Cybersecurity Weekly Update: Key Discoveries and Threats (Week of October 14, 2024)
As the digital landscape continues to evolve, so too do the threats that lurk within it. This week, significant developments in cyber research have emerged, highlighting the ongoing battle against cybercrime and the vulnerabilities that organizations face. For an in-depth look at the latest discoveries, be sure to download our Threat Intelligence Bulletin. Below, we delve into the most pressing attacks, breaches, vulnerabilities, and threat intelligence reports from the past week.
Top Attacks and Breaches
Ransomware Strikes Axis Health System
In a troubling incident, the nonprofit healthcare organization Axis Health System fell victim to a ransomware attack orchestrated by the Rhysida gang. The attackers have stolen sensitive data, including mental health and substance abuse records, and are demanding a ransom of $1.5 million. They have threatened to publish the data within six days if their demands are not met. In a related attack, the gang has leaked 102GB of data from Golden Age Nursing Home, which includes over 35,000 files containing medical records and discharge reports. Organizations can bolster their defenses against such threats with Check Point Threat Emulation and Harmony Endpoint, which provide protection against Rhysida ransomware variants.
LEGO’s Website Compromised
Danish toy manufacturer LEGO experienced a cyberattack that compromised its website, leading to the promotion of a fraudulent “LEGO Coin” cryptocurrency. Although the attack had limited success, with only a few hundred dollars’ worth of fake tokens purchased, it underscores the need for vigilance in online security practices.
American Water Suffers Cyber Disruption
American Water, the largest water utility in the United States, confirmed a cyberattack that disrupted its internal systems, particularly affecting customer billing. Fortunately, the breach did not impact water and wastewater services, but it highlights the vulnerabilities within critical infrastructure.
Data Breach at Internet Archive
The Internet Archive’s “The Wayback Machine” was hit by a data breach that compromised 31 million user records, including email addresses, screen names, and bcrypt-hashed passwords. The breach also involved site defacement and a Distributed Denial of Service (DDoS) attack, raising concerns about the security of digital archives.
Casio’s System Failure
Japanese tech giant Casio disclosed a cyberattack that caused significant system failures, resulting in the leak of over 91,000 customer records in Japan and 35,000 records from other countries. The exposed data included names, email addresses, and payment method information, emphasizing the need for robust cybersecurity measures in the tech industry.
VGTRK Disrupted by Hacktivists
Russian state media company VGTRK experienced a cyberattack that disrupted several television channels, including Russia 1 and Russia 24, for nearly an hour. The pro-Ukrainian hacktivist group Sudo rm-RF is believed to be behind the attack, which resulted in the erasure of data from the company’s servers, including backups.
Fidelity Investments Data Breach
Fidelity Investments reported a data breach that exposed personal information for over 77,000 customers. The breach occurred between August 17 and August 19 and involved unauthorized access to customer information through newly established accounts. Fortunately, no Fidelity accounts or funds were directly accessed, but the incident raises concerns about account security.
ADT Cyberattack
American security company ADT confirmed a cyberattack that led to the exfiltration of encrypted internal company data related to employee user accounts. The breach was facilitated by compromised credentials obtained from a third party, although no customer data or security systems were compromised.
Vulnerabilities and Patches
Microsoft October 2024 Patch Tuesday
Microsoft’s October 2024 Patch Tuesday addressed 117 security vulnerabilities, including four zero-day flaws. Critical patches focused on Remote Code Execution vulnerabilities in Microsoft Configuration Manager and Remote Desktop Protocol Server, underscoring the importance of timely updates to safeguard systems.
Google Android Security Update
Google’s October 2024 Android security update tackled critical vulnerabilities, including a denial-of-service flaw in the Android Framework and local privilege escalation issues. The update also patched vulnerabilities in MediaTek and Qualcomm components, covering essential functions like WLAN and display.
Adobe Security Update
Adobe’s October 2024 security update addressed multiple vulnerabilities across its product family, including Adobe Substance 3D Painter and Adobe Commerce. The update focused on critical flaws that could enable unauthorized access, emphasizing the need for regular software updates.
Threat Intelligence Reports
AI-Driven Malware Tactics
Check Point Research released its September 2024 Most Wanted Malware report, highlighting a shift towards AI-driven malware tactics. The report indicates that threat actors are increasingly using AI to develop scripts that deliver AsyncRAT malware, which has now ranked 10th on the most prevalent malware list. RansomHub continues to lead among ransomware groups, while Joker remains the top mobile malware.
Disinformation Campaigns
Check Point Research analyzed ‘Operation MiddleFloor,’ a disinformation campaign targeting Moldova’s government and education sectors ahead of the October 2024 elections. The Russian-aligned group, Lying Pigeon, employed spoofed emails to spread false information while gathering data for potential malware attacks.
GoldenJackal APT Group
Researchers uncovered a campaign by the GoldenJackal APT group targeting air-gapped systems in government and diplomatic entities across Europe, the Middle East, and South Asia. Utilizing custom toolsets, the group breached isolated networks to steal sensitive information and exfiltrate data through USB monitoring and modular backdoors.
New Phishing-as-a-Service Platform
A new phishing-as-a-service (PhaaS) platform called Mamba 2FA was discovered, designed for adversary-in-the-middle (AiTM) phishing attacks. This platform mimics Microsoft 365 login pages and bypasses multi-factor authentication methods, posing a significant threat to organizations relying on such security measures.
Conclusion
The cyber landscape remains fraught with challenges as organizations grapple with increasingly sophisticated threats. From ransomware attacks to data breaches and emerging vulnerabilities, the need for robust cybersecurity measures has never been more critical. By staying informed and proactive, organizations can better protect themselves against the evolving threats that define our digital age. For more detailed insights and protective measures, don’t forget to download our Threat Intelligence Bulletin.