Welcome back to our weekly wrap up! It’s been another busy week. Here’s the latest in cybersecurity news.
Researchers from China-based Qihoo 360 say that AT&T Internet customers in the U.S. using the EdgeMarc Enterprise Session Border Controller, a networking device, is infected with malware. As a result, the infected devices can be used in denial-of-service attacks and attacks on internal networks. The device is used by small- to medium-sized enterprises to secure and manage phone calls, video conferencing, and similar real-time communications. Qihoo 360 researchers also say they have detected more than 100,000 devices accessing the same TLS certificate used by the infected controllers, an indication that the pool of affected devices may be much bigger.
Japanese tech icon Panasonic confirmed it was breached earlier this year after hackers gained access to its internal network. A company press release states that its network was “illegally accessed by a third party” on November 11 and that “some data on a file server had been accessed during the intrusion.” The truth is that hackers began snooping around much earlier in June and the unauthorized access was not detected until November 11. In addition to conducting its own investigation, the company says it is “currently working with a specialist third-party organization to investigate the leak and determine if the breach involved customers’ personal information and/or sensitive information related to social infrastructure.”
Planned Parenthood Los Angeles confirmed that a data breach last month exposed patient records online, including names, dates of birth, addresses, insurance identification numbers and clinical data like diagnosis, treatment and prescription information. PPLA said it took its systems offline on October 17th when it noticed suspicious activity, notifying law enforcement and engaging a cybersecurity company to investigate. Several weeks later the investigation concluded that patient information was taken, and Planned Parenthood LA is now notifying affected patients, which is said to be about 400,000.
DNA testing company DNA Diagnostics Center reported a data breach that leaked the personal information – including Social Security Numbers and banking information – of more than 2 million people. The Ohio-based company said the breach was discovered on August 6. Company officials discovered "potential unauthorized access to its network, during which there was unauthorized access and acquisition of an archived database that contained personal information collected between 2004 and 2012." Further investigation revealed that hackers had removed files and folders from portions of the database between May 24 and July 28.
On Tuesday the FBI announced it seized $2.3 million in August from a well-known REvil and GandCrab ransomware affiliate. The agency said the money was seized via an Exodus wallet, a desktop or mobile wallet that owners can use to store cryptocurrency.
More than 1,000 individuals were arrested by law enforcement officials from 20 countries for various cyber-enabled financial crimes, including investment fraud, business email compromise (BEC) attacks, money laundering, and illegal online gambling. The arrests took place over a four-month period between June and September 2021; they were part of an Interpol-coordinated operation code-named HAECHI-II that was designed to curb online financial crimes. During the operation, Interpol officials piloted a new global stop-payment mechanism called the Anti-Money Laundering Rapid Response Protocol (ARRP), which allowed them to intercept and recover nearly $27 million in illicit funds from cybercrime operations.
For the second time this year, a Flubot banking malware campaign is targeting Finnish Android users. Finland's National Cyber Security Centre (NCSC-FI) issued a "severe alert" this week to warn people about a massive campaign pushed via text messages and sent from compromised devices. A previous series of attacks SMS spamming thousands of Fins each day between early June and mid-August 2021.
That’s all for this week. Thanks again for stopping by our blog. Have a great weekend!
Top Global Security News
CNET (December 2, 2021) Planned Parenthood patient records leaked in data breach
"Planned Parenthood Los Angeles has confirmed that a data breach last month exposed patient records online, including names, dates of birth, addresses, insurance identification numbers and clinical data like diagnosis, treatment and prescription information.
An unauthorized person accessed the network between Oct. 9 and Oct. 17, installing malware and stealing files. PPLA said it took its systems offline on Oct. 17 when it noticed suspicious activity, notifying law enforcement and engaging a cybersecurity company to investigate. On Nov. 4, the investigation concluded that patient information was taken, and Planned Parenthood LA is now notifying affected patients.
According to a Wednesday report in The Washington Post, the data breach affected around 400,000 patients."
Ars Technica (December 1, 2021) Thousands of AT&T customers in the US infected by new data-stealing malware
"Thousands of networking devices belonging to AT&T Internet subscribers in the US have been infected with newly discovered malware that allows the devices to be used in denial-of-service attacks and attacks on internal networks, researchers said on Tuesday.
The device model under attack is the EdgeMarc Enterprise Session Border Controller, an appliance used by small- to medium-sized enterprises to secure and manage phone calls, video conferencing, and similar real-time communications. As the bridge between enterprises and their ISPs, session border controllers have access to ample amounts of bandwidth and can access potentially sensitive information, making them ideal for distributed denial of service attacks and for harvesting data.
