SAN MATEO, CA, June 6, 2022 — Cybersecurity news weekly roundup. Stories, news, politics and events impacting the network security industry during the last week. Brought to you by NetworkTigers.
- Pharma company Novartis hacked
- Evil Corp gang uses LockBit ransomware
- FluBot malware network dismantled
- New Clipminer malware steals crypto
- FBI blocked cyberattack targeting children’s hospital
- Twice as many healthcare organizations choose to pay ransom
- Anonymous claims credit for Belarus hacks
- “Follina” bug compromises Microsoft Office
- Social engineering is favored tactic for financial org hacks
- CISA releases 5G security check
Pharma company Novartis hacked
Novartis, a major pharmaceutical company, has been hacked by a data extortion gang known as Industrial Spy. Industrial Spy has put Novartis’ data, in the form of 7.7 MB of PDF files, up for sale on their Tor marketplace with a price of $500,000 in Bitcoin. Novartis has stated that they are aware of the incident and that no sensitive information was breached in the attack. Read more.
Evil Corp gang uses LockBit ransomware
The Evil Corp cybercrime gang, in an effort to evade sanctions from US authorities, has begun to use LockBit in their ransomware schemes. Experts believe that this switch may be partly to allow Evil Corp to continue operations without using a proprietary piece of malware that may lead authorities to them. It is also considered that this switch might be allowing Evil Corp the ability to develop their own RaaS software while still continuing to pull in money from scams. Read more.
FluBot malware network dismantled
FluBot, a piece of malware that has been plaguing Android devices since 2020, has been in the crosshairs of international authorities who have just taken down the malware’s network, rendering it inactive. FluBot was spread via text messages that purported to send Android users to a package tracking service or voicemail, but instead installed the FluBot trojan on their device. The trojan would then send similar messages to all of the user’s contacts. Read more.
New Clipminer malware steals crypto
Clipminer, a newly discovered malware operation, uses its trojan of the same name to mine for crypto on infected machines, hijack transactions and steal wallets. The malware has been spreading via YouTube videos, P2P networks and torrent indexers. The malware has allowed its purveyors to bring in $1.7 million in stolen funds. Read more.
FBI blocked cyberattack targeting children’s hospital
According to a statement from the director of the FBI, last year the organization thwarted Iranian cybercriminals in their effort to hack Boston Children’s Hospital. The planned attack is said to have had the capability to disrupt the hospital’s operations and potentially seriously affect the patients under the facility’s care. Read more.
Twice as many healthcare organizations choose to pay ransom
According to data from Sophos, healthcare organizations experienced a 94% increase in ransomware attacks in 2021. Last year also saw 61% choose to pay a ransom to release their system as opposed to 34% in 2020. It is unknown if the increase in attacks has simply inflated the numbers or the willingness of healthcare organizations to bend to the will of their attackers has made them more popular targets. Read more.
Anonymous claims credit for Belarus hacks
Belarus government websites were taken offline by Anonymous, according to a hacker associated with the group. Belarus has been in the crosshairs of the hacktivist group due to the country’s support of Russia’s invasion of Ukraine. The websites are back online, however, and it does not seem as though the takedowns have created any long term damage or disruption. Read more.
“Follina” bug compromises Microsoft Office
A zero-day exploit has been found within Microsoft Office that can give an unauthorized user the ability to run malicious code on a victim’s computer. The bug, named Follina, uses the remote template feature in Microsoft Word and is able to bypass Microsoft’s Defender AV scanner. It is not known if this eploiut has been used yet in the wild. Read more.
Social engineering is favored tactic for financial org hacks
According to a report from ZeroFox, social engineering is the number one tactic employed by hackers seeking to infiltrate the networks of financial organizations. Social engineering is the manipulation of a human employee in order to gain login credentials or access to protected data. Hackers have been known to use humanitarian crises, such as the invasion of Ukraine, to create narratives that encourage people to provide the information they need. Read more.
CISA releases 5G security check
CISA has created a five-step plan that can be implemented in order to help organizations remain secure while deploying 5G apps. The report also mentions security considerations that people may not be aware of when moving to 5G. In spite of 5G being more secure, the complexity of the transition may allow vulnerabilities and security gaps to appear. Read more.