CISO Daily Update - July 4, 2024
NEW DEVELOPMENTS
LockBit Group Claims the Hack of the Fairfield Memorial Hospital in the US
Source: Security Affairs
The LockBit ransomware group claimed responsibility for breaching Fairfield Memorial Hospital in Illinois–adding the 25-bed critical access facility to its Tor leak site and threatening to release stolen data on July 17, 2024. This attack is part of a trend targeting U.S. healthcare organizations, with LockBit also claiming attacks on the Merryman House Domestic Crisis Center and the Florida Department of Health. The incident follows recent cyberattacks on other healthcare facilities, including Wayne Memorial Hospital and Lurie Children's Hospital.
HealthEquity Blames Business Partner for Third-Party Data Breach in SEC Filing
Source: The Cyber Express
The largest health savings account administrator in the U.S. HealthEquity Inc. reported a third-party data breach in a recent SEC filing. The incident likely occurred on May 14 and involved a compromised business partner's account. Although the breach didn't affect HealthEquity's operations or finances, it impacted 449 Kentucky Employees' Health Plan member accounts. The company has taken steps to secure affected accounts, implement additional security measures, and is offering complimentary credit monitoring services. HealthEquity believes its cybersecurity insurance will cover the incident and is seeking recourse from the partner involved.
New Ransomware Group Uses Phone Calls to Pressure Victims, Researchers Say
Source: The Record
Researchers have identified a new ransomware group called Volcano Demon targeting manufacturing and logistics companies. Unlike others, Volcano Demon uses phone calls from untraceable numbers to pressure victims into paying ransoms. They use a double extortion tactic by exfiltrating data before ransomware encryption is deployed and threaten to leak data if demands are ignored. Additionally, the group clears log files to evade detection and complicate forensic investigations. Analysts are tracking their activities but haven't yet linked them to known ransomware groups.
Hackers Abused API to Verify Millions of Authy MFA Phone Numbers
Source: Bleeping Computer
Twilio disclosed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication (MFA) users–exposing them to potential smishing and SIM swapping attacks. A threat actor named ShinyHunters leaked a CSV file containing 33 million Authy phone numbers they compiled using this unauthenticated API. Twilio confirmed the issue and has since secured the endpoint. They urged all Authy users to update their Android and iOS apps to the latest versions for enhanced security and to remain vigilant against phishing attacks.
领英推荐
VULNERABILITIES TO WATCH
Microsoft Uncovers Major Flaws in Rockwell PanelView Plus
Source: Infosecurity Magazine?
Microsoft's cybersecurity team discovered two critical vulnerabilities, CVE-2023-2071 and CVE-2023-29464, in Rockwell Automation's PanelView Plus–a widely used HMI in industrial settings. These vulnerabilities can be exploited remotely by unauthenticated attackers–leading to remote code execution (RCE) and denial-of-service (DoS) attacks. The RCE flaw allows manipulation of custom classes to upload and execute malicious DLLs, while the DoS flaw exploits the same classes to crash the device with a crafted buffer. Microsoft detected these issues through their Defender for IoT research team, which noticed suspicious communication and further analyzed the device's firmware. Rockwell Automation has released patches in response.
SPECIAL REPORTS
Half of Employees Fear Punishment for Reporting Security Mistakes
Source: Infosecurity Magazine
According to a ThinkCyber report based on a survey at Infosecurity Europe 2024, half of employees fear punishment for reporting security mistakes, with only 51% believing most people in their business are focused on security. Key concerns include clicking on malicious links (53%), sharing corporate data (53%), and sharing usernames and passwords (51%). The report highlights that current security awareness training is often ineffective, with 42% of respondents unable to prove it changes risky behaviors and 60% providing training only every few months or yearly. ThinkCyber advocates for targeted, contextualized training to improve security behavior and suggests more frequent, shorter training segments to keep the knowledge fresh.
Cyber Extortion Soars: SMBs Hit Four Times Harder
Source: Infosecurity Magazine
Cyber extortion has surged, with SMBs suffering 4.2 times more attacks than larger enterprises, according to Orange Cyberdefense's Cy-Xplorer 2024 report. Ransomware groups targeted 4374 victims from Q1 2023 to Q1 2024, a 77% increase from the previous year, with healthcare seeing a 160% rise in attacks. The report notes that 75% of countries have been impacted since 2020, with opportunistic attacks focusing on organizations with weaker cybersecurity in wealthy, English-speaking nations. Additionally, law enforcement data revealed that actual victim numbers are 50-60% higher than previously observed, and a new trend of "revictimization" has emerged, where victims are repeatedly targeted.
New RUSI Report Exposes Psychological Toll of Ransomware, Urges Action
Source: Infosecurity Magazine
A new report from the Royal United Services Institute (RUSI) highlights the often-overlooked psychological toll of ransomware attacks on victims, urging for a more comprehensive approach to incident response. The study, titled "'Your Data is Stolen and Encrypted': The Ransomware Victim Experience," reveals the significant mental and physiological impact these attacks have on individuals within affected organizations. Key recommendations include prioritizing victim support in cybercrime strategies, increasing public funding for mental health services tailored to ransomware victims, and improving clarity on government agency support. The report also calls for cyber-insurance policies to cover mental health counseling and emphasizes the need for organizations to prioritize cybersecurity measures.
Finding value in this newsletter? Like or share this post on LinkedIn
Dynamic IT Lead | SysAdmin & Fullstack Dev | Cybersecurity Focused | 10+ Years
4 个月Marcos, really enjoying your daily updates. That first story is a real wake up call in that organizations need to genuinely hold their 3rd party service providers feet to fire when it comes to security compliance. Do you have an internal or consultive resource that knows what reporting should be in place, can vet their security policies and procedures, or review an MSA scope of support? It may be a pretty flimsy lawsuit if the answer is no.