Welcome back to our blog. Here's our weekly round-up of cybersecurity news.
We begin in Colombia, where a hack of a government website led to the exposure of the identities of secret agents working for the Australian Federal Police (AFP). Hackivist group Guacamaya has claimed responsibility for the incident. Guacamaya stole more than five terabytes of classified data, including emails, documents and even the methods AFP agents used to limit the work of drug cartels operating in Australia. The AFP is not the only law enforcement agency collaborating with the Colombian government so police agencies from other countries are likely to be affected.
The White House is about to unveil a labeling system to rate the cyber resilience of Internet of Things (IoT) devices. The new system will be modeled after the Energy Star ratings, which rank the energy effictiency of computers, air conditioners and other appliances. The labeling effort will begin with the security of routers and home cameras, since the devices are some of the most highly used and at-risk used by consumers.
Russian-speaking hacktivists from a group calling itself KillNet temporarily shut down the public-facing websites of at least several major U.S. airports on Monday. The websites for 14 airports, including Hartsfield-Jackson Atlanta International Airport (ATL) and Los Angeles International Airport (LAX), were among those impacted.
The healthcare system in the United Kingdom has had a difficult year. First, a crippling attack at the NHS, and now hospitals across the UK are recovering from an outage in their electronic health records system from Oracle Cerner. The outage rendered physicians unable to access patient information. Earlier in the week, Royal Free London NHS Foundation Trust staff were told not to use the electronic patient record system due to a technical issue affecting Cerner. An internal communication said three hospitals, including Royal Free Hospital, were reverting to "downtime" procedures, including using paper. Fortunately, the problem was solved by Wednesday.
Japanese car giant Toyota has warned that nearly 300,000 customers may have had their personal data leaked. The company added that, while there is no evidence that the data was accessed by a third party following an analysis of the access history of the data server, it “could not be completely ruled out." The leak was caused by part of the source code of the T-Connect site being mistakenly uploaded to GitHub by a website development contractor, remaining on the site for almost five years from December 2017 to September 15, 2022.
Also this week, there's a new phishing-as-a-service (PhaaS) platform named 'Caffeine'. Caffeine supposedly makes it easy for threat actors to launch attacks. Mandiant analysts discovered and tested the service, and say the low barrier for entry is worrying. The cybersecurity firm first spotted Caffeine after investigating a large-scale phishing campaign run through the service, targeting one of Mandiant's clients to steal Microsoft 365 account credentials.
Finally, the story that caught my eye was the news that it's now possible for a hacker to guess your password based on the heat you leave behind on your keyboard. Sounds impossible, right? But in a paper to be published soon by ACM Transactions on Privacy and Security journal, a professor at the University of Glasgow's School of Computing Science have developed a system using a thermal imaging camera to guess and identify the keys that were last touched by an individual – the brighter the area appears in the thermal image, the more recently it was touched. The system was then used to guess passwords and PINs on computer keyboards, smartphone screens and ATM keypads. Just great.
That's a wrap. Thanks for stopping by our blog.
Top Global Security News
Bleeping Computer (October 14, 2022) Australian police secret agents exposed in Colombian data leak
Identities of secret agents working for the Australian Federal Police (AFP) have been exposed after hackers leaked documents stolen from the Colombian government.
The leak comes from a hacktivist group called Guacamaya and includes more than five terabytes of classified data, including emails, documents, and methods AFP agents were using to stop drug cartels from running their business in Australia.
Details exposed this way are from 35 AFP operations, some of them still active, and also include surveillance reports from agents, phone tap recordings, and payroll data for Colombian officers.
Cybersecurity Dive (October 12, 2022) White House to roll out Energy Star-like ratings for IoT
The White House is set to roll out a plan for a labeling system to rate the cyber resilience of Internet of Things (IoT) devices, according to a Tuesday White House cyber fact sheet. A workshop is scheduled for Oct. 19 with about 50 different organizations represented, according to Cyberscoop.
The White House will convene a group of private sector businesses, associations and government partners and to discuss the labeling plan. It would be modeled after the Energy Star system used to rank the energy efficiency of computers, air conditioners and other appliances.
