Cyber Security Headlines Week in Review: Government hospital warning, Sisence breach, Financial firms lose $12b

This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Mike Levin, deputy CISO, 3M

Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com.

U.S. Government warns hospitals of hackers targeting IT help desks

This warning comes from the Health Sector Cybersecurity Coordination Center, and states that “hackers are using social engineering tactics to target IT help desks across the Healthcare and Public Health (HPH) sector.” This is giving attackers access to their targets by enrolling their own multi-factor authentication (MFA) devices, with the primary goal, currently, of stealing funds. According to BleepingComputer, “the threat actors use a local area code to call organizations”  including using voice cloning techniques, pretending to be employees in the financial department. They provide stolen ID verification details, including corporate ID and social security numbers. Using this sensitive information and claiming their smartphone is broken, they convince the IT helpdesk to enroll a new device in MFA under the attacker’s control.” No group has yet been associated with these attacks, but the name Scattered Spider does keep coming up.

(BleepingComputer)

Sisense breach exposes customers to potential supply chain attack

The breach that affected the well-known manufacturer of business analytics software is sufficiently important to prompt CISA to issue an alert. According to Cyberscoop, “although the details of the attack are not yet clear, the breach may have exposed hundreds of Sisense’s customers to a supply chain attack and provided the attacker with a door into the company’s customer networks.” The CISA alert strongly recommends that Sisense customers reset credentials that may be “exposed to, or used to access, Sisense services.” Cybersecurity researcher Marc Rogers has urged current and former customers of Sisense to “not underestimate the risk” posed by the breach.

(Cyberscoop)

Financial firms lose $12 billion to cyberattacks in two decades

This number comes from the International Monetary Fund and represents losses from 20,000 cyberattacks. The data is contained in its April 2024 Global Financial Stability Report. The report continues by pointing out that “financial organizations are at the receiving end of roughly one fifth of all cyberattacks, with cybercriminals seeking to steal money or disrupt economic activities.” It predicts that “reliance on third-party IT services providers and the rise of AI use could expose financial institutions to additional risks, such as outages caused by ransomware attacks on the service providers, and AI-related data leaks.” A link to the report is available in the show notes to this episode.

(IMF April 2024 Global Financial Stability Report)

Hackers using infected devices to hunt for vulnerabilities

Vulnerability scanning has long been a key reconnaissance step for malicious actors looking to deploy cyber-attacks. However, researchers at Palo Alto Networks Unit 42 say that in 2023 a growing number of threat actors conducted their vulnerability scanning activity from a previously compromised devices. The researchers identified vulnerability scanning clusters targeting vulnerabilities in commodity products such as Ivanti’s Connect Secure and Policy Secure solutions and Progress’ MOVEit Transfer. This malware-based vulnerability scanning tactic allows threat actors to better cover their tracks by bypassing geofencing and to scale their operations by generating higher scan volumes using compromised devices.

(Infosecurity Magazine)

Huge thanks to this week’s episode sponsor, Vanta

Microsoft exposed internal passwords in security lapse

On February 6th, security researchers notified Microsoft that they discovered an unsecured Azure cloud storage server. The server contained info relating to Microsoft’s Bing search engine as well as code, scripts and configuration files containing passwords, keys and credentials used by Microsoft employees for accessing other internal databases and systems. The storage server was not protected with a password and could be accessed by virtually anyone on the internet. Microsoft secured the exposed files on March 5 but did not say whether it had reset or changed any of the exposed internal credentials. It’s also unclear how long the cloud server was exposed to the internet. 

(TechCrunch)

Over 90,000 LG Smart TVs exposed to remote attacks

Security researchers have discovered four vulnerabilities impacting multiple versions of the operating system used in LG smart TVs. The flaws in LG’s WebOS enable authorization bypass, privilege escalation, and command injection. Exploiting these flaws could allow a threat actor to take control of services on the device, pivot to more sensitive devices connected to the same network, or enlist devices into malware botnets or cryptomining schemes. Shodan internet scans have identified 91,000 exposed and potentially vulnerable devices. Though LG TVs alert users when important WebOS updates are available, those can be postponed indefinitely. Users should apply updates by going to the TV’s Settings > Support > Software Update, and selecting “Check for Update.”

(Bleeping Computer and Dark Reading)

Chip maker says Taiwan earthquake will affect its DRAM supply

Micron Technology stated yesterday that the April 3 earthquake in Taiwan will hurt a calendar quarter of its dynamic random access memory supply. With four locations in Taiwan, the company has a disproportionate role in the global chip supply chain, chips that are used in data centers, personal computers, smartphones, and other computing devices. However, despite not being at full production numbers at present the company said there would be no impact to its long-term DRAM supply capability.

(Reuters)