December 18, 2023 – Cyber Briefing
👉 What’s happening in cybersecurity today?
Storm-0539, Qbot Malware, Vulnerabilities in Healthcare Sector, Rhadamanthys Stealer, Delta Dental Data Breach, MongoDB, NFT Heist, BioMatrix, Ontario Public Library, US Defense Bill, Alan Turing Institute, Generative AI, Prince Harry, Delhi Police, ICMR Data Breach
🚨 Cyber Alerts
1. Microsoft Alerts on Storm-0539 Cyber Threat
Microsoft has issued a warning about an emerging threat cluster, tracked as Storm-0539, orchestrating gift card fraud and theft through sophisticated email and SMS phishing attacks against retail entities during the holiday season. The attacks aim to harvest credentials and session tokens, allowing the threat actors to bypass multi-factor authentication (MFA) protections and persist in the environment using compromised identities, leading to the theft of sensitive information and facilitating fraud in gift card-related services.
2. Qbot Malware Targets Hospitality Industry
After a law enforcement operation disrupted the QakBot botnet in August, the malware has returned in a new phishing campaign targeting the hospitality industry. Microsoft warns of a new QakBot distribution, observed in a phishing attack impersonating an email from an IRS employee, with the malware delivered through a malicious PDF attachment.
3. CISA Advisory on Healthcare Cyber Risks
CISA has published a Cybersecurity Advisory based on a Risk and Vulnerability Assessment in the healthcare sector, identifying exploitable vulnerabilities and providing mitigations. The advisory emphasizes key actions for network defenders and software manufacturers to enhance cybersecurity and reduce the risk of detrimental cyber activities.
4. 3CX Advises Disabling Integration
Business communication company 3CX urges customers to disable SQL database integrations due to a potential vulnerability affecting versions 18 and 20. The advisory recommends users of MongoDB, MsSQL, MySQL, and PostgreSQL databases to temporarily disable the integration until a solution is implemented.
5. Rhadamanthys Stealer Enhancements
The Rhadamanthys information-stealing malware has undergone significant updates, introducing a new plugin system, enhanced stealing capabilities, and improved evasion techniques. Researchers at Check Point discovered these advancements in versions 0.5.0 and 0.5.1, highlighting the malware’s active development and its appeal to cybercriminals seeking a versatile and customizable tool for malicious activities.
6. Cl0p Hits Delta Dental in Data Breach
Delta Dental of California and Affiliates (DDCA) fell victim to a MOVEit Transfer zero-day flaw exploit, resulting in a breach by the Cl0p ransomware syndicate. Nearly seven million customers had sensitive information exposed, including driver’s licenses, passport numbers, and financial data.
7. MongoDB Probes Cybersecurity Incident
MongoDB is actively investigating a cyberattack that targeted its corporate systems, potentially exposing customer account metadata and contact information. Discovered on December 13, 2023, the incident prompted MongoDB to initiate its incident response plan. While no data exposure has been detected, the company advises customers to stay vigilant against potential social engineering and phishing threats, urging the implementation of active multi-factor authentication and regular password updates for MongoDB Atlas.
8. NFT Trader Faces Major Hack
A major hack has struck NFT Trader, resulting in the theft of high-value NFTs, including popular Bored Ape Yacht Club and Mutant Ape Yacht Club tokens. The hacker, who has demanded ransom payments for the stolen NFTs, targeted “old smart contracts,” prompting NFT Trader to advise users to revoke access to the compromised contracts. The incident involves millions of dollars’ worth of rare NFTs, raising concerns within the crypto community about the security of peer-to-peer trading platforms.
9. Medusa Hits BioMatrix in Cyber Attack
The Medusa ransomware group has reportedly targeted BioMatrix, a Florida-based national specialty pharmacy chain, breaching sensitive data. While the company’s website appears operational, Medusa has posted details of the breach on its dark web portal, including alleged patient complaints and CVS Health’s contract. The ransomware group has set a deadline of 10 days, 23 hours, and 55 minutes, demanding a hefty ransom of USD 1,000,000 to prevent the exposure of BioMatrix’s compromised data.
10. Cyber Attack Disrupts Library Services
The London Public Library in Ontario, Canada, shut down most services due to a cyberattack, joining a series of libraries globally facing similar issues. In-person borrowing and some programs remain available, but phones, email, WiFi, website, catalogs, printers, computers, and digital resources are inaccessible, impacting around 422,000 residents served by the library.
📢 Cyber News
11. US Defense Bill Boosts Cybersecurity
In a significant step forward for cybersecurity, the U.S. National Defense Authorization Act (NDAA) has incorporated recommendations from the Cyberspace Solarium Commission’s 2020 report. The $886 billion defense spending bill, set to become law after approval by President Joe Biden, encompasses nearly 70% of the commission’s proposals. Key measures include the establishment of a Civilian Cybersecurity Reserve, enhanced cybersecurity for nuclear systems, and initiatives for testing cyber resiliency, strengthening cooperation with Taiwan, and preparing for a continuity of the economy plan in the face of a major cyberattack.
12. US HHS AI-Driven Health Data Strategy
The U.S. Department of Health and Human Services (HHS) is embracing a five-year data strategy with a significant focus on responsibly leveraging artificial intelligence (AI) to enhance health and wellness. Aligned with the Biden Cancer Moonshot initiative, the strategy aims to cut cancer deaths, improve incident response, cultivate data talent, foster data sharing, integrate administrative data, and establish a holistic view of wellness and health needs. While recognizing AI’s potential for scientific advancements and efficiencies, HHS also acknowledges the risks, including discrimination, bias, fraud, and privacy concerns. The strategy pledges to establish an AI Task Force to address these challenges and ensure responsible AI use in the health sector.
13. Turing Institute Urges Limits on AI Risks
The Alan Turing Institute has called for the establishment of “red lines” against generative AI use without direct human oversight in high-stakes scenarios, citing the unreliability of current tools in national security. The report suggests mitigations, including recording actions of autonomous agents and attaching warnings to generative AI output, highlighting concerns about excessive trust and the need for stringent restrictions in critical areas.
14. Prince Harry Triumphs in Phone Hacking Case
Prince Harry celebrates a significant legal victory after a judge rules extensive phone hacking by Mirror Group Newspapers. The ruling has profound implications for the British media, indicating widespread unlawful information gathering over a decade. Harry, awarded £140,600 in damages, calls for UK authorities to investigate and bring charges against the company and those breaking the law.
15. 4 People Arrested in ICMR Data Breach
Four individuals have been apprehended by Delhi Police in connection with the Indian Council of Medical Research (ICMR) data breach that exposed the personal details of over 810 million Indians. The suspects, arrested from different states, claimed during interrogation to have accessed not only ICMR data but also information from the United States Federal Bureau of Investigation and Pakistan’s Computerized National Identity Card (CNIC).
Copyright © 2023 CyberMaterial. All Rights Reserved.
Get Help
Online Scam Prevention & Recovery
Schedule a free consultation
A free 15-min cybersecurity consultation