Romanian energy giant battles ongoing attack
A cyberattack is in progress—that’s the note investors for the Electrica Group received on Monday. Electrica Group provides energy to more than 3.8 million customers in Romania and is considered one of the most important energy service companies in the country. Providing limited details, a statement from the company’s CEO said they are working to resolve the issue and identify the source of the attack. While not confirmed, the attack is believed to be tied to ransomware. The statement went on to say that critical systems have not been affected, but customers may notice disruptions in service that were purposely implemented to protect internal infrastructure. Some are speculating Russia may have had a hand in the attack after Romania blamed pro-Russian hackers last week for interfering in their presidential election, ultimately forcing the country to annul the results.
Ransomware disrupts medical device maker
Medical device maker Artivion reports they are still working to restore systems following a November ransomware attack that encrypted files and disrupted order, shipping, and corporate operations. The medical device company, which makes and distributes aortic-centric cardiac and vascular medical products—think mechanical human heart valves and stent grafts to over 100 countries—said the attack has caused disruptions to some order and shipping processes, though the company has largely mitigated most disruptions. As of this recording, no ransomware group has claimed responsibility for the attack.
Deloitte responds to data theft claims
Deloitte has responded to ransomware group Brain Cipher’s claims of stealing over one terabyte of data, stating the incident involves a single client’s system outside Deloitte’s network. Brain Cipher, known for using LockBit-based malware, is threatening to release the data in five days unless a ransom is paid. This marks the second hacking claim against Deloitte recently, following IntelBroker’s allegations in September, which the company said had limited impact.
OpenWrt warns of critical vulnerabilities
OpenWrt is urging users to upgrade their firmware immediately following the discovery of critical vulnerabilities in its Attended SysUpgrade (ASU) service. The flaws, tracked as CVE-2024-54143, involve a command injection bug and truncated SHA-256 hashes, potentially allowing attackers to deliver compromised firmware images signed with legitimate keys. While no official OpenWrt images or verified custom builds were found to be affected, the project warns that older builds could remain vulnerable.
(The Register), (Security Week)
Thanks to today’s episode sponsor, ThreatLocker
ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team.
To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com.
New Salt Typhoon details emerge
The Salt Typhoon campaign saga continues as White House cyber and emerging tech lead Anne Neuberger spoke at a conference over the weekend, saying the Chinese cyberspies recorded “very senior” US political figures as well as stealing private communications. While she did not disclose who exactly those very senior officials may be, she did confirm that eight US telecom providers were compromised in the attack, along with organizations in dozens of other countries. These revelations come as the Senate prepares to scrutinize threats to American telecom networks in an upcoming hearing, with Salt Typhoon and China’s broader cyber agenda expected to dominate discussions.
Black Basta evolves strategy
The Black Basta ransomware group has shifted tactics, using social engineering methods like email bombing, impersonating IT staff, and distributing malicious payloads such as Zbot and DarkGate to gain initial access. Once victims install remote access tools like AnyDesk or TeamViewer, attackers deploy malware to harvest credentials, steal VPN configurations, and bypass MFA protections, facilitating deeper infiltration. The shift showcases the ransomware groups move from purely botnet-reliant approaches to a hybrid model that integrates social engineering.
Airbnb fraud center arrests
Putting Airbnbs to a new use as fraud centers, Belgian and Dutch authorities arrested eight members of an international cybercrime network involved in phishing, online fraud, and money laundering. Operating out of Airbnbs in Belgium and the Netherlands, the suspects targeted victims across Europe, stealing millions of euros through fake bank schemes and fraudulent door-to-door approaches. During 17 searches, authorities seized luxury items, cash, and electronic devices.
New report showcases risks to U.S. critical infrastructure
A report from Fortress reveals thousands of vulnerabilities in software powering U.S. critical infrastructure, with 25% of components and 90% of products containing China-developed code, which is more likely to have vulnerabilities. Researchers identified over 9,000 unique vulnerabilities, including 855 highly exploitable ones, and found 20 components responsible for 80% of critical risks. According to the report, the most common dependencies were the Linux kernel, zlib (a compression library), and OpenSSL (an open-source cryptographic library).