Ransomware gang claims responsibility for attacking Italian healthcare service, Russian gang blamed for attacks in Europe, and more.
Welcome to Cyber Security Today. It’s Monday, May 6th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for TechNewsday.com.
 |
 |
 |
The BlackBasta ransomware gang has claimed responsibility for last month’s cyber attack against Synlab Italia. It’s a major Italian provider of medical diagnosis services. According to Security Affairs, as proof of the data theft the group has published images of stolen passports, ID cards and medical analyses.
A hacker attempted to extort a Canadian public library digital service after a data theft last month. The British Columbia Libraries Co-operative said the attacker accessed log file data from a new email logging server that had just been installed on its new cloud hosting infrastructure. The attacker did get some email addresses and phone numbers, the co-op told the Vancouver Sun, but no passwords or email content was copied.
Government cyber authorities in Europe say a Russian-state controlled threat group called APT28 took advantage of an unknown vulnerability in Microsoft Outlook to hack the email of institutions in Germany and Czechia last year. It isn’t clear why the announcement is being made now. The European Union and NATO said cyber attacks targeting political entities, state institutions and critical infrastructure are a threat to national security and democratic processes.
Cybercrooks and nation-state hackers continue compromising internet-facing routers to create botnets that help their attacks. In fact, according to researchers at Trend Micro, sometimes nation-state attackers use botnets created by crooks. The advantage of using internet-facing corporate routers is they aren’t carefully watched by IT departments, they don’t have stringent password policies, they aren’t patched often and may have powerful operating systems that allow malware to be installed. Network administrators have to make sure these devices are monitored for compromise and use strong access passwords. Note this: In January the FBI disrupted a botnet of Ubiquiti EdgeRouters in January. However the botnet operators have moved some untouched devices to a new IT infrastructure. It is currently being used by crooks and the Russian gang known as APT28.
Should software companies be held legally responsible for knowingly producing applications with vulnerabilities? That’s the topic of one of the panels at this year’s RSA Conference in San Francisco, which opens today. An article in Dark Reading gives an outline of the issues. As most of you know, software licences have language that protects developers from being sued for damages even if a flaw is known. Class action lawsuits for negligence and breach of contract work for consumers, but not corporate buyers of applications. One problem: There is no agreed legal ‘standard of care’ in the software industry that developers have to follow. Another problem: Should there be a defence for hard-to-detect flaws? It will be an interesting debate.
Microsoft is expanding its strategy to improve product and corporate security. That’s according to a blog Friday by Charlie Bell, executive vice-president of Microsoft Security. Changes includes integrating recommendations from the Cyber Safety Review Board following a highly-critical March report into the compromise by China of Microsoft Exchange Online and lessons learned form the hack of Microsoft corporate email by a Russian group. Security is now the top priority at Microsoft, Bell said. All work will be guided by three principles: Products will be secure by design, secure by default and security controls and monitoring will be continuously improved.
Meanwhile researchers at Symantec say threat actors are increasingly leveraging the Microsoft Graph API to help communications with cloud-based command and control servers. For those who don’t know, the Graph API allows developers to access resources such as email, calendar events and files hosted on Microsoft cloud services. Exploitation of Graph API has been going on since at least 2021. The latest use was in malware against an organization in Ukraine, which connected to a Graph API to use Microsoft OneDrive as a command and control server for uploading and downloading files. IT leaders should make sure their antivirus and anti-malware scanners can detect this attack.
Continuum Health Alliance, an IT and administration services provider to U.S. healthcare practices, is notifying over 377,000 people of a data breach that happened last October.
Associated Wholesale Grocers, a large American food distributor, is notifying more than 26,000 people of a data breach that happened last October. Stolen were names and Social Security numbers. According to The Cyber Express, last fall the Play ransomware gang claimed responsibility for the theft of payroll details, tax records, financial information and more.
Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.
