Merck settles NotPetya, Pompompurin breaches release, Iranian crypto mistake
Merck and its insurers settle $1.4 billion NotPetya case
Following up on a story that had the potential to set precedent in the world of cyber insurance, the pharmacy multinational Merck and Co. has settled with its insurers in an eleventh-hour agreement. Merck had originally filed a $1.4 billion insurance claim for a 2017 NotPetya attack that its insurers refused to pay out on, with the insurers claiming the attack was an act of war and thus excluded by the insurance. A judge found in favor of Merck and the insurers appealed. This settlement, whose terms have not been disclosed, occurred shortly before oral arguments were to begin in a New Jersey Supreme Court review of the case.
BreachForums admin Popompurin breaches terms of pretrial freedom
The former admin of cybercrime forum BreachForums, Conor Fitzpatrick, also known as Pompompurin, was re-arrested on January 2, for “violating the conditions of his pretrial release by using a computer without the required monitoring software and using virtual private network (VPN) services.” Fitzpatrick was originally arrested in March of last year and in July pleaded guilty to three felony counts relating to the operation of BreachForums. His sentencing for these counts is scheduled for January 19, and he will now spend the time between now and then in jail.
Iranian crypto exchange Bit24.cash accidentally exposes customer data
Over the counter crypto exchanges are widely used in Iran, due to the country’s limited access to foreign markets and funds. Bit24.cash used Know Your Customer (KYC) requirements to confirm the validity of its users, however researchers at Cybernews “uncovered a misconfigured MinIO (a high-performance object storage system) instance, inadvertently granting access to S3 buckets (cloud storage containers) containing the platform’s KYC data.” This misconfiguration has apparently compromised the data of around 230,000 Iranian citizens, exposing passports, IDs, and credit cards. “The instance has since been secured and is no longer accessible.”
Turkish APT spies on companies in the Netherlands
According to Security Affairs, an espionage group named Sea Turtle has been observed targeting “telco, media, ISPs, IT service providers, and Kurdish websites.” The Dutch Security firm Hunt & Hackett states that the group has been active since 2017, focusing on organizations in Europe and the Middle East, and primarily using DNS hijacking. According to the firm’s research, its main goal currently appears to be theft of information for surveillance or intelligence gathering on specific groups and or individuals.
领英推荐
Huge thanks to this week’s episode sponsor, Vanta
Zeppelin ransomware source code sold on hacking forum for $500
The Zeppelin ransomware evolved from Vega/VegaLocker malware family that was active up to 2022. The source code to the original version of Zeppelin was obtained by a threat actor who said he “simply managed to crack a builder version for it.” Experts express concern that whoever buys the package could “use the malware to spin up a new ransomware-as-a-service (RaaS) operation or write a new locker based on the Zeppelin family.”
New York AG reaches agreement with health care provider over ransomware attack
According to its press release, the Office of the Attorney General (OAG) found that Refuah Health Center “failed to maintain appropriate controls to protect and limit access to sensitive data, including by failing to encrypt patient information and using multi-factor authentication.” This follows a May 2021 ransomware attack that “compromised the personal and private information of approximately 250,000 New Yorkers.” Refuah is now required to invest $1.2 million to strengthen its cybersecurity and pay $450,000 in penalties and costs. A link to the Attorney General’s press release is available in the show notes to this episode.
Last week in ransomware
This last week of the holiday season saw Xerox confirm that its subsidiary, Xerox Business Solutions (XBS), was indeed attacked by the INC Ransomware operation. The group told Bleeping Computer that they had “much greater access to Xerox than is being disclosed,” although Bleeping Computer has not been able to independently confirm this. Also, we reported on Australia’s Court Services Victoria (CSV) suffering a ransomware attack, the Swedish national grocer Coop attacked by the Cactus group, and the Ohio Lottery attacked by DragonForce.