Premier Kids Care notifies patients of cyberattack, SolarWinds hackers breach US NNSA nuclear agency, and more - CloudSEK Cyber Bulletin
Premier Kids Care notifies patients of cyberattack, SolarWinds hackers breach US NNSA nuclear agency, and more
Major cybersecurity events on 21st December 2020 (Morning Post): Unsecured Azure blob exposed 500,000+ highly confidential docs from UK firm’s CRM customers. The horrific Vastaamo breach provokes Finnish government’s quick response. Telangana govt. site flaw exposes employees’ sensitive data.
Post author
By CloudSEK Threat Intelligence Team
Post date
December 21, 2020
21st December Morn
Round Up of Major Breaches and Scams
Premier Kids Care, Inc. notifies patients of attack first discovered in April
Premier Kids Care, Inc. (PKC) of Georgia provides specialized pharmacy and home clinical services for children with diabetes, endocrinological, and perinatal needs. On April 6, 2020, PKC discovered it had been targeted by a cyberattack and that an unauthorized actor had gained access to PKC systems. An investigation into the incident revealed that the unauthorized actor did obtain some personal information stored on a company computer, although the information did not include any Social Security numbers or financial information.
A massive fraud operation used mobile device emulators to steal millions from online bank accounts
Experts uncovered a massive fraud operation that used a network of mobile device emulators to steal millions of dollars from online bank accounts. Researchers from IBM Trusteer have uncovered a massive fraud operation that leveraged a network of mobile device emulators to steal millions of dollars from online bank accounts in a few days. The cybercriminals used about 20 mobile device emulators to mimic the phone of over 16,000 customers whose mobile bank accounts had been compromised.
SolarWinds hackers also breached the US NNSA nuclear agency
US DOE confirmed that threat actors behind the recent SolarWinds supply chain attack also hacked the networks of the US NNSA nuclear agency. US DOE confirmed this week that threat actors behind the recent SolarWinds supply chain attack also compromised the networks of the US National Nuclear Security Administration (NNSA) agency. “The Department of Energy is responding to a cyber incident related to the Solar Winds compromise in coordination with our federal and industry partners.” said Shaylyn Hynes, DOE Spokeswoman.
Trump Downplays Russia in First Comments on Cyberattack
Contradicting his secretary of state and other top officials, President Donald Trump on Saturday suggested without evidence that China — not Russia — may be behind the cyberattack against the United States and tried to minimized its impact. In his first comments on the breach, Trump scoffed at the focus on the Kremlin and downplayed the intrusions, which the nation’s cybersecurity agency has warned posed a “grave” risk to government and private networks.
Unsecured Azure blob exposed 500,000+ highly confidential docs from UK firm’s CRM customers
A business app developer’s unsecured Microsoft Azure blob left more than half a million confidential and sensitive documents belonging to its customers freely exposed to the public internet, The Register can reveal. Information contained in the blob included occupational health assessments, insurance claim documents from US firms underwritten by Lloyds of London, and senior barristers’ private opinions about junior colleagues applying for promotion.
In wake of horrific Vastaamo breach, Finnish government tables laws to protect data from cyber criminals
The huge data security breach and cyber-ransom attack at Finland’s Vastaamo Psychotherapy Centre has provoked a swift response from the government, which is primed to introduce more rigid laws and measures to protect the country’s databases and sensitive information from cyber criminals. In a significant bolstering of Finland’s data security laws, new legislation will require all enterprises offering social and healthcare services to join Kanta’s state-run national digital services platform.
IN: Telangana Government Site Flaw Exposed Sensitive Data of All Its Employees, Pensioners; Fixed Only After Three Months
Telangana state government took over three months to protect sensitive details of its employees and pensioners from its website. The Indian Computer Emergency Response Team (CERT-In) confirmed the vulnerability and replied on email in September to say that the authorities had been intimated about the issue, and Telangana IT Secretary Jayesh Ranjan assured a fix. In August, a server misconfiguration was found on the Telangana government site that risked exposing over 130,000 official files.
Round Up of Major Malware and Ransomware Incidents
Iranian Hackers Target Israeli Companies With Pay2Key Ransomware
Attacks conducted by Iranian hackers against Israeli companies involved the deployment of ransomware and theft of information, threat intelligence company ClearSky reported last week. Observed in November and December 2020 and collectively referred to as operation Pay2Key, the attacks appear to be the work of Iranian state-sponsored threat actor Fox Kitten. Also referred to as Parisite and PIONEER KITTEN, the activity associated with Fox Kitten is said to represent a collaboration between two known state-sponsored Iranian groups, namely APT33 and APT34.
Round Up of Major Vulnerabilities and Patches
Zero-click iOS zero-day found deployed against Al Jazeera employees
At least 36 Al Jazeera journalists, producers, anchors, and executives, along with a journalist at London-based Al Araby TV, had their iPhones hacked using a no-user-interaction zero-day vulnerability in the iOS iMessage app, an academic research group said today. Citizen Lab, a cybersecurity and human rights abuse research group at the University of Toronto, said the zero-day was part of an exploit chain named Kismet that was created and sold by NSO Group, a well-known vendor of spyware and surveillance products.
Gitpaste-12 worm botnet returns with 30+ vulnerability exploits
Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with even more exploits. The first iteration of Gitpaste-12 shipped with reverse shell and crypto-mining capabilities and exploited over 12 known vulnerabilities, therefore the moniker. This time, the advanced worm and botnet has returned with over 30 vulnerability exploits.
Facebook bug exposed email addresses of Instagram users
A Nepal-based IT security researcher Saugat Pokharel identified a Facebook bug that exposed the private data of Instagram users, including their email addresses and birthdays. Ironically, the service promises users that such information won’t be disclosed to the public at the time of registration. According to Pokharel who was participating in the Facebook bug bounty program, the bug made it easy for an attacker to get such private information from Instagram users.
