AnyDesk Hacked: revokes passwords and certificates in response
The German-based remote access software reported a hack on Friday, February 2nd discovered in their systems in mid-January with suspicious activity and presumed presence in their production systems in late December 2023. The company may have been targeted in an attempted supply chain attack which can allow threat actors to deliver trojanized software to the victim’s customers. The attackers might have accessed some user credentials from the compromised production system.
In response, AnyDesk revoked all security-related certificates and systems have been remediated or replaced where necessary and is pushing out software updates with the new certificates. Forcing procedures for a password reset for all its customers to terminate any compromised access by the hackers thereby, eliminating the possibility for session hijacking. A thorough review of the code base has also been performed by CrowdStrike to investigate for any malicious code modification. The company also confirmed that it was not a ransomware attack.
Google disclosed that in September 2017 it quietly mitigated the largest ever DDoS attack targeting its infrastructure, peaking at a record-breaking 2.54 Tbps over a 6 month period and attributed by Google’s threat team to a Chinese state-sponsored actor. Though successfully defended against without service disruption, Google raised the confidential attack’s profile now to sound the alarm on exponentially escalating nation-state DDoS threats capable of abusing widened internet bandwidths to critically disrupt entities worldwide unless awareness is raised collectively to get ahead of the risk curve. https://www.zdnet.com/article/google-says-it-mitigated-a-2-54-tbps-ddos-attack-in-2017-largest-known-to-date/
Over the weekend, a threat actor targeted the Hipocrate Information System (HIS) and deployed the Backmydata ransomware, which encrypted data pertaining to 26 hospitals across the country. The HIS system was knocked offline as well.
According to Romania’s National Cyber Security Directorate (DNSC), the attackers first encrypted the data of a children’s hospital on Saturday, February 10, with the rest of the facilities targeted between February 11 and February 12..My concerns is With hospitals being knocked offline, there’s a direct and immediate impact on patient care. Delays in treatment, surgeries, and accessing medical records can occur, potentially endangering patients’ lives. This incident highlights the real-world consequences of cyberattacks on essential services.
In summary, the ransomware attack on Romanian hospitals serves as a stark reminder of the ongoing threat posed by cybercriminals to critical infrastructure and the urgent need for proactive cybersecurity measures to protect essential services and ensure public safety.
https://www.securityweek.com/hunter-killer-malware-tactic-growing-stealthy-persistent-and-aggressive/
Hunter-Killer Malware Tactic Growing: stealthy, Persistent and Aggressive. The malware gets the name from the hunter killer submarine because they act very similar. The malware evades detection and disables cybersecurity defenses by delivering payloads into the system such as ransomware. The malware tactic is so popular that the top four most used are the all aspects of the hunter killer malware increased during 2023. T1055 is a process injection, T1059 allowed the attacker to disguise malicious activity using native tools, T1562 to impair defenses, T1082 system information discovery.
https://www.infosecurity-magazine.com/news/southern-water-notifies-customers/
Southern Water, a UK water supplier, has confirmed a ransomware attack compromising personal data of customers and employees. Approximately 230,000 to 460,000 customers (5-10% of its base) and some current/former employees are affected. The breach, by the Black Basta group, resulted in stolen data from a segment of the company’s servers. Southern is working with experts to monitor potential data leaks and collaborating with authorities for investigation. Customers received legitimate emails notifying them of the breach and offering identity and credit checks. This could be one of the largest breaches in the utility sector globally since 2018. Experts advise affected individuals to stay vigilant for phishing attempts and monitor accounts closely.
Two cab drivers, Abayev and Leyman, received prison sentences of four and two years, respectively, for hacking JFK Airport’s taxi dispatch system. They favored taxis that paid them, disrupting the regular queue from 2019 to 2021. Additionally, two Russian accomplices are still at large. The group caused around 1,000 daily line-jumps and were ordered to pay fines and restitution.
Bank of America is notifying 57,000 customers about a data breach that occurred at third-party services provider Infosys McCamish System. The breach was disclosed on November 3, 2023, after a cyberattack on IMS resulted in system unavailability. IMS restored impacted systems by December 31, estimating losses at $30 million, with potential additional costs. Bank of America informed customers on February 1 that their data may have been compromised. The exposed information may include names, addresses, dates of birth, Social Security numbers, and other account details.
AnyDesk Hacked: revokes passwords and certificates in response
The German-based remote access software reported a hack on Friday, February 2nd discovered in their systems in mid-January with suspicious activity and presumed presence in their production systems in late December 2023. The company may have been targeted in an attempted supply chain attack which can allow threat actors to deliver trojanized software to the victim’s customers. The attackers might have accessed some user credentials from the compromised production system.
