19-Apr-24: In Security News Today

Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers

The Akira ransomware group has extorted $42 million from over 250 victims by targeting businesses and critical infrastructure in North America, Europe, and Australia. They have evolved to target Linux servers, using various tactics like exploiting known vulnerabilities in Cisco appliances and utilizing tools like Mimikatz for privilege escalation. Additionally, the Akira ransomware group is believed to be linked to the Conti ransomware gang and has been observed using a hybrid encryption algorithm to encrypt systems.

180k Impacted by Data Breach at Michigan Healthcare Organization

Cherry Health in Michigan reported a ransomware attack that compromised the personal data of approximately 184,000 individuals on December 21, 2023. The breach involved sensitive information including Social Security numbers, health insurance details, and financial account information. The organization has notified affected individuals and is offering free credit monitoring and identity protection services.

22,500 Palo Alto Firewalls “Possibly Vulnerable” to Ongoing Attacks

Approximately 22,500 Palo Alto GlobalProtect firewall devices are vulnerable to the CVE-2024-3400 flaw, allowing unauthenticated attackers to execute commands with root privileges. Palo Alto Networks released patches between April 14 and 18, 2024, after the flaw was actively exploited by state-backed threat actors. Despite mitigation efforts, there are still around 22,500 possibly vulnerable instances, mainly in the United States, Japan, and India.

United Nations Agency Investigates Ransomware Attack, Data Theft

The United Nations Development Programme (UNDP) is investigating a cyberattack where threat actors breached its IT systems to steal human resources data. The attack, possibly linked to the 8Base ransomware gang, resulted in the exposure of sensitive information such as personal data, accounting data, and employment contracts. This incident highlights the ongoing threat of ransomware attacks targeting organizations, including those as prominent as the United Nations.

France’s Cannes Hospital in Midst of Major Cyberattack

Hôpital de Cannes – Simone Veil in France was hit by a severe cyberattack, resulting in all IT systems being shut down and the hospital reverting to manual, paper-based methods for documenting patient services. The hospital has canceled about a third of non-urgent procedures and is coordinating with local medical facilities to maintain emergency services. Ongoing investigations are supported by multiple cybersecurity agencies, and while there have been no ransom demands or confirmed data breaches, the hospital remains vigilant in maintaining patient care and updates.

OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining

Multiple vulnerabilities in OpenMetadata have been exploited to compromise Kubernetes clusters for cryptomining purposes. Threat actors have utilized critical authentication bypass and remote code execution flaws to infiltrate systems, downloading cryptomining malware from servers based in China. Microsoft advises updating OpenMetadata to the latest version to mitigate these risks and protect Kubernetes environments.

Cyberattack Takes Texas-based Frontier Communications Offline

Frontier Communications, a Texas-based telecom provider operating in 25 states, shut down its operations following a cyberattack that led to the theft of personally identifiable information. The breach, detected on April 14, resulted in certain systems being taken offline, causing operational disruptions. The company is currently investigating the incident, engaging cybersecurity experts, and cooperating with law enforcement authorities.

Russian APT Group Thwarted in Attack on US Automotive Manufacturer

Researchers disclosed an attack campaign by the FIN7 threat group targeting a US-based global automotive manufacturer, using spear-phishing to target IT employees with high admin-level rights. BlackBerry’s threat and research team detected and stopped the attack before the ransomware phase. FIN7, also known as Carbon Spider, is expanding its targets to include defense, insurance, and transportation sectors, aiming for larger entities with the expectation of higher ransom payments.

Multiple LastPass Users Lose Master Passwords to Ultra-Convincing Scam

A sophisticated phishing campaign named CryptoChameleon has targeted LastPass users, tricking them into revealing their master passwords through a series of well-crafted social engineering tactics. The attackers use a combination of phone calls, spoofed numbers, and personalized interactions to deceive victims into divulging sensitive information. Despite the attackers’ persistence and evolving tactics, awareness, caution with unsolicited communications, and refraining from sharing passwords are crucial defenses against such elaborate phishing schemes.

MITRE Says State Hackers Breached its Network via Ivanti Zero-days

MITRE Corporation disclosed a state-backed hacking group breached their systems in January 2024 by exploiting two Ivanti VPN zero-days, compromising their NERVE network. The attackers bypassed MFA defenses, used webshells and backdoors, and deployed malware for espionage. The incident led to mass exploitation affecting various organizations, prompting CISA to issue an emergency directive for federal agencies to mitigate the Ivanti zero-days.

UNDP, City of Copenhagen Targeted in Data-Extortion Cyberattack

The United Nations Development Programme (UNDP) and the city of Copenhagen, Denmark, were targeted in a cyberattack in late March, leading to data theft related to human resources and procurement. The UNDP is currently assessing the extent of the breach and has taken steps to identify the source and contain the affected server. While the ransomware gang 8Base claimed responsibility for the attack, the UNDP has not confirmed any ransom demands or payments.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.

Leave a Reply

Your email address will not be published. Required fields are marked *