GlobalSign Blog

Cybersecurity News Round-Up: Week of July 11, 2022

Cybersecurity News Round-Up: Week of July 11, 2022

Hello and welcome back to our weekly blog! 

We begin with a story that hearkens back to one of the first auto-related cyber nightmare scenarios, the 2015 hacking of Wired editor Andy Greenberg's Jeep. While he was on the highway no less. 

Fast-forward eight years, Honda says it is technically possible for hackers to unlock car doors and start engines remotely on some of its models. This comes after two researchers revealed last weekend they discovered a security bug in the rolling codes mechanism of the remote keyless system of Honda vehicles. The bug enabled them to open car doors without the key fob present. Despite this, Honda wants to reassure customers that, with the kind of attack scenario applied in this case, (continuous close-proximity signal capture of multiple sequential RF transmissions) cars cannot be used to drive away. 

Another high profile story this week was in France, where unidentified hackers attempted to trick European Central Bank President Christine Lagarde into allowing them to open a messaging app account in her name -- by posing as former German chancellor Angela Merkel. Fortunately the matter was quickly resolved and no information was compromised. 

Also in France, telecoms operator La Poste Mobile alerted customers that their data may have been compromised in a ransomware attack on July 4. It is believed that the LockBit ransomware group is responsible. A week later, La Poste Mobile's website was still offline and visitors were being greeted by a statement telling customers to be wary of targeted cyber-attacks. 

Microsoft this week warned users that more than 10,000 organizations are being targeted in a wide-scale phishing campaign involving adversary-in-the-middle (AiTM) phishing sites to steal credentials. The attackers have been hijacking sign-in sessions to bypass authentication even with multifactor authentication (MFA) enabled. Microsoft researchers say the attacks begin contacting potential victims via email with messages that include an HTML file attachment, but to multiple recipients in different organizations. The messages claim that recipients have a voicemail message and must click on the attachment to access it or it will be deleted in 24 hours.

Also this week, the U.S. government announced that White House appropriators have completed marking up a dozen spending bills for fiscal 2023 that would altogether provide at least $15.6 billion for cybersecurity efforts across federal departments and agencies. The largest chunk of cybersecurity spending, $11.2 billion, would go to the Defense Department, followed by $2.9 billion for the Cybersecurity and Infrastructure Security Agency, or CISA. 

Bleeping Computer says the ALPHV/BlackCat ransomware operation recently created a searchable database on leak sites to make it easier for cybercriminals to find victims or even specific details. They are using the new strategy to force victim companies to pay threat actors in hopes they stolen data will not be leaked. 

Finally, TechCrunch says this year's biggest data breaches could stem from an attack on a debt collection firm that serves hundreds of hospitals and medical facilities across the United States. The Colorado-based Professional Finance Company, known as PFC, disclosed on July 1 that it had been hit by ransomware in February. In its data breach notice, PFC said that more than 650 healthcare providers are affected by the incident. Attackers stole patient names, addresses, their outstanding balance and information relating to their account, and in “some cases” dates of birth, Social Security numbers and health insurance and medical treatment information.

That's a wrap for now. Please visit our site next week for the latest in cybersecurity news!

Top Global Security Stories 

Security Week (July 13, 2022) Honda Admits Hackers Could Unlock Car Doors, Start Engines

Honda has confirmed that researchers were indeed able to hack the remote keyless entry system of certain Honda vehicles to unlock the doors and start the engine.

Over the weekend, security researchers Kevin2600 and Wesley Li from Star-V Lab published information on a security bug they identified in the rolling codes mechanism of the remote keyless system of Honda vehicles, which allowed them to open car doors without the key fob present.

When sending a signal to unlock the car doors, the remote key fob also transmits a code that the car verifies against a database, and performs the required action only if the check passes. Older vehicles used static codes for this process, but these were found inherently vulnerable: an attacker within proximity of the car could capture them and replay them later to unlock the vehicle.

READ MORE 

TechCrunch (July 13, 2022) A ransomware attack on a debt collection firm could be one of 2022’s biggest health data breaches

A ransomware attack on a little-known debt collection firm that serves hundreds of hospitals and medical facilities across the U.S. could be one of the biggest data breaches of personal and health information this year.

The Colorado-based Professional Finance Company, known as PFC, which contracts with “thousands” of organizations to process customer and patient unpaid bills and outstanding balances, disclosed on July 1 that it had been hit by ransomware months earlier in February.

PFC said in its data breach notice that more than 650 healthcare providers are affected by its ransomware attack, adding that the attackers took patient names, addresses, their outstanding balance and information relating to their account. PFC said that in “some cases” dates of birth, Social Security numbers and health insurance and medical treatment information were also taken by the attackers.

READ MORE 

Security Week (July 14, 2022) Microsoft: 10,000 Organizations Targeted in Large-Scale Phishing Campaign

Microsoft has warned users about a large-scale phishing campaign that has been targeting over 10,000 organizations to perform follow-on business email compromise (BEC).

