Hello and welcome to GlobalSign's weekly cybersecurity wrap-up. Here's the latest...
The cybercriminal gang Lapsus$ continues to make itself known with yet another big hack. The latest victim is software development company Globant. Late Wednesday the company confirmed reports it was indeed impacted by Lapsus$. So far, the company is activating its security protocols and "conducting an exhaustive investigation". As a direct result of the hack, Globant's stocks tumbled on Wednesday. For an updated list of all the incidents Lapsus$ is linked to, check out this MSSP Alert article.
The other major story this week is a crypto heist for more than $600 million. In what may be the largest crypto hack in history, a cyber criminal has stolen almost $620 million in Ethereum and USDC tokens from Axie Infinity's Ronin network bridge. The attack occurred on March 23rd, but Sky Mavis learned about days later when a user tried to withdraw 5,000 Ethereum from the bridge and was unable to do so.
Law enforcement worldwide is doing its best to keep up with those pesky cybercriminals, especially the U.S. Federal Bureau of Investigation (FBI). Here's a breakdown of their activity as of late:
- On Thursday, it announced 65 people were arrested in 'Operation Eagle Sweep'. The operation's goal was to break up what is described a major businesses email compromise (BEC) scheme which has cost victims millions of dollars. The FBI has been collaborating with law enforcement officials worldwide on this effort. Operation Eagle Sweep has netted 65 arrests in the US along with 12 in Nigeria, eight in South Africa, two in Canada and one in Cambodia.
- Earlier in the week the FBI issued a statement regarding a newly discovered phishing campaign that targeted election officials last year. The FBI says the attackers sought to steal login credentials and could have had “sustained, undetected” access to election administrators’ systems." As the 2022 midterm elections approach, the FBI is concerned these phishing attacks could increase.
- The FBI has also recently issued guidance on Triton malware, which has been targeting energy firms. Also known as Trisis and HatMan, Triton is designed to "cause physical safety systems to cease operating or to operate in an unsafe manner," according to the FBI's Private Industry Notification (PIN 20220324-001).
A story this week in HealthIT Security highlights how health plans and clinics are increasingly a target of attackers. A recent report by Critical Insight found that "breaches reported to the U.S. Department of Health and Human Services by healthcare organizations shows the total number of breaches and the total number of records of protected health information (PHI) exposed hit all time highs in 2021."
Given the massive number of cyber attacks on the healthcare sector, the US government may create additional cybersecurity protections. A new bill, the Healthcare Cybersecurity Act (S.3904), has been proposed by two US senators following increased concerns around Russian-based cyber threats. One of the bill sponsors, Louisiana Senator Bill Cassidy, says it "protects patients’ data and public health by strengthening our resilience to cyber warfare.”
Finally, a new report from Netscout revealed that cybercriminals launched nearly 10 million Distributed Denial of Service (DDoS) attacks in 2021. Of those, approximately 4.4 million attacks occurred in the second half of last year. The attacks represent a slight drop from previous highs, but still 14% above pre-pandemic levels.
That's all for this week. Have a great weekend!
Top Global Security News
Recorded Future (March 30, 2022) Globant confirms reports of breach after Lapsus$ shares 70GB of stolen files
Multibillion-dollar software development company Globant has confirmed reports that their systems were breached and that someone gained access to the company’s code repository.
In a statement on Wednesday afternoon, Globant said they recently detected that a “limited section” of their code repository was accessed.
“We have activated our security protocols and are conducting an exhaustive investigation. According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients,” the Luxembourg-based company said.
Bleeping Computer (March 29, 2022) $620 million in crypto stolen from Axie Infinity's Ronin bridge
A hacker has stolen almost $620 million in Ethereum and USDC tokens from Axie Infinity's Ronin network bridge, making it possibly the largest crypto hack in history. Ronin is an Ethereum sidechain created by Sky Mavis to faciliate transactions for the Axie Infinity game, with the bridge acting as a way to transfer ERC-20 tokens between the Ethereum and Ronin blockchains.
Today, Sky Mavis disclosed that a threat actor hacked the Ronin bridge and stole 173,600 Ethereum and 25.5M USDC tokens in two transactions [1 and 2], worth $617 million at today's prices.
While the Ronin sidechain uses 9 validator nodes to confirm transactions, the threat actor was able to gain controler over five of the validator signatures needed to withdraw cryptocurrency from the bridge.