Major cybersecurity events on 21st December 2020 (Morning Post): Unsecured Azure blob exposed 500,000+ highly confidential docs from UK firm’s CRM customers. The horrific Vastaamo breach provokes Finnish government’s quick response. Telangana govt. site flaw exposes employees’ sensitive data.
Post author
By CloudSEK Threat Intelligence Team
Post date
December 21, 2020
21st December Morn
Round Up of Major Breaches and Scams
Premier Kids Care, Inc. notifies patients of attack first discovered in April
Premier Kids Care, Inc. (PKC) of Georgia provides specialized pharmacy and home clinical services for children with diabetes, endocrinological, and perinatal needs. On April 6, 2020, PKC discovered it had been targeted by a cyberattack and that an unauthorized actor had gained access to PKC systems. An investigation into the incident revealed that the unauthorized actor did obtain some personal information stored on a company computer, although the information did not include any Social Security numbers or financial information.
A massive fraud operation used mobile device emulators to steal millions from online bank accounts
Experts uncovered a massive fraud operation that used a network of mobile device emulators to steal millions of dollars from online bank accounts. Researchers from IBM Trusteer have uncovered a massive fraud operation that leveraged a network of mobile device emulators to steal millions of dollars from online bank accounts in a few days. The cybercriminals used about 20 mobile device emulators to mimic the phone of over 16,000 customers whose mobile bank accounts had been compromised.
SolarWinds hackers also breached the US NNSA nuclear agency
US DOE confirmed that threat actors behind the recent SolarWinds supply chain attack also hacked the networks of the US NNSA nuclear agency. US DOE confirmed this week that threat actors behind the recent SolarWinds supply chain attack also compromised the networks of the US National Nuclear Security Administration (NNSA) agency. “The Department of Energy is responding to a cyber incident related to the Solar Winds compromise in coordination with our federal and industry partners.” said Shaylyn Hynes, DOE Spokeswoman.
Trump Downplays Russia in First Comments on Cyberattack
Contradicting his secretary of state and other top officials, President Donald Trump on Saturday suggested without evidence that China — not Russia — may be behind the cyberattack against the United States and tried to minimized its impact. In his first comments on the breach, Trump scoffed at the focus on the Kremlin and downplayed the intrusions, which the nation’s cybersecurity agency has warned posed a “grave” risk to government and private networks.
Unsecured Azure blob exposed 500,000+ highly confidential docs from UK firm’s CRM customers
A business app developer’s unsecured Microsoft Azure blob left more than half a million confidential and sensitive documents belonging to its customers freely exposed to the public internet, The Register can reveal. Information contained in the blob included occupational health assessments, insurance claim documents from US firms underwritten by Lloyds of London, and senior barristers’ private opinions about junior colleagues applying for promotion.
In wake of horrific Vastaamo breach, Finnish government tables laws to protect data from cyber criminals
The huge data security breach and cyber-ransom attack at Finland’s Vastaamo Psychotherapy Centre has provoked a swift response from the government, which is primed to introduce more rigid laws and measures to protect the country’s databases and sensitive information from cyber criminals. In a significant bolstering of Finland’s data security laws, new legislation will require all enterprises offering social and healthcare services to join Kanta’s state-run national digital services platform.
IN: Telangana Government Site Flaw Exposed Sensitive Data of All Its Employees, Pensioners; Fixed Only After Three Months
Telangana state government took over three months to protect sensitive details of its employees and pensioners from its website. The Indian Computer Emergency Response Team (CERT-In) confirmed the vulnerability and replied on email in September to say that the authorities had been intimated about the issue, and Telangana IT Secretary Jayesh Ranjan assured a fix. In August, a server misconfiguration was found on the Telangana government site that risked exposing over 130,000 official files.
Round Up of Major Malware and Ransomware Incidents
Iranian Hackers Target Israeli Companies With Pay2Key Ransomware
Attacks conducted by Iranian hackers against Israeli companies involved the deployment of ransomware and theft of information, threat intelligence company ClearSky reported last week. Observed in November and December 2020 and collectively referred to as operation Pay2Key, the attacks appear to be the work of Iranian state-sponsored threat actor Fox Kitten. Also referred to as Parisite and PIONEER KITTEN, the activity associated with Fox Kitten is said to represent a collaboration between two known state-sponsored Iranian groups, namely APT33 and APT34.
Round Up of Major Vulnerabilities and Patches
Zero-click iOS zero-day found deployed against Al Jazeera employees
At least 36 Al Jazeera journalists, producers, anchors, and executives, along with a journalist at London-based Al Araby TV, had their iPhones hacked using a no-user-interaction zero-day vulnerability in the iOS iMessage app, an academic research group said today. Citizen Lab, a cybersecurity and human rights abuse research group at the University of Toronto, said the zero-day was part of an exploit chain named Kismet that was created and sold by NSO Group, a well-known vendor of spyware and surveillance products.
Gitpaste-12 worm botnet returns with 30+ vulnerability exploits
Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with even more exploits. The first iteration of Gitpaste-12 shipped with reverse shell and crypto-mining capabilities and exploited over 12 known vulnerabilities, therefore the moniker. This time, the advanced worm and botnet has returned with over 30 vulnerability exploits.
Facebook bug exposed email addresses of Instagram users
A Nepal-based IT security researcher Saugat Pokharel identified a Facebook bug that exposed the private data of Instagram users, including their email addresses and birthdays. Ironically, the service promises users that such information won’t be disclosed to the public at the time of registration. According to Pokharel who was participating in the Facebook bug bounty program, the bug made it easy for an attacker to get such private information from Instagram users.
