Boeing confirms ransomware, Dell announces breach, Ascension Healthcare attacked
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
Boeing confirms $200 million ransomware extortion attempt
Following up on the stories regarding LockBit that we covered last week, as well as a story we covered in November, Boeing has now come forward to state it is the unnamed multinational aeronautical and defense corporation referenced in an indictment unsealed Tuesday by the U.S. Department of Justice. The indictment was part of the arrest proceedings of LockBit admin Dmitry Yuryevich Khoroshev. Boeing was targeted by LockBit in October 2023, and faced a $200 million ransomware demand. Although Boeing has not commented on the demand, BleepingComputer and Cyberscoop state that Boeing did not pay, and said roughly 43 gigabytes of company data was posted.
Dell announces data breach affecting 49 million customers
In an email sent out to customers on Wednesday, the company has stated that “a Dell portal containing customer information related to purchases was breached.” The information stolen included customer names, physical addresses and hardware and order information, including service tag details, but no financial or payment information. Though the theft appears comparatively tame, BleepingComputer points out that threat actors have used this type of information in the past to send infected USB drives by mail to customers, pretending to be a computer manufacturer or retailer like Best Buy.
Ascension healthcare suffers cyberattack, goes offline
Another healthcare system suffers major disruption, this time, Ascension, one of the largest private non-profit healthcare systems in the U.S. Describing it as a “cybersecurity event,” the organization has taken some of its systems offline and has advised its business partners to sever connections to its systems until told otherwise. Clinical operations in some of its healthcare facilities have also been interrupted. Ascension is now working with Mandiant to assess the situation, and its representatives reiterate that this is an ongoing situation.
IntelBroker claims Europol breach
The hacking group posted the information on a cybercrime forum and stated the material belonging to the European law enforcement agency included files marked “For Official Use Only” as well as “other classified data, such as Alliance employees, files related to recon and guidelines.” The group claimed that the breach occurred in May, and that the agencies impacted are the CCSE (Joint Center for European Security), EC3, the Europol Expert Platform, the Law Enforcement Form, and the SIRIUS cross border law enforcement and investigation organization. The package which also includes credentials such as SMTP access, PAuth access, and SSL passkeys and certificates, is being offered for a mere $20,000 in Monero cryptocurrency.
Huge thanks to this week’s episode sponsor, Vanta
Black Basta: 500 breaches in 2 years
According to a joint advisory published by FBI, CISA, Health and Human Services, and the Multi-State Information Sharing and Analysis Center also known as MS-ISAC, the affiliates of the Black Basta ransomware-as-a-service have hacked over 500 organizations worldwide between April 2022 and May 2024. The report, published as part of the StopRansomware initiative, highlights the group’s Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) that have been obtained from law enforcement investigations security firms. A separate joint report from Elliptic and Corvus Insurance shows that these activities have netted the group at least $107 million in bitcoin in this period. Links to both reports are available in the show notes to this episode.
(Security Affairs, CISA Stop Ransomware Initiative report, and Elliptic and Corvus Insurance report)
Okta’s security chief speaks out
An interesting interview with Okta Chief Security Officer David Bradbury in Recorded Future News last week. Speaking to Jonathan Grieg, Bradbury highlighted the fact that identity-based attacks are shifting from pre-authentication, coming after your password, to post-authentication, in which threat actors bypass the login page and go straight to stealing a browser’s session token cookie. Bradbury also advised companies to maximize their transparency efforts during an attack – based in part on Okta’s own recent experiences, as well as to be aware of the improvements in the quality of attack techniques such as correctly spelled phishing emails and pitch-perfect deepfake voice messaging thanks to AI.
Volt Typhoon demonstrates a new form of tradecraft in cyberthreats, say Feds
Speaking at RSA last week, Eric Goldstein, CISA’s executive assistant director for cybersecurity told reporters that the techniques practiced by Volt Typhoon represent a sinister new level of cyberthreat that has permanently altered the landscape. Referring to China specifically he said, “if the end goal objective is to have placement and access to the United States for an attack at the time of their choosing, they’re probably going to continue that path” pointing out the desire “to compromise insecure or end-of-life devices to then pivot into more sensitive networks.” These comments are in line with a report issued in February by the U.S. and its allies which showed that the group has maintained access and other footholds in victim networks for “at least” the last five years “Volt Typhoon is not over,” the NSA’s Dave Luber added.
Last week in ransomware
LockBit was the player of the week last week, with law enforcement using one of its sites to poke fun at the group, as well as the legal proceedings being launched against LockBit admin Dmitry Khoroshev. On the same day, LockBit announced a hit on the municipality of Wichita, Kansas. Other ransomware victims last week included the Ohio Lottery, Brandywine Realty Trust, and an acknowledgement from the University System of Georgia that 800,000 people had been impacted by the 2023 MOVEit data theft attacks.
(BleepingComputer and CISOSeries)
Network Manager | Email Administrator | VoIP Administrator | Cybersecurity
10 个月These headlines are more to prove it's not an if it's a when someone breaks your technology door and gets into your systems.