Cybersecurity News: Cuban Ransomware, Healthcare Vendor Attacks, World Cup Phishing
Trending headlines in cybersecurity:
- Microsoft Warning for European Organizations
- Cuban Ransomware Attacks
- World Cup Phishing
- SiriusXM Flaws Impacting Vehicles
Watch this episode now:
Microsoft Warning for European Organizations
Microsoft is warning countries outside of Ukraine supporting the war that they may be increasingly targeted by Russian cyber-attacks this winter. Since Spring of this year, Microsoft has observed that Iridium and Russian operators have been targeting transportation and logistics organizations across Ukraine, in an attempt to collect intelligence and disrupt the flow of military and humanitarian aid. In October, the Iridium group launched Prestige ransomware attacks on Ukrainian and Polish infrastructure, an indicator, according to Microsoft, that more attacks could be coming. Attacking Poland suggests that Russian cyber-attacks may be used outside Ukraine at an increasing rate, in an effort to undermine foreign-based supply chains. Microsoft believes European organizations, particularly transportation, logistics, and energy may be future targets, particularly Germany. News source: InfoSecurity Magazine
And in closely related news, the European Union has adopted the new revised Network and Information Systems directive (NIST2) to strengthen EU’s physical and digital risks. The new directive was prompted by increased threats posed by Chinese technologies, and is designed to improve the resilience of public and private entities by setting baseline risk management measures and reporting obligations, plus stricter enforcement and increased information sharing. The sectors most impacted include energy, transportation, health, and digital infrastructure. News source: Business Standard
While all eyes are on Russian and Chinese ransomware groups, Cuba has caught the attention of CISA. A new alert revealed that Cuban ransomware has compromised at least 100 entities worldwide, doubling its victim count in the US over the past year. Cuban threat actors are using phishing campaigns, vulnerability exploitation, compromised credentials, and remote desktop protocol (RDP) tools to gain access. The Cuban group and its affiliates mainly target financial services, government, healthcare, critical manufacturing and IT companies. According to CISA, ransoms are increasingly being paid. The group has demanded $145 million to date, collecting $60 million. News source: InfoSecurity Magazine
Healthcare Warning: Vendor Attacks
As of November, the Department of Health and Human Services' HIPAA Breach Reporting Tool website showed that of the 10 largest health data breaches so far this year, half involved business associates or vendors. The largest single hacking incident reported in 2022 was from Wisconsin-based printing and mailing vendor OneTouchPoint, that affected more than 38 health plan clients and compromised the personal information of 3 million individuals. Attacks against business associates have doubled since 2018, as threat actors use them to infiltrate a vast network and get access to higher volumes of sensitive patient data.
Denise Anderson, president and CEO of the Health Information Sharing and Analysis Center, said entities should take steps to ensure their third parties have solid security practices in place to help shore up their defenses. "It's really critical that companies know who their suppliers are … and understand the vulnerabilities that the supplier could present to their organization," she advised. News source: Bank InfoSecurity
World Cup Finals End, Data Lives On
While the World Cup Finals end on Sunday, the event was not exempt from cyberattacks. The threat intelligence researchers at Group-IB have identified a number of scam and phishing attacks targeting individuals seeking tickets, official merchandise, and employment at the massive international sporting event. The attacks included over 16,000 scam domains and dozens of fake social media accounts, advertisements, and mobile apps aiming to capitalize on World Cup interest, and the researchers already discovered over ninety potentially compromised accounts on official FIFA World Cup 2022 fan ID portal Hayya. The passwords to these accounts were acquired by cybercriminals leveraging info-stealing malware such as RedLine and Erbium, which are easily attainable on the dark web. Four different scam and phishing operations were identified, including a fake World Cup merchandise website boasting over 130 social media advertisements to drive victims to the site. Researchers also identified five phishing websites and more than fifty social media accounts targeting fans looking for World Cup tickets. News source: The Cyber Wire
Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM. The issue could be exploited to unlock, start, locate, and honk any car in an unauthorized manner just by knowing the vehicle identification number (VIN), according to researcher Sam Curry and as reported by The Hacker News.
SiriusXM's Connected Vehicles Services are said to be used by more than 10 million vehicles in North America, including Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota. The system is designed to enable a wide range of safety, security, and convenience services such as automatic crash notification, enhanced roadside assistance, remote door unlock, remote engine start, stolen vehicle recovery assistance, turn-by-turn navigation, and integration with smart home devices, among others.
The vulnerability relates to an authorization flaw in a telematics program that made it possible to retrieve a victim’s personal details as well as execute commands on the vehicles by sending a specially crafted HTTP request with the VIN to a SiriusXM endpoint. SiriusXM has since patched the flaw.
All information is current as of December 5, 2022. Subscribe to receive future episodes as they are released.