Cencora pharma breach, Gen-AI explodes BEC, Chinese doorbell warning

Pharma giant Cencora announces data breach

The U.S. based drug wholesale company that previously went by the name AmerisourceBergen said it discovered the breach on February 21, and that the breached data may contain personal information. In its Form 8-K filing with the Securities and Exchange Commission, the company stated that the breach “has not had a material impact on the company’s operations, and its information systems continue to be operational.” No additional details were made available, and it is unclear if this was a ransomware attack.

(Security Affairs)

GenAI drives surge in BEC attacks

1760% – This number comes from a report published yesterday by PerceptionPoint in their 2024 Annual Report: Cybersecurity Trends & Insights. GenAI has fueled this growth in BEC attacks, by helping create well-crafted and targeted social engineering-based attacks that are difficult to identify. The report states that whereas BEC attacks accounted for only 1% of all cyberattacks in 2022, their proportion of the total rose to 18.6% of all attacks in 2023. Additional points in the report include an increase in evasive tactics such as quishing (QR code phishing) two-step phishing that bypasses traditional security systems, account takeover attacks, and impersonation attacks. A link to the report is available in the show notes to this episode.

(PerceptionPoint)

Popular video doorbell easily hijacked

According to Consumer Reports, Chinese manufactured smart doorbells, currently being sold through retailers such as Walmart, Amazon, and Sears, are proving to be loaded with security flaws that allow anyone to hack them and permanently access images and audio. The flaws include exposing owners’ public-facing IP address and Wi-Fi network in plaintext. All that is needed is the serial number of the camera which can be obtained by pressing the doorbell button for eight seconds, and then re-pairing the camera to a smartphone app. The cameras are sold by the Chinese company Eken under the brand names Aiwit, Andoe, Eken, Fishbot, Gemee, Luckwolf, Rakeblue and Tuck.?

(Consumer Reports)

Rhysida claims cyberattack on Lurie Children’s Hospital, demands $3.6 million

The attack on Chicago’s Lurie Children’s Hospital continues to cause havoc, with the IT system still under repair, its health records system offline, resulting in longer wait times, rescheduling of procedures and a reversion to a pen and paper process. Meanwhile, the Rhysida ransomware gang listed the hospital on its extortion site, offering 600 GB of data from the hospital for sale for 60 BTC, currently equivalent to $3,700,000. It appears that the Rhysida decryptor that was discovered and released this month by Korean researchers has not proven effective in this case.

(Bleeping Computer)

Huge thanks to this week’s episode sponsor, Egress, a KnowBe4 company

Department of Commerce assesses Chinese vehicle threat

In response to a concern that “connected vehicles from China could collect sensitive data about our citizens and our infrastructure and send this data back to the People’s Republic of China…[and that] these vehicles could be remotely accessed or disabled,” President Joe Biden has announced actions to investigate how these cars could affect national security. The announcement follows the executive order regarding sales of datasets that we reported on yesterday but is seen as complementary but distinct from that order. Instead, the Commerce Department’s Bureau of Industry and Security will issue an advanced notice of public rulemaking seeking public comments as it considers implementation.

(Cyberscoop)

Cyber-espionage campaign targets Middle East aerospace, defense industries

Google Cloud’s security research company Mandiant is tracking an ongoing cyber-espionage campaign that “uses unique malware against the aerospace, aviation and defense industries in the Middle East and appears to have links to Iran.” The campaign appears to be linked to a group known as UNC1549 and may also be linked to a group named Tortoiseshell. It is taking aim at entities in Israel and the United Arab Emirates. The project is unique in the way it uses multiple evasion techniques, including the use of Microsoft Azure cloud infrastructure paired with social engineering to deploy two unique backdoors: MINIBIKE and MINIBUS, as well as a custom tunneller called LIGHTRAIL.

(The Record)

German applied sciences university suffers cyberattack

Another in a series of cyberattacks on German and Swiss schools, the Hochschule Kempten, a university of applied sciences in the city of Kempten in Germany, has had to take down its IT infrastructure, despite what it calls very high security precautions. The school cannot be accessed via email and other online portals have student portals have been shuttered. Classes remain ongoing and communications are being done via telephone. Representatives of the school do not have a current estimated time for restoration, nor has any group yet claimed responsibility.

(The Record)

Windows February 2024 updates fail to install

Microsoft is stating that its February 2024 updates are failing to install on Windows 11 22H2 and 23H2 systems, with downloads stopping at 96%. This will then display a new Windows Event Viewer entry with a 0x800F0922 error code. The failure comes with a comforting message that reads , “something didn’t go as planned. No need to worry – undoing changes. Please keep your computer on.” Initial assessments suggest this installation failure is linked to a Windows Recovery Environment issue, which was also the cause of January’s update problems.

(Bleeping Computer)