Cybersecurity News: World Cup Phishing, Cuban Ransomware, SiriusXM Flaws
Trending headlines in cybersecurity from the week:
– Microsoft Warning for European Organizations
– Cuban Ransomware Attacks
– World Cup Phishing
– SiriusXM Flaws Impacting Vehicles
Watch this episode now.
Microsoft Warning for European Organizations
Microsoft is warning countries outside of Ukraine supporting the war that they may be increasingly targeted by Russian cyber-attacks this winter. Since Spring of this year, Microsoft has observed that Iridium and Russian operators have been targeting transportation and logistics organizations across Ukraine, in an attempt to collect intelligence and disrupt the flow of military and humanitarian aid. In October, the Iridium group launched Prestige ransomware attacks on Ukrainian and Polish infrastructure, an indicator, according to Microsoft, that more attacks could be coming. Attacking Poland suggests that Russian cyber-attacks may be used outside Ukraine at an increasing rate, in an effort to undermine foreign-based supply chains. Microsoft believes European organizations, particularly transportation, logistics, and energy may be future targets, particularly Germany.
Cuban Ransomware
While all eyes are on Russian and Chinese ransomware groups, Cuba has caught the attention of CISA. A new alert revealed that Cuban ransomware has compromised at least 100 entities worldwide, doubling its victim count in the US over the past year. Cuban threat actors are using phishing campaigns, vulnerability exploitation, compromised credentials, and remote desktop protocol (RDP) tools to gain access. The Cuban group and its affiliates mainly target financial services, government, healthcare, critical manufacturing and IT companies. According to CISA, ransoms are increasingly being paid. The group has demanded $145 million to date, collecting $60 million.
Updates in Healthcare
As of November, the Department of Health and Human Services’ HIPAA Breach Reporting Tool website showed that of the 10 largest health data breaches so far this year, half involved business associates or vendors. The largest single hacking incident reported in 2022 was from Wisconsin-based printing and mailing vendor OneTouchPoint, that affected more than 38 health plan clients and compromised the personal information of 3 million individuals. Attacks against business associates have doubled since 2018, as threat actors use them to infiltrate a vast network and get access to higher volumes of sensitive patient data.
Denise Anderson, president and CEO of the Health Information Sharing and Analysis Center, said entities should take steps to ensure their third parties have solid security practices in place to help shore up their defenses. « It’s really critical that companies know who their suppliers are … and understand the vulnerabilities that the supplier could present to their organization, » she advised.
World Cup Finals End, Data Lives On
While the World Cup Finals ended on Sunday, the event was not exempt from cyberattacks. The threat intelligence researchers at Group-IB have identified a number of scam and phishing attacks targeting individuals seeking tickets, official merchandise, and employment at the massive international sporting event. The attacks included over 16,000 scam domains and dozens of fake social media accounts, advertisements, and mobile apps aiming to capitalize on World Cup interest, and the researchers already discovered over ninety potentially compromised accounts on official FIFA World Cup 2022 fan ID portal Hayya. The passwords to these accounts were acquired by cybercriminals leveraging info-stealing malware such as RedLine and Erbium, which are easily attainable on the dark web. Four different scam and phishing operations were identified, including a fake World Cup merchandise website boasting over 130 social media advertisements to drive victims to the site. Researchers also identified five phishing websites and more than fifty social media accounts targeting fans looking for World Cup tickets.
SiriusXM Flaw
Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM. The issue could be exploited to unlock, start, locate, and honk any car in an unauthorized manner just by knowing the vehicle identification number (VIN), according to researcher Sam Curry and as reported by The Hacker News.
The vulnerability relates to an authorization flaw in a telematics program that made it possible to retrieve a victim’s personal details as well as execute commands on the vehicles by sending a specially crafted HTTP request with the VIN to a SiriusXM endpoint. SiriusXM has since patched the flaw.
All information is current as of December 5, 2022. For more information on CyberGRX, visit CyberGRX.com
Views : 45
cyber security
