AppSec News Bulletin

News Date - 30th to 5th January 24

Data breach at healthcare tech firm impacts 4.5 million patients

HealthEC LLC, a health management solutions provider, experienced a data breach affecting nearly 4.5 million individuals receiving care through its client's system. The breach, occurring between July 14 and 23, 2023, led to unauthorized access to specific systems, compromising sensitive information including names, addresses, Social Security numbers, medical records, diagnoses, health insurance details, and billing information. HealthEC advised affected individuals to monitor accounts for potential fraud and report suspicious activity. Initially affecting 112,005 people from MD Valuecare, the breach's extent later expanded to impact 4,452,782 individuals. This incident affected 17 healthcare providers and state-level health systems, involving entities like Corewell Health, HonorHealth, Beaumont ACO, State of Tennessee – Division of TennCare, University Medical Center of Princeton Physicians' Organization, and Alliance for Integrated Care of New York.

Source - The Bleeping Computer ?

Nearly 11 million SSH servers vulnerable to new Terrapin attacks

Nearly 11 million internet-exposed SSH servers are susceptible to the Terrapin attack, posing a risk to the integrity of SSH connections. This attack, impacting both clients and servers, manipulates sequence numbers during the handshake process, compromising the SSH channel's integrity under specific encryption modes. However, it requires an adversary-in-the-middle position to intercept and modify the handshake exchange. Shadowserver's report revealed that approximately 52% of scanned IPv4 and IPv6 addresses are vulnerable, with the majority in the United States (3.3 million), followed by China, Germany, Russia, Singapore, and Japan. While not all 11 million instances are currently under immediate threat, the broad exposure emphasizes the potential impact of the Terrapin attack. Ruhr University Bochum offers a vulnerability scanner for users concerned about their SSH client or server's susceptibility.

Source - The Bleeping Computer

Albanian Parliament and One Albania Telecom Hit by Cyber Attacks

The Assembly of the Republic of Albania and telecom company One Albania faced recent cyberattacks, confirmed by the country's National Authority for Electronic Certification and Cyber Security (AKCESK). Although these infrastructures aren't classified as critical information infrastructure, both entities encountered intrusions not originating from Albanian IP addresses. One Albania reported handling the incident without service disruption for its 1.5 million subscribers.

AKCESK is actively investigating the attacks, working on system recovery, and implementing improved security measures. The scale and details of the attacks remain unclear, but an Iranian hacker group, Homeland Justice, claimed responsibility on its Telegram channel. The group previously targeted Albanian government services in 2022, leading to U.S. sanctions against Iran's Ministry of Intelligence and its Minister of Intelligence, Esmail Khatib. The incidents have prompted AKCESK to reinforce its cybersecurity strategies.

Source - The Hacker News

British LAPSUS$ Teen Members Sentenced for High-Profile Attacks

Two British teenagers associated with the LAPSUS$ cybercrime group received sentencing for their involvement in a series of attacks on multiple companies. Arion Kurtaj, an autistic 18-year-old from Oxford, received an indefinite hospital order due to his intention to resume cybercrime. Another unnamed 17-year-old was sentenced to an 18-month Youth Rehabilitation Order for various offenses.

The attacks occurred between August 2020 and September 2022 and targeted several high-profile companies, including BT, Microsoft, NVIDIA, Samsung, and Uber. LAPSUS$ operates across the UK and Brazil, with a third member arrested in Brazil. The group leveraged SIM-swapping attacks and a Telegram channel for extortion and account takeovers.

The notoriety of LAPSUS$ led to the emergence of another group called Scattered Spider, both part of a larger entity known as the Comm. The Comm, identified by the FBI, engages in various cyber activities using online platforms like Discord and Telegram.

The case highlights the dangers young people face online and the serious consequences associated with cybercriminal activities, as emphasized by Amanda Horsburgh, a detective chief superintendent from the City of London Police.

Source - The Hacker News

US water utilities targeted by foreign hackers, prompting calls for cybersecurity overhaul

The small Aliquippa water authority in western Pennsylvania became an unexpected victim of an Iranian-backed cyberattack, alongside other water utilities. The attack, targeting Israeli-made equipment, raised concerns about potential water supply contamination or disruption.

This incident has prompted heightened warnings from U.S. security officials regarding the vulnerability of water utilities to cyberattacks. The lack of funds and cybersecurity expertise in local authorities, like Aliquippa's, presents a challenge in protecting against such threats.

Several states have moved to bolster cybersecurity scrutiny, but legislative efforts often face opposition. The debate revolves around concerns of increased costs and potential privatization pressures.

Despite the pressing need for cybersecurity upgrades, challenges like aging infrastructure and compliance with clean water regulations often take precedence due to residents' concerns about rising rates.

Efforts at the federal level, including a proposed EPA cybersecurity rule, faced legal challenges and were withdrawn, leaving existing voluntary standards in place. Congress is now considering bills addressing cybersecurity in water utilities, but competition for federal funding remains intense.

Industry leaders emphasize the widespread lack of cybersecurity support among utilities nationwide and are offering assistance, with Dragos Inc. providing free access to its software for vulnerable utilities. The issue remains critical, highlighted by the vulnerability of countless utilities across the country and the need for more comprehensive cybersecurity measures.

Source - Fox News