Health chatbot exposed, credit union cyberattack, infrastructure cyberweapon attack
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
UnitedHealth’s AI-driven insurance claims chatbot left exposed to the internet
The healthcare giant Optum has now restricted access to an internal AI chatbot that had been used by employees to inquire about how to handle patient health insurance claims and disputes according to standard operating procedures (SOPs). This after Mossab Hussein, chief security officer and co-founder of cybersecurity firm spiderSilk, saw that its IP address was accessible online for anyone with a web browser. No password was required. The chatbot “did not appear to contain or produce sensitive personal or protected health information.” A spokesperson for Optum, whose parent company is UnitedHealth Group, told TechCrunch in a statement that “Optum’s SOP chatbot was a demo tool developed as a potential proof of concept but was never put into production and the site is no longer accessible.”
South Carolina credit union suffers cyberattack
SRP Federal Credit Union, one of the largest credit unions in South Carolina, filed breach notification documents with regulators in Maine and Texas on Friday following suspicious activity detected on its network. Initial investigations show that threat actors accessed the network at times between September 5 and November 4, of this year, and “potentially acquired certain files…during that time.” The Texas filing stated that the stolen data included names, Social Security numbers, driver’s license numbers, dates of birth and financial information like account numbers as well as credit or debit card number. The Nitrogen ransomware gang has claimed responsibility for the attack and for the theft of 650GB of customer data. The credit union company has not yet confirmed that it was a ransomware attack.
IOCONTROL cyberweapon targets infrastructure in the US and Israel
According to specialist security group Claroty, their Team82 has obtained a sample of “a custom-built IoT/OT malware called IOCONTROL which is being used by an Iran-linked threat actor group CyberAv3ngers to target devices in infrastructure located in Israel and the U.S., specifically fuel management systems. IOCONTROL is “a custom-built, modular malware that can run on a variety of platforms from different vendors and has been already used against device families including IP cameras, routers, PLCs, HMIs, firewalls, and more.
领英推荐
Huge thanks to our sponsor, ThreatLocker
Auto parts giant LKQ suffers cyberattack on Canadian business unit
LKQ is a publicly held U.S. based company that specializes in automotive replacement parts, along with providing vehicle repair and maintenance services. Its brands include Keystone, Tri Star, and ADL. Representatives filed a FORM 8-K on Friday, stating that “one of its business units in Canada was breached on November 13, disrupting business operations.” Representatives do not believe the incident “will have any material impact on its financials or operations for the remainder of the fiscal year,” and they add they will “seek reimbursement for costs and expenses stemming from the cyberattack from their cyber insurance company.” No group has yet claimed responsibility for the attack.
WordPress credentials stolen via malicious GitHub repository
According to DataDog Security Labs, a GitHub repository, which has since been removed, and which advertised “a WordPress tool to publish posts,” is estimated to have enabled the exfiltration of over 390,000 credentials. This appears to be “part of a broader attack campaign undertaken by a threat actor, named by Datadog Security Labs as MUT-1244 (where MUT refers to “mysterious unattributed threat”), “involves phishing and several trojanized GitHub repositories hosting proof-of-concept (PoC) code for exploiting known security flaws.” Victims of this exfiltration are believed to be offensive actors such as pen testers and security researchers, as well as malicious threat actors, all of whom “had sensitive data such as SSH private keys and AWS access keys exfiltrated.”
Germany disrupts BADBOX malware on 30,000 devices
Germany’s Federal Office of Information Security (BSI) has” disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country. “In a statement published earlier this week, authorities said they severed the communications between the devices and their command-and-control (C2) servers by sinkholing the domains in question. Impacted devices include digital picture frames, media players, and streamers, and likely phones and tablets.
Recorded Future highlights the business impact of data breaches
Recorded Future’s Insikt Group has identified a 76% increase in publicly reported data breaches from 2022 to 2023, and even though there are two more weeks remaining in this year, Recorded Future’s data project a further 5% increase in 2024 compared to 2023. The group points out “the costliest impacts of data breaches in the last several years have been operational disruption, legal risks, and declining sales due to churn and loss of customer trust.” They add the real risk lies in “companies falling behind in their security strategy and failing to adopt a new way of thinking.”