the hackers could access by breaching Syniverse: at least details about the source, destination, timestamps, general location, and possibly the content of the text messages.” Read More
Coinbase warns users of ‘large-scale’ phishing threat
Cnet, Julian Dossett
“To gain control of user accounts, scammers sent phishing emails that claimed to be from Coinbase. When users clicked on a link in the email and entered their account credentials, the perpetrators were able to see the credentials and take control of the accounts.” Read More
