TeamViewer breach update, HubSpot customer attacks, Cyber insurance problems
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
Update on the TeamViewer network breach
The remote access software company is now attributing Wednesday’s attack on its corporate networks as being the work of Russian state-sponsored hacking group Midnight Blizzard, also known as Cozy Bear and APT29. They clarify that “TeamViewer’s internal corporate IT environment is completely independent from the product environment”. According to The Record, the hack was traced back to the credentials of a standard employee account within the company’s corporate IT environment.
HubSpot looks into customer account hacks
The manufacturer of CRM software for small and medium sized businesses, says that on June 22 they “identified a security incident that involved bad actors targeting a limited number of HubSpot customers and attempting to gain unauthorized access to their accounts.” They clarify that “the hackers were able to gain unauthorized access to less than 50 HubSpot accounts and there were no new instances of a hack in the last 24 hours as of 1600 ET on Friday. The company did not say, when asked by TechCrunch, if it has received any communication from the malicious actors. This is a developing story.
(Reuters and TechCrunch)
U.S. businesses struggle to obtain cyber insurance
At the hearing before the House Homeland Security Committee’s cyber-focused subcommittee, representatives from companies and associations described the difficulties they are experiencing, trying to obtain insurance against breaches, finding them hard to come by and with terms that are very difficult to understand, especially in terms of exclusions and definitions of breaches as “acts of war.” This has only led to increasing insurance premiums, which has caused some clients calling for a “so-called backstop for the market in which the federal government would step in and guarantee large-scale insurance losses.
Microsoft expands scope of mail compromise warning
The hack to Microsoft’s internal email systems, which was revealed in January of this year, was initially described as having affected “a very small percentage of Microsoft corporate email accounts.” Now, however, Microsoft has started alerting organizations and individuals, specifically more than a dozen state agencies and public universities in Texas, that emails between themselves and Microsoft were accessed. This is according to reporting by Bloomberg. This hack is also being attributed to Midnight Blizzard.
领英推荐
Huge thanks to our sponsor, Demoed
CISA chief dismisses ban on ransomware payments
In an interview conducted at the University of the Oxford Cyber Forum and conducted by Ciaran Martin, the former head of the U.K.’s National Cyber Security Centre, and who had earlier this year called for a ban on all ransomware payments, CISA Director Jen Easterly says she doesn’t see it happening. She pointed instead to the potential for the Cyber Incident Reporting for Critical Infrastructure Act, CIRCIA, to assist in better understanding of the cyberattack ecosystem. She added, “I don’t think we’re going to make ransomware a shocking anomaly without successful implementation of a Secure-by-Design campaign…We cannot expect businesses that don’t have huge security teams to be able to secure that infrastructure unless that technology comes to them with dramatically reduced numbers of vulnerabilities.”
Chicago’s Lurie Children’s hospital says nearly 800,000 affected by January ransomware attack
Following up on a story we covered in January, representatives from the Ann & Robert H. Lurie Children’s Hospital of Chicago, which suffered a ransomware attack by the Rhysida group, says now that “almost 800,000 people had sensitive health information leaked” as a result of that attack. NBC News states that “It took weeks for the hospital to restore its systems and the disruption left parents scrambling to find other doctors who could help their children access vital medicine and healthcare.” The cybercrime group allegedly made $3 million from the sale of the stolen data. The hospital states clearly that they did not pay a ransom.
(The Record and NBC News)
Cyberattack shuts down the University Hospital Centre Zagreb in Croatia
The largest hospital in Croatia suffered the attack on Wednesday of last week, resulting in a shutdown of its IT systems, which one official described as “taking the hospital back 50 years.” All services including emergency and medical laboratories have since been restored, but medical reports are still being written by hand, and some patients are being be redirected to other hospitals. Patients’ medical records were not exfiltrated. This happened during a week of DDoS attacks against Croatian government and financial institutions.
Hackers exploit critical D-Link DIR-859 router flaw to steal passwords
A critical vulnerability affecting all D-Link DIR-859 WiFi routers is currently being exploited by hackers “to collect account information from the device, including passwords.” The flaw has a CVE number and a 9.8 severity score. According to BleepingComputer, the D-Link DIR-859 WiFi router model reached end-of-life (EoL) and no longer receives any updates, [but] the vendor did still release a security advisory explaining that the flaw exists in the “fatlady.php” file of the device, affects all firmware versions, and allows attackers to leak session data, achieve privilege escalation, and gain full control via the admin panel.”