This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Dimitri Van Zantvliet, CISO, Dutch Railways
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Arc browser’s Windows launch sabotaged by malvertising
The much-anticipated launch of the Arc browser for Windows, a new browser that has already received positive reviews after last year’s release for iOS, was marred by a Google Ads malvertising campaign that lured people into downloading trojanized installers to receive malware payloads. A report from MalwareBytes describes how the threat actors set up malicious advertisements on Google Search to attract users looking to download the new web browser. Since these installed the Arc browser as expected, it is unlikely that victims will realize they have become infected with malware.
(ThreatDown blog by MalwareBytes)
Cencora breach exposed patient info from 11 drug companies
Following up on a story we covered in March 1, some of the world’s largest drug companies have disclosed data breaches following a cyberattack at Cencora, formerly known as AmerisourceBergen, a pharmaceutical services provider specializing in drug distribution, specialty pharmacy, consulting, and clinical trial support. The data stolen includes full name, address, health diagnosis, medications, and prescriptions, although no numbers of patients appears available. This is because the 11 companies affected, including Novartis, Bayer, and GlaxoSmithKline are processing the impact individually.
Black Basta claims hack on fuel distributor Atlas
According to researcher Dominic Alvieri, Black Basta has added the company to its online victim list. “Atlas is one of the largest national fuel distributors in the U.S., moving 1 billion gallons of fuel per year to the 49 continental states. Amid the 730GB of data claimed to have been stolen from Atlas is corporate data belonging to departments such as Accounts, HR, Finance, and Executive, as well as user and employee data. The gang has published some documents as proof, but Atlas has yet to disclose the alleged incident.
Funding cuts expands backlog of unanalyzed vulnerabilities
New research from VulnCheck shows that over 90% of submissions to the U.S. government’s National Vulnerabilities Database have not been analyzed or enriched since the agency announced cutbacks in February. CVE enrichment involves the inclusion of public feedback following the creation of a vulnerability number. This has been adversely affected by the cutbacks. Out of 12,720 new vulnerabilities added since February, 11,885 remain not analyzed. In addition, 82% of bugs that have a public proof-of-concept exploit have not been examined.
Thanks to today’s episode sponsor, Vanta
With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast.
Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you.
Visit vanta.com/ciso to take a tour.
Ascension’s recovery highlights the less visible effects of a healthcare cyberattack
The healthcare network’s 140 member hospitals and senior care centers are coming back online following a major cyberattack earlier this month, but certain scars remain. The sudden loss of technology left nurses and physicians exasperated. The need to use fax machines to order prescriptions, lab work and imaging was something they described as dangerous, as one nurse described a case where they had to wait four hours for head CT (scan) results on somebody having a brain bleed. They “struggled to know what blood tests or medications correspond to which patients, and resorted to their own text messaging threads, along with asking patients to bring in their own documentation. Some health workers have “criticized Ascension ordering them not to explain the situation to patients who become angry when they are told that tests cannot be done or the wrong medication was delivered.” Ascension is also facing a class action lawsuit as a result of the theft of confidential patient information.
Senator calls for UnitedHealth’s C-Suite to be held accountable.
Yesterday, Sen. Ron Wyden of Oregon unloaded on UnitedHealth Group (UHG), sending a four-page letter to regulators, calling for the company’s leaders to “be held responsible” for negligence connected to the ransomware attack on Change Healthcare. Comparing it to SolarWinds, he pointed out that the CISO was inexperienced, but says it would be unfair to scapegoat the CISO, when the C-Suite is to blame for approving his hire.
Dutch bank ABN Amro discloses data breach
This breach has been announced as being a result of a ransomware attack suffered by a third-party vendor, AddComm, a company that distributes documents and tokens physically and digitally to clients and employees. AddComm has contained the incident and is investigating what data may have been accessed, and ABM Amro has stopped using this vendor’s services. The bank also states that there are currently no indications that attackers have used the data of its customers.