In response, AnyDesk revoked all security-related certificates and systems have been remediated or replaced where necessary and is pushing out software updates with the new certificates. Forcing procedures for a password reset for all its customers to terminate any compromised access by the hackers thereby, eliminating the possibility for session hijacking. A thorough review of the code base has also been performed by CrowdStrike to investigate for any malicious code modification. The company also confirmed that it was not a ransomware attack.
https://www.securityweek.com/anydesk-shares-more-information-on-recent-hack/
https://www.securityweek.com/anydesk-revokes-passwords-certificates-in-response-to-hack/
Google disclosed that in September 2017 it quietly mitigated the largest ever DDoS attack targeting its infrastructure, peaking at a record-breaking 2.54 Tbps over a 6 month period and attributed by Google’s threat team to a Chinese state-sponsored actor. Though successfully defended against without service disruption, Google raised the confidential attack’s profile now to sound the alarm on exponentially escalating nation-state DDoS threats capable of abusing widened internet bandwidths to critically disrupt entities worldwide unless awareness is raised collectively to get ahead of the risk curve. https://www.zdnet.com/article/google-says-it-mitigated-a-2-54-tbps-ddos-attack-in-2017-largest-known-to-date/
Ransomware Attack Knocks 100 Romanian Hospitals Offline.
https://www.securityweek.com/ransomware-attack-knocks-100-romanian-hospitals-offline/
Romanian hospitals turned to using pen and paper for record keeping on Monday morning after a file-encrypting ransomware attack on a widely used healthcare management system.
Over the weekend, a threat actor targeted the Hipocrate Information System (HIS) and deployed the Backmydata ransomware, which encrypted data pertaining to 26 hospitals across the country. The HIS system was knocked offline as well.
According to Romania’s National Cyber Security Directorate (DNSC), the attackers first encrypted the data of a children’s hospital on Saturday, February 10, with the rest of the facilities targeted between February 11 and February 12..My concerns is With hospitals being knocked offline, there’s a direct and immediate impact on patient care. Delays in treatment, surgeries, and accessing medical records can occur, potentially endangering patients’ lives. This incident highlights the real-world consequences of cyberattacks on essential services.
In summary, the ransomware attack on Romanian hospitals serves as a stark reminder of the ongoing threat posed by cybercriminals to critical infrastructure and the urgent need for proactive cybersecurity measures to protect essential services and ensure public safety.
https://www.securityweek.com/hunter-killer-malware-tactic-growing-stealthy-persistent-and-aggressive/
Hunter-Killer Malware Tactic Growing: stealthy, Persistent and Aggressive. The malware gets the name from the hunter killer submarine because they act very similar. The malware evades detection and disables cybersecurity defenses by delivering payloads into the system such as ransomware. The malware tactic is so popular that the top four most used are the all aspects of the hunter killer malware increased during 2023. T1055 is a process injection, T1059 allowed the attacker to disguise malicious activity using native tools, T1562 to impair defenses, T1082 system information discovery.
https://www.infosecurity-magazine.com/news/southern-water-notifies-customers/
Southern Water, a UK water supplier, has confirmed a ransomware attack compromising personal data of customers and employees. Approximately 230,000 to 460,000 customers (5-10% of its base) and some current/former employees are affected. The breach, by the Black Basta group, resulted in stolen data from a segment of the company’s servers. Southern is working with experts to monitor potential data leaks and collaborating with authorities for investigation. Customers received legitimate emails notifying them of the breach and offering identity and credit checks. This could be one of the largest breaches in the utility sector globally since 2018. Experts advise affected individuals to stay vigilant for phishing attempts and monitor accounts closely.
Two cab drivers, Abayev and Leyman, received prison sentences of four and two years, respectively, for hacking JFK Airport’s taxi dispatch system. They favored taxis that paid them, disrupting the regular queue from 2019 to 2021. Additionally, two Russian accomplices are still at large. The group caused around 1,000 daily line-jumps and were ordered to pay fines and restitution.
https://www.securityweek.com/jfk-airport-taxi-hackers-sentenced-to-prison/
https://www.securityweek.com/bank-of-america-informing-customers-of-data-breach/
Bank of America is notifying 57,000 customers about a data breach that occurred at third-party services provider Infosys McCamish System. The breach was disclosed on November 3, 2023, after a cyberattack on IMS resulted in system unavailability. IMS restored impacted systems by December 31, estimating losses at $30 million, with potential additional costs. Bank of America informed customers on February 1 that their data may have been compromised. The exposed information may include names, addresses, dates of birth, Social Security numbers, and other account details.