As part of the campaign, the attackers have been using adversary-in-the-middle (AiTM) phishing sites to steal credentials, and have been hijacking sign-in sessions to bypass authentication even with multifactor authentication (MFA) enabled.

AiTM is a phishing technique in which the attackers deploy a proxy webserver between the user and the site they are trying to sign in to, to intercept the user’s credentials and their session cookie, which enables the user to remain authenticated to the site.

READ MORE 

Reuters (July 12, 2022) Hackers posing as Merkel target ECB's Lagarde - German source

Unidentified hackers attempted to trick European Central Bank President Christine Lagarde into letting them open a messaging app account in her name by posing as former German chancellor Angela Merkel, a German source said on Tuesday.

The plot was quickly foiled without any information being compromised, an ECB spokesperson said.

"We can confirm that there was an attempted cyber incident recently involving the president," the ECB spokesperson said. "It was identified and halted quickly. No information was compromised. We have nothing more to say as an investigation is ongoing."

READ MORE 

GovTech (July 12, 2022) White House appropriators OK $15.6B in Cybersecurity Funding

White House appropriators in June finished marking up a dozen spending bills for fiscal 2023 that would altogether provide at least $15.6 billion for cybersecurity efforts across federal departments and agencies. The largest chunk of cybersecurity spending, $11.2 billion, would go to the Defense Department, followed by $2.9 billion for the Cybersecurity and Infrastructure Security Agency, or CISA. CISA would get $417 million more than the White House requested, and the Pentagon appropriations would match the administration’s request.

Increases in cybersecurity funding come as the Biden administration focuses on boosting preventive measures, improving information sharing between government agencies and private sector companies, and pushing agencies to adopt a so-called zero-trust posture that assumes anyone accessing a computer network could be a threat. The measures follow dramatic cyber attacks in late 2020 and early 2021 that left hundreds of top U.S. companies and a dozen federal departments and agencies scrambling to protect themselves.

READ MORE 

InfoSecurity (July 11, 2022) Ransomware Attack Hits French Telecoms Firm

French telecoms operator La Poste Mobile has alerted customers that their data may have been compromised in a ransomware attack that targeted the company’s administrative and management systems on July 4.  

The attack, believed to have been carried out by the LockBit ransomware group, took the company’s systems offline as it attempted to minimize damage. Seven days later, its website is still offline and visitors are greeted by a statement in French telling customers to be wary of targeted cyber-attacks. 

“Our initial analysis shows that our servers, which are essential to the operation of your mobile line, have been well protected. However, it is possible that files on the computers of La Poste Mobile employees have been affected. Some of these files may contain personal data,” said the statement.

READ MORE 

Bleeping Computer (July 11, 2022) Ransomware gang now lets you search their stolen data

Two ransomware gangs and a data extortion group have adopted a new strategy to force victim companies to pay threat actors to not leak stolen data. The new tactic consists in adding a search function on the leak site to make it easier to find victims or even specific details. At least two ransomware operations and a data extortion gang have adopted the strategy recently and more threat actors are likely to do the same.

Last week, the ALPHV/BlackCat ransomware operation announced that they created a searchable database with leaks from non-paying victims. The hackers made it clear that the repositories have been indexed and the search works when looking for information by filename or by content available in documents and images. The results are pulled from the “Collections” part of BlackCat’s leak site and may not have the best accuracy but it is still an evolution of the cybercriminal’s extortion strategy.

BlackCat ransomware operators claim that they do this to make it easier for other cybercriminals to find passwords or confidential information about companies.

The gang already tried this strategy in mid-June, when they created a searchable site with data allegedly stolen in an attack at a hotel and spa in Oregon. The site allowed guests at the spa locations and employees to check if their personal information had been stolen during the ransomware attack.

READ MORE 

Other Thought Provoking Stories 

Bandai Namco Hack Has Been Confirmed — Who is Responsible? - ITechPost

Fake Job Offer Hack Leads to $540M Loss for Axie Infinity - Secure World

Ex-CIA engineer convicted of massive Vault7 data leak that exposed agency secrets on WikiLeaks - Computing 

European Police Aim to Keep Young Hackers From Slipping Into Cybercrime - Wall Street Journal PRO (requires subscription)

Cyberattacks against law enforcement are on the rise - HelpNetSecurity 

Healthcare Orgs Struggle With IIoT, OT Security Project Implementation - HealthITSecurity

LatAm in Focus: Cyber Attacks in Costa Rica Expose a Regional Threat - AS/COA

Defending Aircraft Networks Against Cybersecurity Breaches - Tripwire.com

Customer.io Email Data Breach Larger Than Just OpenSea - BankInfoSecurity 

Brazen crooks are now posing as cybersecurity companies to trick you into installing malware - ZDNet 

Nearly all organizations reported having a failed IIoT/OT security project - SCMedia 

Share this Post

Related Blogs