This Week in Cyber 18th October 2024
Analyst Insight
This week has been marked by several significant cyber security incidents. Game Freak, the developer behind Pokémon, reported a data breach. At the same time, CISA warned of an actively exploited vulnerability in SolarWinds Help Desk software. In Brazil, a spear-phishing campaign is spreading the Astaroth malware, while in the U.S., two brothers are facing charges for operating a botnet responsible for 35,000 DDoS attacks. Additionally, the BianLian ransomware group targeted Boston Children’s Health Physicians, threatening to leak stolen data unless a ransom is paid.
?
Pokémon Developer Game Freak Reveals Data Breach
On October 10th, Game Freak, the studio behind the popular Pokémon series, confirmed a security incident that occurred in August 2024, resulting in the exposure of personal information for 2,606 current and former employees.
?
The breach was initially revealed on the anonymous web forum 4Chan under the name ‘TeraLeak.’ According to Centro LEAKS on X, the leaked data allegedly includes gigabytes of information about upcoming video games, source code, and details about Nintendo’s next console. However, Game Freak has only confirmed the exposure of employee data, not the breach of these additional assets.
?
Actively Exploited SolarWinds Help Desk Vulnerability Disclosed By CISA
On Tuesday, the U.S Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability affecting SolarWinds Web Help Desk (WHD) software to their Known Exploited Vulnerabilities Catalog (KEV). It is not known what threat actor is actively exploiting this vulnerability at this time.
?
The vulnerability tracked as CVE-2024-28987 with a critical CVSS score of 9.1 allowing remote, unauthenticated attackers to access internal WHD functionality and modify data. A hotfix was released by SolarWinds in the middle of August to address the issue but removed a week later due to it affecting other functionality. A month later, SolarWinds released another hotfix to patch the vulnerability.
?
Spear-phishing Campaign Targets Brazil with Astaroth Malware
Researchers at Trend Micro discovered a rise in malicious activity involving a threat actor group named “Water Makara”. This group is attacking Brazilian enterprises by deploying banking malware that uses obfuscated JavaScript to evade security measures.
领英推荐
?
“The spear-phishing campaign’s impact has targeted various industries, with manufacturing companies, retail firms and government agencies being the most affected.” stated Trend Micro in the report.
?
The report also states the threat actors utilise the notorious “Astaroth banking malware with new evasion techniques” which is a highly prevalent, information-stealing Latin American banking trojan, first identified in the wild in 2017.
?
Two Brothers Charged in the U.S for Facilitating 35,000 DDoS Attacks
The U.S Department of Justice (DoJ) disclosed two Sudanese brothers, Ahmed Salah Yousif Omer (22) and Alaa Salah Yusuuf Omer (27), have been charged in the U.S. for operating a DDoS botnet that carried out 35,000 attacks in a year, including some on Microsoft’s services in June 2023. Using Anonymous Sudan’s “powerful DDoS tool,” the attacks targeted critical infrastructure and government agencies worldwide. Ahmed faces up to life in prison, while Alaa could get up to five years. The DDoS tool was disabled in March 2024 when they were arrested.
?
Boston Children’s Health Physicians Targeted by BianLian Ransomware Group
The BianLian ransomware group has taken credit for a cyberattack on Boston Children’s Health Physicians (BCHP), with threats to leak stolen data unless a ransom is paid. BCHP, which includes over 300 paediatric specialists across New York and Connecticut, discovered the breach after its IT vendor was compromised on September 6.
?
“On September 6, 2024, our IT vendor informed us that it identified unusual activity in its systems. On September 10, 2024, we detected unauthorised activity on limited parts of the BCHP network and immediately initiated our incident response protocols, including shutting down our systems as a protective measure.” stated in the announcement by BCHP.
?
The attack exposed sensitive information of employees, patients, and guarantors, such as names, Social Security numbers, addresses, and medical details. Fortunately, BCHP’s electronic medical records were unaffected. Affected individuals will be notified by October 25th and offered complimentary credit monitoring services.