Weekly Cyber Research Update: Key Discoveries and Threats (October 21, 2024)
As the digital landscape continues to evolve, so too do the threats that lurk within it. The week of October 21, 2024, has seen significant developments in cyber research, highlighting the ongoing challenges faced by organizations worldwide. For a comprehensive overview of the latest discoveries, we invite you to download our Threat Intelligence Bulletin. Below, we delve into some of the most pressing attacks, breaches, vulnerabilities, and trends that have emerged this week.
Top Attacks and Breaches
Boston Children’s Health Physicians Data Breach
In a concerning incident, Boston Children’s Health Physicians, part of the Boston Children’s Hospital network, suffered a data breach in September. This breach exposed sensitive patient information, including Social Security numbers, medical records, and health insurance details. The breach was detected after unusual activity was noted on September 6, leading to system shutdowns by September 10. The notorious BianLian ransomware group claimed responsibility for this attack, marking another high-profile incident attributed to their operations. Organizations can bolster their defenses against such threats through solutions like Check Point Harmony Endpoint and Threat Emulation, which provide protection against the BianLian ransomware variants.
Globe Life Insurance Extortion Threat
Insurance giant Globe Life is currently facing extortion attempts after hackers stole data from its subsidiary, American Income Life Insurance Company. The breach involved the theft of information from over 5,000 individuals, including Social Security numbers, names, addresses, and health-related data. Unlike traditional ransomware attacks, the threat actors did not disrupt operations but instead shared some of the stolen data with short sellers and plaintiffs’ attorneys, claiming to possess additional unverified information. This incident underscores the evolving tactics employed by cybercriminals.
DDoS Attack on Japan’s Liberal Democratic Party
Japan’s ruling Liberal Democratic Party (LDP) experienced a distributed denial-of-service (DDoS) cyberattack that disrupted its website operations at the onset of the country’s general election campaign. Pro-Russian hacker groups, including NoName057(16) and the Cyber Army of Russia, claimed responsibility for the attack, citing Japan’s upcoming joint military exercise with the U.S. as their motivation. This incident highlights the intersection of cyber warfare and political events, raising concerns about the integrity of electoral processes.
Nidec Corporation Ransomware Attack
Nidec Corporation, a prominent Japanese tech giant, confirmed a data breach following a ransomware attack earlier this year. The attackers accessed servers in Nidec’s Precision division in Vietnam using stolen VPN credentials, leading to the theft of over 50,000 files, including internal documents and contracts. After refusing to meet the attackers’ extortion demands, the stolen data was leaked on the dark web. The 8BASE ransomware gang initially claimed responsibility, later followed by the Everest group. Organizations can protect themselves against such threats with Check Point Harmony Endpoint and Threat Emulation.
Game Freak Cyberattack
Game Freak, the developer behind the beloved Pokémon series, disclosed a cyberattack that occurred in August 2024. This incident resulted in the leak of source code and game designs for unpublished titles, as well as personal information of employees, contractors, and former business associates. Fortunately, Game Freak assured that players’ data was not affected, but the breach raises concerns about intellectual property security in the gaming industry.
Radiant Capital Cryptocurrency Theft
In a significant breach within the decentralized finance sector, Radiant Capital reported the theft of over $50 million in cryptocurrency. The attack compromised the devices of three trusted developers, allowing hackers to gain access to multiple private keys. This enabled them to execute malicious transactions without obvious warning signs, draining user funds. The incident serves as a stark reminder of the vulnerabilities present in the rapidly evolving world of cryptocurrency.
Vulnerabilities and Patches
Google Chrome Security Update
Google has released a security update for its Chrome browser, addressing 17 vulnerabilities, including CVE-2024-9954, a high-severity use-after-free vulnerability that could allow remote attackers to exploit heap corruption. Users are encouraged to update their browsers promptly to mitigate potential risks.
Oracle’s October Patch Update
Oracle has issued its October patch update, which includes a staggering 334 security updates, addressing 35 critical vulnerabilities. The majority of these fixes target Oracle Commerce and Oracle Hyperion, emphasizing the importance of regular updates in maintaining system security.
macOS Vulnerability “HM Surf”
A new macOS vulnerability, known as “HM Surf” (CVE-2024-44133), has been identified, allowing attackers to bypass the Transparency, Consent, and Control (TCC) technology in macOS. Successful exploitation could lead to unauthorized access to sensitive user data, including browsing history and location. Apple has released a fix for this vulnerability in the Sequoia update.
Jetpack Plugin Security Update
The popular WordPress plugin Jetpack has released a critical security update addressing a vulnerability in its Contact Form feature. This flaw allowed any logged user on a site to read contact forms submitted by other users, highlighting the need for vigilance in plugin security.
Threat Intelligence Reports
Surge in Cyberattacks
Check Point Research reports a staggering 75% surge in global cyberattacks in Q3 2024 compared to the same period in 2023, with an average of 1,876 attacks per organization. The Education/Research sector was the most targeted, while Africa faced the highest attack rates regionally. Ransomware incidents remained persistent, particularly affecting the Manufacturing and Healthcare sectors.
Phishing Trends Analysis
In its analysis of phishing trends for Q3 2024, Check Point Research found that Microsoft was the most imitated brand, responsible for 61% of phishing attempts. Apple and Google followed with 12% and 7%, respectively. Notably, Alibaba entered the top 10 for the first time, indicating shifting tactics among cybercriminals.
North Korean IT Worker Schemes
Researchers have uncovered a disturbing trend involving North Korean IT workers infiltrating Western companies using fake identities. After their employment is terminated, these workers extort their former employers by stealing sensitive data and demanding ransom, often using tools like VPNs to mask their locations.
UAT-5647 Attacks on Ukrainian Entities
A new wave of attacks by the Russian-speaking group UAT-5647 has been identified, targeting Ukrainian government entities and some Polish organizations. Utilizing updated variants of RomCom malware, the group appears focused on both data exfiltration and potential ransomware deployment, indicating a dual focus on espionage and financial gain.
Conclusion
The cyber landscape remains fraught with challenges as organizations grapple with an increasing number of sophisticated attacks and vulnerabilities. Staying informed and proactive is essential for mitigating risks and safeguarding sensitive data. For more in-depth insights and updates, be sure to download our Threat Intelligence Bulletin and stay ahead of the evolving threat landscape.