The attack occurred almost a week ago, on March 23rd, but Sky Mavis only learned about it today when a user tried to withdraw 5,000 Ethereum from the bridge and was unable to do so.
Cyberscoop (March 29, 2022) Coordinated phishing campaign targeted election officials in nine states, according to FBI
An invoice-themed phishing campaign targeted elections officials in at least nine states in October 2021, according to a warning the FBI issued Tuesday.
The attackers sought to steal login credentials and could have had “sustained, undetected” access to election administrators’ systems, the notice said.
The emails — sent in batches on at least three separate days — “shared similar attachment files, used compromised email addresses, and were sent close in time, suggesting a concerted effort to target US election officials,” the notice reads.
It’s unclear whether any of the phishing attacks were successful. The FBI did not immediately respond to a request for comment. “The FBI judges cyber actors will likely continue or increase their targeting of US election officials with phishing campaigns in the lead-up to the 2022 midterm elections,” the notice reads.
HealthITSecurity (March 29, 2022) Health Plans, Laboratories, Health Departments Hit by Healthcare Data Breaches
Healthcare data breaches continue to impact hospitals and health systems, but cyberattacks at health plans and specialty clinics are also increasing as threat actors set their sights on smaller and less obvious targets.
A recent report by Critical Insight found that cyberattacks targeted at health plans and third-party business associates increased last year, while attacks against healthcare providers dipped slightly.
Some of the most recent healthcare data breach disclosures, outlined below, exemplify the wide variety of organization types that are facing data breaches and cyberattacks.
Dark Reading (March 28, 2022) Triton Malware Still Targeting Energy Firms
The global energy sector needs to stay alert for Triton malware, the Federal Bureau of Investigation said in a recent warning.
Triton (also known as Trisis and HatMan) is designed to "cause physical safety systems to cease operating or to operate in an unsafe manner," the FBI says in its Private Industry Notification (PIN 20220324-001). The malware was used in a cyberattack in 2017 against a Middle East petrochemical facility. The Russian Central Scientific Research Institute of Chemistry and Mechanics (TsNIIkhM), a Russian government-backed research institution, is believed to have carried out the attack, and last week the United States Department of Justice unsealed an indictment against a Russian national and a TsNIIkhM employee involved in that attack.
HelpNetSecurity (March 28, 2022) Cybercriminals launched 9.75 million DDoS attacks in 2021
During the second half of 2021, cybercriminals launched approximately 4.4 million Distributed Denial of Service (DDoS) attacks, bringing the total number of DDoS attacks in 2021 to 9.75 million, a NETSCOUT report reveals. These attacks represent a 3% decrease from the record number set during the height of the pandemic but continue at a pace that’s 14% above pre-pandemic levels.
The report details how the second half of 2021 established high-powered botnet armies and rebalanced the scales between volumetric and direct-path (non-spoofed) attacks, creating more sophisticated operating procedures for attackers and adding new tactics, techniques, and methods to their arsaenals.
InfoSecurity (March 28, 2022) US Proposes Healthcare Cybersecurity Act
Lawmakers in the United States have proposed a new bill, which aims to enhance the cybersecurity of America's healthcare and public health (HPH) sector.
The bill, known as the Healthcare Cybersecurity Act (S.3904), was put forward by US senators Jacky Rosen and Bill Cassidy on Thursday, following a White House warning over the increased risk to America of cyber-threats stemming from Russia.
“Health centers save lives and hold a lot of sensitive, personal information," said Cassidy, "This makes them a prime target for cyber-attacks.
“This bill protects patients’ data and public health by strengthening our resilience to cyber warfare.”
Other Industry News
LockBit victim estimates cost of ransomware attack to be $42 million - Bleeping Computer
FBI efforts to disrupt business email compromise scams leads to 65 arrests - ZD Net
One in four employees lose job after making cybersecurity mistakes - Beta News
Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests” - Krebs on Security
ENISA urges data-handling innovation amid growing tide of healthcare breaches - Portswigger
Shutterfly discloses data breach after Conti ransomware attack - Bleeping Computer
Zero-Day Surge Led to More Rapid Exploitation of Bugs in 2021 - Dark Reading
Utah Becomes Latest US State to Pass a Data Privacy Law - Infosecurity
Lapsus$ and Solar Winds hackers both use the same old trick to bypass MFA - ars Technica
Estonian ransomware operator sentenced to prison in U.S. - Security Week
The long, bumpy road to cyber incident reporting legislation — and the one still ahead - Cyberscoop