Cyber Security Today, May 6, 2024 – Ransomware gang claims responsibility for attacking Italian healthcare service, Russian gang blamed for attacks in Europe, and more

Share post:

Ransomware gang claims responsibility for attacking Italian healthcare service, Russian gang blamed for attacks in Europe, and more.

Welcome to Cyber Security Today. It’s Monday, May 6th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

The BlackBasta ransomware gang has claimed responsibility for last month’s cyber attack against Synlab Italia. It’s a major Italian provider of medical diagnosis services. According to Security Affairs, as proof of the data theft the group has published images of stolen passports, ID cards and medical analyses.

A hacker attempted to extort a Canadian public library digital service after a data theft last month. The British Columbia Libraries Co-operative said the attacker accessed log file data from a new email logging server that had just been installed on its new cloud hosting infrastructure. The attacker did get some email addresses and phone numbers, the co-op told the Vancouver Sun, but no passwords or email content was copied.

Government cyber authorities in Europe say a Russian-state controlled threat group called APT28 took advantage of an unknown vulnerability in Microsoft Outlook to hack the email of institutions in Germany and Czechia last year. It isn’t clear why the announcement is being made now. The European Union and NATO said cyber attacks targeting political entities, state institutions and critical infrastructure are a threat to national security and democratic processes.

Cybercrooks and nation-state hackers continue compromising internet-facing routers to create botnets that help their attacks. In fact, according to researchers at Trend Micro, sometimes nation-state attackers use botnets created by crooks. The advantage of using internet-facing corporate routers is they aren’t carefully watched by IT departments, they don’t have stringent password policies, they aren’t patched often and may have powerful operating systems that allow malware to be installed. Network administrators have to make sure these devices are monitored for compromise and use strong access passwords. Note this: In January the FBI disrupted a botnet of Ubiquiti EdgeRouters in January. However the botnet operators have moved some untouched devices to a new IT infrastructure. It is currently being used by crooks and the Russian gang known as APT28.

Should software companies be held legally responsible for knowingly producing applications with vulnerabilities? That’s the topic of one of the panels at this year’s RSA Conference in San Francisco, which opens today. An article in Dark Reading gives an outline of the issues. As most of you know, software licences have language that protects developers from being sued for damages even if a flaw is known. Class action lawsuits for negligence and breach of contract work for consumers, but not corporate buyers of applications. One problem: There is no agreed legal ‘standard of care’ in the software industry that developers have to follow. Another problem: Should there be a defence for hard-to-detect flaws? It will be an interesting debate.

Microsoft is expanding its strategy to improve product and corporate security. That’s according to a blog Friday by Charlie Bell, executive vice-president of Microsoft Security. Changes includes integrating recommendations from the Cyber Safety Review Board following a highly-critical March report into the compromise by China of Microsoft Exchange Online and lessons learned form the hack of Microsoft corporate email by a Russian group. Security is now the top priority at Microsoft, Bell said. All work will be guided by three principles: Products will be secure by design, secure by default and security controls and monitoring will be continuously improved.

Meanwhile researchers at Symantec say threat actors are increasingly leveraging the Microsoft Graph API to help communications with cloud-based command and control servers. For those who don’t know, the Graph API allows developers to access resources such as email, calendar events and files hosted on Microsoft cloud services. Exploitation of Graph API has been going on since at least 2021. The latest use was in malware against an organization in Ukraine, which connected to a Graph API to use Microsoft OneDrive as a command and control server for uploading and downloading files. IT leaders should make sure their antivirus and anti-malware scanners can detect this attack.

Continuum Health Alliance, an IT and administration services provider to U.S. healthcare practices, is notifying over 377,000 people of a data breach that happened last October.

Associated Wholesale Grocers, a large American food distributor, is notifying more than 26,000 people of a data breach that happened last October. Stolen were names and Social Security numbers. According to The Cyber Express, last fall the Play ransomware gang claimed responsibility for the theft of payroll details, tax records, financial information and more.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Amazon reviews losing trust as number of fake reviews are uncovered

Amazon's customer review system, once trusted for its verified buyer opinions, is increasingly under scrutiny as more and...

Apple Vision Pro U.S. sales plummet

Apple's Vision Pro headset, priced at $3,500, is experiencing a significant drop in U.S. sales. Market analysts report...

Security research team claims to have helped avert a major supply chain attack

JFrog Security Research team continuously scans public repositories such as Docker Hub, NPM, and PyPI to identify malicious...

Phishing attacks on state and local governments surge by 360%

Phishing attacks targeting state and local governments have surged by 360% between May 2023 and May 2024, according...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways