Tag Archive for: 2nd

2nd October – Threat Intelligence Report


For the latest discoveries in cyber research for the week of 2nd October, please download our Threat_Intelligence Bulletin.

TOP ATTACKS AND BREACHES

  • Check Point researchers have detected a phishing campaign exploiting popular file-sharing program Dropbox. The threat actors use legitimate Dropbox pages to send official email messages to the victims, which will then redirect the recipients to credential stealing pages.
  • Japanese entertainment giant Sony, as well as major Japanese telecom provider NTT Docomo have been the victims of ransomware attacks during the past week. The ‘ransomed.vc’ threat group has assumed responsibility for both attacks and has demanded millions of dollars in ransom from the two companies. The group threatens to sell or leak data exfiltrated in the breaches if its demands are not met.
  • American conglomerate Johnson Controls has been hit by ransomware. Ransomware group Dark Angels is demanding $51M from the company in ransom and claims to have exfiltrated more than 25TB of data during the attack. The American Department of Homeland Security is reportedly investigating whether information regarding its facilities had been leaked in the attack, as Johnson Controls is a contractor for the department’s buildings.
  • Hong Kong cryptocurrency exchange firm Mixin has disclosed that $200M have been stolen in a breach of its network. According to the firm’s statement, the threat actors have gained access by attacking a database belonging to the company’s cloud provider in order to conduct the theft.
  • Russian flight booking vendor Leonardo’s services have been disrupted by a distributed-denial-of-service attack. As a result, multiple Russian airline companies, including the state-owned Aeroflot, were unable to process booking requests. Ukrainian hacktivist collective ‘IT Army of Ukraine’ has claimed responsibility for the attack.
  • Kuwait’s Ministry of Finance has acknowledged that its network had been breached in a cyber-attack. The ministry claims that financial data of its employees was not impacted in the attack. Ransomware group Rhysida has assumed responsibility and demands $400,000 in ransom.

Check Point Harmony Endpoint and Threat Emulation…

Source…

India 2nd most targeted by ransomware in Asia Pacific, Japan region in 2022




India is the second most targeted country by ransomware in the and Japan region in 2022, up from spot 3 in 2021, a new report said on Tuesday.


In 2022, Maharashtra was the most-targeted state with 36 per cent of ransomware attacks, while New Delhi was at second, according to the Palo Alto Networks 2023 Unit 42 Ransomware and Extortion report.


“Ransomware and extortion groups are forcing their victims into a pressure cooker, with the ultimate goal of increasing their chances of getting paid,” said Wendi Whitmore, senior vice president and head of Unit 42 at Palo Alto Networks.


Moreover, the report mentioned that manufacturing, construction, and professional & legal services were the most targeted industries.


The most active ransomware groups include Lockbit 2.0, BianLian, and Stormous.


Further, the report found that data theft was the most common of the extortion tactics, with 70 per cent of groups using it by late 2022 — a 30 per cent increase from the year prior.


Organisations based in the US were most severely publicly affected, with 42 per cent of the observed leaks in 2022, followed by Germany and the UK, accounting for nearly 5 per cent each.


The report also said that 30 organisations on the Forbes Global 2000 list were publicly impacted by extortion attempts in 2022.


Since 2019, at least 96 of these organisations have had confidential files publicly exposed to some degree as part of attempted extortion.


–IANS


shs/vd

(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)


Source…

Internet Faces Immense Risk As 2nd Serious Exploit Found, Patch Released


hacker

As the Internet faces one of the most serious vulnerabilities in recent years putting millions of devices at hacking risk, attackers are now making thousands of attempts to exploit a second vulnerability involving a Java logging system called ‘Apache log4j2’.

The description of the new vulnerability, titled ‘CVE 2021-45046’, says the fix to address the earlier security bug (CVE-2021-44228) in ‘Apache Log4j 2.15.0’ was “incomplete in certain non-default configurations”.

“It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.

“This could allow attackers… to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack,” the CVE description read.

Several popular services, including Apple iCloud, Amazon, Twitter, Cloudflare and Minecraft, are vulnerable to the ‘ubiquitous’ zero-day exploit.

Apache has now released a new security patch to address the second bug.

‘Apache Log4j’ is used in many forms of enterprise and open-source software, including cloud platforms, web applications and email services.

It is the most popular java logging library with over 400,000 downloads from its GitHub project. It is used by a vast number of companies worldwide, enabling logging in a wide set of popular applications.

“Exploiting this vulnerability is simple and allows threat actors to control java-based web servers and launch remote code execution attacks,” cyber security researchers at Check Point had said in a blog post.

Another cyber security company Sophos said that it is already detecting malicious cryptominer operations attempting to leverage the vulnerability, and there are credible reports from other sources that several automated botnets (such as Mirai, Tsunami, and Kinsing) have begun to exploit it as well.

At present, most of the attacks focus on the use of cryptocurrency mining at the expense of the victims. However, under the auspices of the noise, more advanced attackers may act aggressively against quality targets.

Researchers at Microsoft have also warned about attacks attempting to take advantage of ‘Log4j’ vulnerabilities,…

Source…

Home Health Firm Reports 2nd Cloud Vendor Incident


Breach Notification
,
Fraud Management & Cybercrime
,
Incident & Breach Response

Latest Attack Affected 753,000 Patients, Employees

Ransomware: Home Health Firm Reports 2nd Cloud Vendor Incident

A home healthcare company says a data breach affecting more than 753,000 patients, employees and former workers stems from a ransomware attack on its private cloud hosted by managed service providers. The company reported a similar incident 15 months ago.

See Also: Live Webinar | Mitigating the Risks Associated with Remote Work

Lake Success, New York-based Personal Touch Holding Corp., which operates about 30 Personal Touch Home Care subsidiaries in about a dozen states, says it discovered on Jan. 27 that “it experienced a cybersecurity attack on the private cloud hosted by its managed service providers.”

The notification statement does not name the vendors involved.

A breach notification report filed with the Maine attorney general’s office notes that the incident involved ransomware and affected 753,107 individuals, including 93 residents of that state.

PTHC declined to provide additional information about the incident to Information Security Media Group.

In January 2020, PTHC submitted 16 breach reports on behalf of its subsidiaries in six states to the Department of Health and Human Services. Those involved a ransomware attack on Wyomissing, Pennsylvania-based Crossroads Technologies, which hosted the home healthcare provider’s cloud-based electronic health records (see: Ransomware Attack on EHR Vendor Impacts Home Health Chain).

Patient, Employee Data…

Source…