In today’s cybersecurity news…
Cyberattack cost Halliburton $35 million thus far
Following up on a story we covered in late August, the attack on Halliburton, one of the largest oilfield service providers in the world, cost the company $35 million by the end of September. RansomHub is believed to be the group behind the attack, but this has not been officially confirmed. According to Security Week, “Halliburton has yet to confirm that the incident was a ransomware attack, but its brief description suggests that it was. The company has confirmed that hackers accessed and exfiltrated information from its corporate systems.”
DDoS attack makes credit card readers malfunction in Israel
Customers at supermarkets and gas stations were apparently unable to make payments during a DDoS attack that had been launched against the payment gateway company Hyp and its CreditGuard product. The attack, which lasted around an hour, disrupted communications between the card terminals and the wider payment system, but did not steal information or payments. An Iran-linked hacker group has apparently claimed responsibility, but this has not been confirmed. This is far from the first time this type of attack has happened in Israel. The most recent, prior to this, occurred in October at the payment firm Sheba.
Debt relief firm Forth announces data breach for customers and non-customers
The breach which occurred on May 21 of this year now sees debt relief solutions provider Forth – its full legal name is Set Forth – notifying 1.5 million individuals that their personal information had been compromised. Although the breach occurred in May, it was on July 1 that the company confirmed that attackers had accessed certain documents on its systems. The affected individuals might not even have been customers of Forth, but may be customers of Centrex Software, which “provides cloud-based customer relationship management solutions powered by the Set Forth platform. This platform allows businesses to collect and share consumer information, with their permission, between its users,” the company says.
(Security Week and Set Forth Announcement)
Secure-by-design hits 6-month mark, progress being made
In an interview with Recorded Future News, Jack Cable, a senior technical adviser at CISA who has been championing the effort, says 248 companies signed the pledge, and most are taking it seriously. Secure-by-design includes a pledge from software companies to the Biden administration and their own customers that they would “adopt seven key digital security practices within a year.” Cable says he is seeing “significant impacts across the internet ecosystem,” and that the progress has exceeded expectations.” He has pointed out “Microsoft’s expansion of multi-factor authentication, Google’s improvements to secure code development and Fortinet’s new requirement that customers receive automatic security updates” as examples.
Huge thanks to our sponsor, ThreatLocker
To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com.
Hackers using ZIP file concatenation to evade detection
This new technique was identified by researchers at Perception Point, who “discovered a concatenated ZIP archive hiding a trojan while analyzing a phishing attack that lured users with a fake shipping notice.” In essence, threat actors “create two or more separate ZIP archives and hide the malicious payload in one of them, leaving the rest with innocuous content. The separate files are concatenated into one by appending the binary data of one file to the other, merging their contents into one combined ZIP archive. Although the final result appears as one file, it contains multiple ZIP structures, each with its own central directory and end markers.” This allows the malware to bypass security solutions.
Windows 11 will add a Share button to Start menu and Taskbar
In case customers feel they do not already have enough ways to share files, links, or text, a button will soon be available to allow everyone to share via email, to nearby devices, or installed apps like X. This is largely because not all apps have this option individually. This feature is still being tested in preview builds, and there is no confirmed deadline for the release of this feature.
New version of Remcos RAT appears
According to researchers at Fortinet, this new variant of the commercial malware Remcos RAT. Remcos itself is a legitimate remote administration tool that allows regular users to operate other computers remotely. Threat actors, however, use its technology for more malicious activities. In this situation, victims receive a phishing message containing a malicious Excel document disguised as a purchase order. This Excel file accesses a shortened URL that redirects to a specific IP address, and the process unfolds from there. The malicious code maintains persistence by adding a new auto-run item to the system registry.
DNA firm holding highly sensitive data vanishes without warning
Atlas Biomed is a company based in London, England, and which offered to provide insights into people’s genetic makeup and predisposition to certain illnesses. It has recently ceased operations “without telling its customers what has happened to the highly sensitive data they shared with it.” All activity, including on social media has ceased and its London office stands empty. The company has links to Russia. It used to have 8 official positions, although according to the BBC, four of its officers have resigned, and the two apparently remaining officers are listed at the same address in Moscow – as is a Russian billionaire, who is described as a now resigned director.
(BBC News)