Hackers Capitalize on CrowdStrike Outage with Phishing and Malware Attacks
Massive Data Breach at Australian Prescription Service MediSecure
20 Million Domains at Risk from New Email Spoofing Attacks
Google U-Turns on Third-Party Cookie Phaseout
North Korean Hacker Poses as IT Worker in Attempted Cyberattack
Hackers Capitalize on CrowdStrike Outage with Phishing and Malware Attacks
In the wake of the major disruption caused by a faulty CrowdStrike update last week, cybercriminals are launching phishing and malware attacks targeting companies scrambling to fix their systems.
CrowdStrike Warns of Phishing Attempts: CrowdStrike is urging users to be cautious and only communicate with them through official channels, as "adversaries and bad actors will try to exploit events like this." Similar warnings were issued by the U.K.'s National Cyber Security Center (NCSC) and automated malware analysis platform AnyRun.
Fake CrowdStrike Updates Deliver Malware:
BBVA Bank Targeted: Researchers discovered a phishing campaign aimed at BBVA bank customers that offered a fake CrowdStrike Hotfix update that actually installed a remote access tool (RAT).
Data Wiper Masquerades as Update: Another campaign distributes a data wiper disguised as a CrowdStrike update. This malware erases files and reports its actions on Telegram. Claimed by the pro-Iranian hacktivist group Handala, the attack targeted Israeli companies.
CrowdStrike Outage Caused Widespread Disruption:
The faulty CrowdStrike update impacted millions of Windows devices, leading to computer crashes that disrupted operations at airlines, financial institutions, hospitals, and other organizations. While the update has been fixed, some companies are still struggling to recover their systems.
Security Experts Recommend Vigilance:
This incident highlights the importance of remaining vigilant during security incidents. Users should be wary of unsolicited emails or updates, and only interact with official channels from trusted vendors.
Massive Data Breach at Australian Prescription Service MediSecure
https://medisecurenotification.wordpress.com/
Australian prescription delivery service MediSecure has confirmed a significant data breach affecting approximately 12.9 million customers. The attack, which occurred in April 2024, resulted in the theft of sensitive personal and health information.
The stolen data includes names, dates of birth, addresses, contact details, Medicare card numbers, prescription details, and pensioner concession card information. While MediSecure has managed to restore the stolen data from backups, it has been unable to identify the specific individuals affected due to the complexity of the data set.
The Australian National Cyber Security Coordinator (NCSC) has warned of potential scams targeting individuals impacted by the breach. The NCSC advises individuals to be cautious of unsolicited contact seeking personal or financial information.
MediSecure has ceased operations, and its services have been replaced by Fred IT Group's eRx Script Exchange.
This incident highlights the growing threat posed by cyberattacks to healthcare organizations and the importance of robust data protection measures.
20 Million Domains at Risk from New Email Spoofing Attacks
Cybersecurity researchers have uncovered a critical vulnerability affecting over 20 million trusted domains, including those belonging to Fortune 500 companies and government agencies.
The flaw, discovered by PayPal security experts, exploits weaknesses in email hosting providers, allowing attackers to bypass essential security protocols like SPF, DKIM, and DMARC. By chaining together multiple vulnerabilities, cybercriminals can send malicious emails that appear to originate from legitimate sources, increasing the risk of phishing and data breaches.
The researchers will unveil the specific attack techniques and affected vendors at the Black Hat USA conference in August. While some email providers have options to mitigate the issue, many large organizations continue to use vulnerable default settings, expanding the attack surface.
Experts recommend organizations strengthen their email security measures, including enforcing SPF, DKIM, and DMARC, using advanced email filtering solutions, and staying updated on the latest threats.
The discovery highlights the ongoing challenge of securing email communications and underscores the need for robust defenses against sophisticated cyberattacks.
Google U-Turns on Third-Party Cookie Phaseout
https://privacysandbox.com/news/privacy-sandbox-update/
In a major policy reversal, Google has abandoned its plans to phase out third-party tracking cookies in its Chrome web browser.
The tech giant, which has faced intense scrutiny and regulatory pressure over its Privacy Sandbox initiative, will instead introduce a new system that gives users more control over their data.
The decision comes after years of delays and industry backlash. While Apple and Mozilla have already blocked third-party cookies, Google's dominance in the browser market made its implementation more complex.
Privacy advocates and competitors have raised concerns about Google's proposed alternatives, arguing that they could still allow for extensive user tracking. Apple, for instance, has criticized Google's Topics API, claiming it could be used to create detailed user profiles.
The UK's Competition and Markets Authority (CMA) is closely monitoring Google's new approach and will assess its impact on user privacy and competition in the digital advertising market.
This latest development marks another chapter in the ongoing battle between tech companies, regulators, and privacy advocates over the future of online advertising and user data.
North Korean Hacker Poses as IT Worker in Attempted Cyberattack
https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
A security firm, KnowBe4, has foiled an attempt by a North Korean hacker to infiltrate its systems by posing as a legitimate software engineer. The company successfully identified and contained the threat before any damage was done.
The attacker, believed to be affiliated with North Korea, submitted a fabricated resume and underwent a seemingly standard hiring process, including background checks and reference verification. However, upon receiving their work computer, the "employee" immediately attempted to download malware. KnowBe4's security team detected the suspicious activity and launched an investigation.
The investigation revealed that the applicant's photo was a deepfake generated from stock photography. Additionally, the attacker used social engineering tactics to explain away the suspicious activity, claiming to troubleshoot internet speed issues.
This incident highlights the evolving tactics of nation-state attackers and the importance of robust security measures for businesses. KnowBe4 recommends several preventative steps, including:
Enhanced vetting procedures: This could involve verifying physical location, scrutinizing resume inconsistencies, and conducting video interviews.
Improved background checks: Don't rely solely on email references and ensure thorough name verification.
Continuous security monitoring: Monitor for suspicious activity and unauthorized access attempts.
Employee security awareness training: Educate employees on social engineering tactics used by attackers.
The KnowBe4 case demonstrates the critical need for collaboration between HR, IT, and security teams to defend against sophisticated cyberattacks.
Share this post