Researchers from Qihoo 360 in China said they recently spotted a previously unknown botnet and managed to infiltrate one of its command-and-control servers during a three-hour span before they lost access.
'However, during this brief observation, we confirmed that the attacked devices were EdgeMarc Enterprise Session Border Controller, belonging to the telecom company AT&T, and that all 5.7k active victims that we saw during the short time window were all geographically located in the US,' Qihoo 360 researchers Alex Turing and Hui Wang wrote."
ZDNet (November 30, 2021) DNA testing center admits to breach affecting SSNs, banking info of more than 2 million people
"A DNA testing company has reported a data breach that leaked the personal information -- including Social Security Numbers and banking information -- of more than 2 million people, according to a notification letter the company is sending out to those affected.
Bleeping Computer, which first reported the breach, said 2,102,436 people had their information exposed by DNA Diagnostics Center, an Ohio-based DNA testing company.
In a notice shared on the company's website, DNA Diagnostics Center said that on August 6, officials with the company discovered 'potential unauthorized access to its network, during which there was unauthorized access and acquisition of an archived database that contained personal information collected between 2004 and 2012.'
Further investigation revealed that hackers had removed files and folders from portions of the database between May 24 and July 28."
Bleeping Computer (November 30, 2021) Finland warns of Flubot malware heavily targeting Android users
"Finland's National Cyber Security Centre (NCSC-FI) has issued a "severe alert" to warn of a massive campaign targeting the country's Android users with Flubot banking malware pushed via text messages sent from compromised devices.
This is the second large-scale Flubot campaign that hit Finland this year, with a previous series of attacks SMS spamming thousands of Fins each day between early June and mid-August 2021.
Just as it happened over the summer, the new spam campaign also uses a voicemail theme, asking the targets to open a link that would allow them to access a voicemail message or message from the mobile operator."
Bleeping Computer (November 30, 2021) FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangs
"The FBI seized $2.3 million in August from a well-known REvil and GandCrab ransomware affiliate, according to court documents seen by BleepingComputer.
In a complaint unsealed today, the FBI seized 39.89138522 bitcoins worth approximately $2.3 million at current prices ($1.5 million at time of seizure) from an Exodus wallet on August 3rd, 2021.
Exodus is a desktop or mobile wallet that owners can use to store cryptocurrency, including Bitcoin, Ethereum, Solana, and many others."
Dark Reading (November 29, 2021) Over 1,000 Individuals Arrested in Global Cybercrime-Fighting Operation
"Law enforcement officials across 20 countries have arrested more than 1,000 individuals for various cyber-enabled financial crimes, including investment fraud, business email compromise (BEC) attacks, money laundering, and illegal online gambling.
The arrests took place over a four-month period between June and September 2021; they were part of an Interpol-coordinated operation code-named HAECHI-II that was designed to curb online financial crimes. During the operation, Interpol officials piloted a new global stop-payment mechanism called the Anti-Money Laundering Rapid Response Protocol (ARRP), which allowed them to intercept and recover nearly $27 million in illicit funds from cybercrime operations."
Tech Crunch (November 29, 2021) Panasonic confirms data breach after hackers access internal network
"Japanese tech giant Panasonic has confirmed a data breach after hackers gained access to its internal network.
Panasonic said in a press release dated November 26 that its network was 'illegally accessed by a third party' on November 11 and that 'some data on a file server had been accessed during the intrusion.' However, when reached, Panasonic spokesperson Dannea DeLisser confirmed that the breach began on June 22 and ended on November 3 — and that the unauthorized access was first detected on November 11.
The Osaka, Japan-based company provided few other details of the breach. In its press release, the company said that in addition to conducting its own investigation, it’s 'currently working with a specialist third-party organization to investigate the leak and determine if the breach involved customers’ personal information and/or sensitive information related to social infrastructure.'"
Other Industry News
Unprotected Database Exposes 170K Healthcare Staffing Records (healthitsecurity.com)
Italian police crackdown on fake Covid-19 vaccination passes – Portswigger
Spy chief's warning: Our foes are now 'pouring money' into quantum computing and AI - ZDNet
Ransomware Operators Threaten to Leak 1.5TB of Supernus Pharmaceuticals Data - Security Week
Most Brazilian businesses set to boost cybersecurity spend in 2022 – ZDNet
IoT's growth picture bright despite pandemic and chip, supply chain concerns - FierceElectronics