Officials plan to start the labeling effort by rating the security of routers and home cameras, noting the devices are some of the most highly used and at-risk used by consumers.
The Register (October 12, 2022) UK hospitals fall back on pen and paper after Oracle Cerner outage
Hospitals in the UK are recovering from an outage in their vital electronic health records system from Oracle Cerner which left doctors unable to access vital patient information.
Yesterday afternoon, Royal Free London NHS Foundation Trust staff were told not to use the electronic patient record system due to a technical issue affecting Cerner.
An internal communication said that Royal Free Hospital, Chase Farm Hospital, and Barnet Hospital – all part of the trust – were reverting to "downtime" procedures, including using paper. Although some users had intermittent access to the patient record system, they were advised to continue using the downtime process.
The Register has seen screenshots of alerts saying the incident was unplanned and caused the application to run slowly and crash. Another error message said the problem was an "invalid database configuration" and that the "configuration file could not be found."
Infosecurity (October 11, 2022) Toyota Reveals Data Leak of 300,000 Customers
Japanese car giant Toyota has warned that nearly 300,000 customers may have had their personal data leaked after an access key was publicly available on GitHub for almost five years.
In a statement on its website, Toyota said that the email addresses and customer control numbers of 296,019 people who have used T-Connect, a telematics service that connects vehicles via a network, since July 2017, were exposed.
The firm added that while there is no evidence that the data was accessed by a third party following an analysis of the access history of the data server, it “could not be completely ruled out.”
The car manufacturer assured customers that “there is no possibility of the leakage of names, telephone numbers, credit cards and other information such as the ‘T-Connect’ service itself.” Additionally, the data of users of the ‘G-Link/G-Link Lite’ and ‘MyTOYOTA/My TOYOTA+’ apps for Lexus vehicles was not affected as this is stored in a separate place.
Infosecurity Magazine (October 10, 2022) ThermoSecure: Cracking Passwords Using Finger Heat on Keyboards is Now Possible
What if a hacker could guess your passwords from the heat you leave behind on your keyboard? A group of computer security researchers at the University of Glasgow's School of Computing Science in the UK succeeded in deploying such an attack.
In a paper to be published in the upcoming issue of the ACM Transactions on Privacy and Security journal, a team led by associate professor Mohamed Khamis developed ThermoSecure, a system using a thermal imaging camera to guess and identify the keys that were last touched by an individual – the brighter the area appears in the thermal image, the more recently it was touched.
The researchers then used this system to guess passwords and PINs on computer keyboards, smartphone screens and ATM keypads.
USA TODAY (October 10, 2022) Hackers took down U.S. airport websites, Department of Homeland Security confirms
Unknown hackers attacked and temporarily shut down the public-facing websites of at least several major U.S. airports on Monday, a Department of Homeland Security official confirmed to USA TODAY.
The official from DHS' Cybersecurity and Infrastructure Security Agency, or CISA, declined to comment on who might have been behind what appeared to be a coordinated series of distributed denial of service (DDoS) incidents, which did not affect the actual operations of the airports or planes flying into and out of them.
"CISA is aware of reports of DDoS attacks targeting multiple U.S. airport websites. We are coordinating with potentially impacted entities and offering assistance as needed," said the official, who declined to speak on the record or provide any more information about the cyberattacks and who might have been responsible.
Bleeping Computer (October 10, 2022) Caffeine service lets anyone launch Microsoft 365 phishing attacks
A phishing-as-a-service (PhaaS) platform named 'Caffeine' makes it easy for threat actors to launch attacks, featuring an open registration process allowing anyone to jump in and start their own phishing campaigns.
Caffeine doesn't require invites or referrals, nor does it require wannabe threat actors to get approval from an admin on Telegram or a hacking forum. Due to this, it removes much of the friction that characterizes almost all platforms of this kind.
Another distinctive characteristic of Caffeine is that its phishing templates target Russian and Chinese platforms, whereas most PhaaS platforms tend to focus on lures for Western services.
Other Top Security News