Week of February 16th, 2024
Welcome to Your Cybersecurity Recap: a bite-sized weekly newsletter by cybersecurity enthusiasts, for cybersecurity enthusiasts.
Here are this week’s top takeaways:
Hackers Are Using Deepfakes in Advanced Mobile Banking Malware Attacks. Here’s How?
A threat actor codenamed GoldFactory has recently been attributed to the development of highly sophisticated banking Trojans–including, but not limited to, previously undocumented iOS malware called “GoldPickaxe” that has the capability to harvest facial recognition data and intercept SMS.
Reported to be active since mid-2023, GoldFactory is also said to be responsible for another Android-based banking malware called “GoldDigger” (alongside its enhanced variants “GoldDiggerPlus “and “GoldKefu.”)?
Social engineering campaigns distributing the malware have been found to target the Asia-Pacific region by masquerading as local banks and government organizations. In these attacks, targets are sent smishing and phishing messages and are subsequently guided to switch the conversation to instant messaging apps before sending false URLs that lead to the deployment of GoldPickaxe on the victims’ devices.
The bulk of these malicious apps targeting Android devices are hosted on counterfeit websites resembling Google Play Store pages in order to prompt potential victims to complete the installation process.
Once the malicious app has been installed onto a mobile device, it operates semi-autonomously by manipulating functions in the background. The goal? Capturing the victim's face, intercepting incoming SMS, requesting ID documents, and proxying network traffic through the infected device using “MicroSocks.”
On iOS devices, the malware establishes a web socket channel to receive the following commands:
The results of executing the above commands are communicated back to the C2 via HTTP requests.
“High Impact” Cyberattacks Have Tripled for Canadian Banks?
It’s official: Canada’s banking watchdog has stated it is “worried” about the increasing number of cyberattacks against banks that lead to significant service disruptions or data leaks–which have almost tripled in the last year alone.
领英推荐
This past Tuesday, the Office of the Superintendent of Financial Institutions (OSFI) assistant superintendent Tolga Yalkin stated that financial institutions across Canada reported 28 “priority one” successful cyber incidents in 2023.
In its 2023-2024 annual risk outlook, OSFI noted that cyberattacks against Canadian financial institutions are increasing in frequency and sophistication, echoing similar statements by the Communications Security Establishment.
“As new regional or global conflicts emerge, the risks from either targeted cyber-attacks and/or their fallout could become more prevalent,” reads the report. “A successful cyberattack could result in impacts to the confidentiality, integrity, and availability of data and computer systems, which could result in loss of public trust, reputational damage, and financial loss.”
Speaking to MPs, Yalkin states that OSFI fully expects cyber incident attempts to continue–and become more frequent. He noted that successful cyberattacks can have dire consequences on both banks and Canadians at large.
“There is little question that cyberattacks will continue to increase in frequency and sophistication. This is a risk environment that changes rapidly and for which failure to protect against can have serious consequences,” he concluded.?
Attacks On Hospitals Are Set to Increase?
Hospitals in recent years have shifted their use of online technology to support everything from telehealth to patient records. As of 2024, they are a primary target for threat actors who hold systems' data and networks hostage for ransom.
“Unfortunately, the unintended consequence of the use of all this network and internet connected technology is it expanded our digital attack surface,” said John Riggi, the American Hospital Association’s cybersecurity adviser. “So, many more opportunities for bad guys to penetrate our networks.”
The assailants often operate from American adversaries such as Russia, North Korea and Iran, where they enjoy big payouts from their victims and face little prospect of ever being punished.
In November, a ransomware attack on a healthcare chain that operates 30 hospitals and 200 health facilities in the United States forced doctors to divert patients from emergency rooms and postpone elective surgeries. Meanwhile, a rural Illinois hospital announced it was permanently closing last year because it couldn’t recover financially from a cyberattack. The threat actors involved went as far as posting photos and patient information of breast cancer patients who were receiving treatment at a Pennsylvania health network after the system was hacked last year.
Now, one of the top children's hospitals in the country, the Ann & Robert H. Lurie Children’s Hospital of Chicago, has been forced to put its phone, email and medical record systems offline as it battles a cyberattack. The FBI has said it is investigating.
The dramatic increase in these online raids has prompted the nation’s top health agency to develop new rules for hospitals to protect themselves from cyber threats.
It is essential to stay informed and up-to-date on cyber threats that could affect the IT infrastructure of healthcare systems. Organizations should always be vigilant, educate their staff, and take preventive measures to ensure they are not vulnerable to attack. By having a robust security posture, healthcare organizations can protect themselves from malicious actors taking advantage of their systems.