Cybersecurity News Round-Up: Week of August 8, 2022

Cybersecurity News Round-Up: Week of August 8, 2022

Welcome back to our blog! It’s been yet another fascinating week in cybersecurity. 

We begin in China, where a hacker has claimed to have stolen the personal information of nearly 49 million users of Shanghai’s Covid app. In a post on Wednesday to Breach Forums, a hacker with the alias “XJP” stated “This DB (database) contains everyone who lives in or visited Shanghai since Suishenma’s adoption,” and provided a sample of the data including the phone numbers, names and Chinese identification numbers and health code status of 47 people. Reuters contacted eleven of the 47 people. Only two said their identification numbers were wrong.

In the UK, the National Health System has been dealing with a serious security incident after an attack last Thursday against a key service provider. According to The Guardian “at least nine NHS mental health trusts have been affected by the outage, reducing their access to patients’ records.” The story goes on to say that “The cyber-attack targeted systems used to refer patients for care, including ambulances being dispatched, out-of-hours appointment bookings, triage, out-of-hours care, emergency prescriptions and safety alerts. It also targeted the finance system used by the trust.” 

Also in Europe, a massive attack hit the website of the German Chambers of Industry and Commerce (DIHK) forcing the organization to shut down its IT systems as a precautionary measure for security reasons. As of earlier this week, the DIHK said it was only relying on phone and fax for communications. Michael Bergmann, chief executive of DIHK, defined the attack as serious and massive, it also added that the organization was not able to estimate how long its systems will be down.

On Wednesday, networking giant Cisco released details about a breach that occurred in May. While the cybercriminals responsible for the May 24th incident stole some information, the company says the business wasn’t impacted. According to Dark Reading “[W]e took immediate action to contain and eradicate the bad actors, remediate the impact of the incident, and further harden our IT environment,” a company spokesman said in the statement sent to Dark Reading. “No ransomware has been observed or deployed and Cisco has successfully blocked attempts to access Cisco’s network since discovering the incident.”

Talk about painful! Security firm Sophos this week said that an un-named an automotive supplier had its systems breached and files encrypted by three different ransomware gangs over two weeks in May, two of the attacks happening within just two hours. While dual ransomware attacks are increasingly common, “this is the first incident we’ve seen where three separate ransomware actors used the same point of entry to attack a single organization,” Sophos X-Ops incident responders said in a report published Wednesday.

A group of 18 tech and cyber companies announced they are building a common data standard for sharing cybersecurity information. They aim to fix a problem for corporate security chiefs who say that cyber products often don’t integrate, making it hard to fully assess hacking threats. The effort is led by Amazon.com Inc.’s AWS cloud business, cybersecurity company Splunk Inc. and International Business Machines Corp.’s security unit.

Cloudflare revealed a “targeted phishing attack” against at least 76 employees and their family members. The incident was very similar to a recent phishing attack against customer engagement platform Twilio. The attack at Cloudflare came from four phone numbers associated with T-Mobile-issued SIM cards but was ultimately unsuccessful. The text messages pointed to a seemingly legitimate domain containing the keywords “Cloudflare” and “Okta” in an attempt to deceive the employees into handing over their credentials.

That’s all for this week. Stop by our blog next week for the latest in cybersecurity news! 

Top Global Security News

Reuters (August 12, 2022) Hacker offers to sell data of 48.5 million users of Shanghai’s COVID app

A hacker has claimed to have obtained the personal information of 48.5 million users of a COVID health code mobile app run by the city of Shanghai, the second claim of a breach of the Chinese financial hub’s data in just over a month.

The hacker with the username as “XJP” posted an offer to sell the data for $4,000 on the hacker forum Breach Forums on Wednesday.

The hacker provided a sample of the data including the phone numbers, names and Chinese identification numbers and health code status of 47 people.

READ MORE 

Security Week (August 11, 2022) Cybercriminals Breached Cisco Systems and Stole Data 

Profit-driven cybercriminals breached Cisco systems in May and stole gigabytes of information, but the networking giant says the incident did not impact its business.

Cisco on Wednesday released a security incident notice and a technical blog post detailing the breach. The intrusion was detected on May 24, but the company shared its side of the story now, shortly after the cybercriminals published a list of files allegedly stolen from its systems.

According to Cisco, the attacker targeted one of its employees and only managed to steal files stored in a Box folder associated with that employee’s account, as well as employee authentication data from Active Directory. The company claims the information stored in the Box folder was not sensitive.

READ MORE 

The Hacker News (August 10, 2022) Hackers Behind Twilio Breach Also Targeted Cloudflare Employees

Web infrastructure company Cloudflare on Tuesday disclosed at least 76 employees and their family members received text messages on their personal and work phones bearing similar characteristics as that of the sophisticated phishing attack against Twilio.

