LockBit hits German hospital system over the holidays
The Catholic Hospital Association of East Westphalia suffered a breakdown of its IT systems on December 24, with three of its six hospitals affected. According to an announcement on their own website, the assailant was LockBit 3.0, and certain data was encrypted. Dr. Jan Schlenker, Managing Director of the hospital group stated that patient data is still available for patient treatment.
(Katholische Hospitalvereinigung Ostwestfalen)
Ohio Lottery cyberattack claimed by DragonForce
Of numerous organizations suffering cyberattacks over the Holiday period, the Ohio Lottery had to shut down some key systems on Christmas Eve. This affected the cashing of prizes above $599 as well as preventing customers from seeing winning numbers on its website. A new extortion operation named DragonForce has placed a notice on its leaked site that it is holding over 600 Gigabytes of information. Experts believe that despite the new name, this attack has the hallmarks of an already experienced gang.
First American says funds are secure
Following up on a story we brought you on Tuesday, title insurance company First American has now stated that all funds held at First American Trust and third-party partner banks remain secure despite last week’s cyberattack. Its main website is also now back up. The company has not yet stated whether this was a ransomware attack.
Wall of Flippers hold potential to deter Bluetooth spam attacks
Following up on a story we brought you in September regarding a Flipper Zero proof of concept, a new project built in Python now offers the capacity to detect Bluetooth spam attacks. In September this ability was demonstrated by a researcher as something of a prank, but the ability to spam Apple devices in this way soon took on a life of its own and spread to Android devices without the need for a Flipper Zero. As reported in Bleeping Computer, this is far from a prank, with “many reported severe business disruptions with their Square payment readers, and others faced more threatening situations, like causing an insulin pump controller to crash and hearing aids and heart rate monitoring tools being disrupted.” The Wall of Flippers solution claims to run on Linux and Windows but has not been independently tested and is a work in progress.
Huge thanks to this week’s episode sponsor, Barricade Cyber Solutions
Apache OfBiz zero-day warning
Researchers at SonicWall issued the warning regarding an authentication bypass zero-day flaw that affects Apache OfBiz, an ERP system, which forms part of supply chain of prominent platforms such as Atlassian’s JIRA. The vulnerability, tracked as CVE-2023-51467, can be triggered to bypass authentication to achieve a simple server-side request forgery (SSRF). The issue resides in the login functionality and results from an incomplete patch for the preauth RCE vulnerability CVE-2023-49070 (CVSS score: 9.8). The vulnerability has been addressed by Apache OfBbiz with the release of version 18.12.11 or later.
Rugmi malware loader surges
Cybersecurity firm ESET is tracking a trojan under the name Win/TrojanDownloader.Rugmi, which is apparently being used by threat actors to deliver a wide range of information stealers such as Lumma Stealer (aka LummaC2), Vidar, RecordBreaker (aka Raccoon Stealer V2), and Rescoms. Detections of Rugmi spiked in October and November. The Rugmi stealer is distributed in a number of ways including malvertising, fake browser updates, and cracked installations of software such as VLC media player and OpenAI ChatGPT.
Kroll adds more detail to its August FTX customer data breach
Following up on a story we covered in August, the risk and financial advisory company Kroll has now released more details about the SIM-swapping based data breach that occurred that month. The breach exposed the personal information of FTX bankruptcy claimants, and Kroll now says, “the exposed data included coin holdings and balances, which would allow threat actors to pinpoint attractive targets who invest heavily in the cryptocurrency markets.”
The cyber-underworld celebrates Leaksmas by gifting each other stolen data
A report from security firm Resecurity describes how they observed “multiple actors on the Dark Web releasing substantial data dumps. These were the result of data breaches and network intrusions to a variety of companies and government agencies.” The report describes that the data files were tagged with “Free Leaksmas, “indicating that these significant leaks were shared freely among various cybercriminals as a form of mutual gratitude.”