Weekly Cybersecurity Report | Week 9, 2024

As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.

Weekly Cybersecurity Report | Week 9, 2024

1 – A cyber-attack on the company Change Healthcare causes extensive disruptions in various pharmacies and medical institutions throughout the USA. 

Change Healthcare is a major provider of systems that connect medical institutions, patients, insurance companies, the Ministry of Health and more, the company has access to medical information of about a third of US citizens and processes billions of medical transactions per year. 

Following the cyber-attack experienced by the company, it had to disable a large part of the computer systems as well as systems that serve the company’s customers. 

As a result of the shutdown, pharmacies report being unable to approve prescriptions with insurance companies, lack of access to patient records, and more. 

2 – The BMW company reports: sensitive information of the company was leaked due to a faulty configuration of a cloud server. 

An AVTM researcher from SocRadar identified the exposed server as containing sensitive information such as private keys for cloud services, identification data for production environments, and more. 

The researcher reported to BMW about the server, and they rushed to turn the server from public to private, however, according to the researcher, BMW did not change all the keys and passwords that were exposed for an unknown amount of time. 

3 – Hackers from Russia broke into several news sites in Ukraine and published fake articles about the defeat of Ukrainian forces in the battles between the parties. 

Some of the websites that were attacked operate automatic systems for distributing articles on social networks so that the fake articles were even published under the official accounts on Twitter, etc. 

Among the websites affected – Pravda and Liga. 

4 – Washington County, Pennsylvania reports: We paid hackers from Russia $350,000 in ransom after they disabled all computer systems in the county. 

The attorney for the district explained that the attack was detected on 19.1.24 and a few days later, on 25.1, the district received an alert from the US Cyber and Infrastructure Protection Agency to disconnect all servers from the Internet. 

On 5.2.24 the response team hired by the district confirmed that the attackers managed to steal a lot of information, including sensitive information and on 6.2.24 a vote was held in the district in which it was decided to pay the ransom. 

To make the payment, the district hired the services of a crypto company from Chicago, and they transferred $346,687 to the attackers (and took a commission of $19,313). 

5 – Cyber-attack on ETISALAT by LockBit Ransomware 

Emirates Telecommunications Group PJSC in the United Arab Emirates is facing a ransomware attack attributed to the notorious LockBit ransomware faction. 

The ransom gang took responsibility for the cyber-attack on ETISALAT, which successfully breached the company’s systems. They are now demanding $100,000 for the return of the stolen data and set a deadline of April 17. 

Learn more: https://thecyberexpress.com/cyberattack-on-etisalat-lockbit-demands-ransom/amp/ 

6 – American cyber-attack against an Iranian spy ship, which passed information to the Houthis 

The NBC network reported yesterday (Thursday) that the US carried out a cyber-attack against an Iranian military ship. According to three American officials, the cyber-attack was about a week ago, while the ship was collecting information on cargo ships in the Red Sea and the Gulf of Aden. 

The purpose of the cyber-attack was to inhibit the spy ship’s ability to share information with the Houthi rebels from Yemen – who during the war in Gaza attack commercial ships in the Red Sea 

According to the American officials who spoke to NBC, Iran is using the spy ship to provide the Houthis with information that will make their attacks more effective. One of the sources said that the ship’s name is MV Behshad 

7 – The LockBit ransomware was shut down by the global police operation 

Law enforcement agencies from 11 countries have disrupted the notorious LockBit ransomware in a joint operation known as ‘Operation Cronos’. 

According to a banner displayed on the LockBit data leak site, the site is now under the control of the UK’s National Enforcement Agency. 

“The site is now under the control of law enforcement. This site is now under the control of the UK’s National Crime Agency, working closely with the FBI and the international law enforcement task force, Operation Cronos,” the banner read. 

Learn more: https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupte 

8 – Russian hackers hit mail servers in Europe for political and military intelligence 

A Russian-linked actor, TAG-70, accessed mail servers in Ukraine, Georgia, and Poland to gather intelligence on political and military activities in Europe, particularly related to Ukraine’s war efforts. 

Learn more: https://www.hackread.com/russian-hackers-mail-servers-europe-intel/#google_vignetted-by-global-police-operation/ 

 

The attacks highlighted in this report aren’t just incidents; they’re blueprints of the adversary’s arsenal. To protect your business you need the right protection. Cyberone is here to help! Check out our services.