The attack, which transpired around the same time Twilio was targeted, came from four phone numbers associated with T-Mobile-issued SIM cards and was ultimately unsuccessful.

The text messages pointed to a seemingly legitimate domain containing the keywords “Cloudflare” and “Okta” in an attempt to deceive the employees into handing over their credentials.

READ MORE 

Bleeping Computer (August 10, 2022) Automotive supplier breached by 3 ransomware gangs in 2 weeks

An automotive supplier had its systems breached and files encrypted by three different ransomware gangs over two weeks in May, two of the attacks happening within just two hours.

The attacks followed an initial breach of the company’s systems by a likely initial access broker (IAB) in December 2021, who exploited a firewall misconfiguration to breach the domain controller server using a Remote Desktop Protocol (RDP) connection. 

While dual ransomware attacks are increasingly common, “this is the first incident we’ve seen where three separate ransomware actors used the same point of entry to attack a single organization,” Sophos X-Ops incident responders said in a report published Wednesday.

READ MORE 

Wall Street Journal (August 10, 2022) Tech, Cyber Companies Launch Security Standard to Monitor Hacking Attempts 

A group of 18 tech and cyber companies said Wednesday they are building a common data standard for sharing cybersecurity information. They aim to fix a problem for corporate security chiefs who say that cyber products often don’t integrate, making it hard to fully assess hacking threats.

Amazon. com Inc.’s AWS cloud business, cybersecurity company Splunk Inc. and International Business Machines Corp.’s security unit, among others, launched the Open Cybersecurity Schema Framework, or OCSF, Wednesday at the Black Hat USA cybersecurity conference in Las Vegas.

Other companies involved in the initiative are CrowdStrike Holdings Inc., Rapid7 Inc., Palo Alto Networks Inc., Cloudflare Inc., DTEX Systems Inc., IronNet Inc., JupiterOne Inc., Okta Inc., Salesforce Inc., Securonix Inc., Sumo Logic Inc., Tanium Inc., Zscaler Inc. and Trend Micro Inc.

READ MORE (subscription required)

DataBreachToday (August 8, 2022) Cyberattack on NHS Vendor Already Offering Critical Lessons

A notice on the NHS Oxford Health website is warning the public of service problems linked to the 111 software outage.
The U.K. urgent healthcare helpline is in its fourth day of degraded service following a Thursday cyberattack against a key service provider.

The outage stems from Birmingham software vendor Advanced, which contracts with the British government to provide digital services for the NHS 111. The outage is expected to last at least until Tuesday at the earliest, reports U.K. news site Metro.

The incident, which forced the NHS to fall back on deploying its various business continuity processes, serves as a reminder for the healthcare sector to be prepared to deal with its own cybersecurity surprises and also with highly disruptive incidents involving critical third parties.

READ MORE 

Security Affairs (August 7, 2022) Serious cyberattack hits German Chambers of Industry and Commerce 

A massive attack hit the website of the German Chambers of Industry and Commerce (DIHK) forcing the organization to shut down its IT systems as a precautionary measure for security reasons. 

“Due to a possible cyber attack, the IHK organization has shut down its IT systems as a precautionary measure for security reasons . We are currently working intensively on a solution and defense. The IT systems are successively started up after testing, so that the services are then available again for companies.” reads the announcement published by the German Chambers of Industry and Commerce (DIHK).

DIHK states that phone and fax are the only channels to use to contact it.

Michael Bergmann, chief executive of DIHK, defined the attack as serious and massive, it also added that the organization was not able to estimate how long its systems will be down.

READ MORE 

Other Thought-Provoking News

U.S. Government Offers $10 Million Reward for Information on Conti Ransomware Gang – The Hacker News

GitHub Moves to Guard Open Source Against Supply Chain Attacks – Wired 

Twitter breach exposes anonymous accounts to nation state hackers – Cyberscoop 

What if the onus of medical device security were shifted to manufacturers? – SC Media 

Stolen Data Gives Attackers Advantage Against Text-Based 2FA – Dark Reading

Transit Is Seeing More Cyber Threats, Many Agencies Aren’t Ready – GovTech

Attackers abuse open redirects in Snapchat and Amex in phishing attacks – Security Affairs 

Number of Ransomware Attacks on Industrial Orgs Drops Following Conti Shutdown – Security Week 

Share this Post

*** This is a Security Bloggers Network syndicated blog from Blog Feed authored by Blog Feed. Read the original post at: https://www.globalsign.com/en/blog/cybersecurity-news-round-week-august-8-2022