16-Apr-24: In Security News Today

Hive Trojan Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown

Two individuals have been arrested in Australia and the U.S. for their involvement in developing and distributing the remote access trojan Hive RAT, allowing control over victim computers and access to private information. Additionally, a Nebraska man was indicted for operating a $3.5 million illegal cryptojacking operation, defrauding cloud computing providers to mine cryptocurrency. The suspects face charges including wire fraud, money laundering, and engaging in unlawful monetary transactions, with potential sentences of up to 20 years in prison.

Iran-Backed Hackers Blast Out Threatening Texts to Israelis

The Handala cyber group, allegedly backed by Iran, claimed to have compromised Israel’s radar systems and sent over 500,000 threatening texts to Israeli citizens amidst ongoing military tensions. The messages warned of imminent danger and urged citizens to evacuate, amplifying fear and confusion. While these claims have yet to be verified by Israeli officials, they reflect the escalating use of cyber warfare in geopolitical conflicts.

Ransomware Group Starts Leaking Data Allegedly Stolen From Change Healthcare

The RansomHub group has begun to leak data they claim to have stolen from Change Healthcare, involving highly sensitive personal and medical information. This follows an earlier ransomware attack by the Alphv/BlackCat group, from which RansomHub acquired the data. In response to these events, Change Healthcare’s parent company, UnitedHealth Group, is working on mitigating the impact on affected customers and has provided significant financial support to healthcare providers.

Change Healthcare cyberattack caused $872 million loss

UnitedHealth Group experienced an $872 million impact on its Q1 earnings as a result of a ransomware attack on Change Healthcare, with $593 million in direct cyberattack response costs and $279 million due to business disruptions. The attack led to a $0.74 per share impact in Q1, with estimated full-year 2024 impacts of $1.15 to $1.35 per share. The cyberattack disrupted the U.S. healthcare system, affecting claims receipt timing and prompting UnitedHealth to reflect an additional $800 million in claims reserves.

Omni Hotels Says Personal Information Stolen in Ransomware Attack

Omni Hotels confirmed a ransomware attack by the Daixin Team, which led to the theft of customer data dating back to 2017, affecting an estimated 3.5 million guests. Although sensitive financial details were not exposed, compromised data included names, emails, mailing addresses, and loyalty program information. The company has restored its systems and is navigating ransom negotiations, initially set at $3.5 million but reduced to $2 million.

Cisco Duo’s Multifactor Authentication Service Breached

A third-party provider handling telephony for Cisco’s Duo multifactor authentication service was compromised by a social engineering cyberattack, leading to a breach where SMS logs were downloaded for specific users. Cisco Duo customers were advised to watch out for potential phishing schemes. This incident highlights the risks associated with third-party identity security providers and emphasizes the importance of assessing the impact of such breaches on cybersecurity posture.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.