Welcome to the latest cybersecurity wrap-up.
Another working (from home) week is coming to an end, but sadly, cyber attacks on the healthcare sector are not abating. The most recent victim is Fresenius, Europe’s largest private hospital operator. A major provider of dialysis products and services in very high demand due to COVID-19 pandemic, has been hit in a ransomware attack on its technology systems. The incident has limited some of its operations, but at least patient care continues.
However, there is some good news to report!
This week Europol announced the arrest of five Polish hackers who were part of the Infinity Black hacking group. The group formed in late 2018 and was primarily known for operating the Infinity[.]black website, where they sold access to "collections" of user credentials such as usernames and passwords leaked during data breaches at other companies in prior years.
Not only that, it was reported this week that Canada’s cyber incident response center has taken down over 1,500 COVID-19-themed fraudulent sites or email addresses aimed at Canadians.
I am grateful for the positive stories happening!
For all the stories in this week’s post, grab a cup of coffee - why not make it a dalgona? - and read on.
Top Global Cybersecurity News Stories
Portswigger (May 6, 2020) Taiwan’s major oil refineries struck by malware, causing chaos at gas stations
"Taiwan’s two largest oil refineries have each been targeted by cyber-attackers, with disruption trickling down the supply chain to impact customers at gas stations.
On Tuesday, Taiwan News reported that the state-owned petroleum, gasoline, and natural gas company CPC Corporation and its rival, Formosa Petrochemical Corporation (FPCC), have both been subject to cyber-attacks in the past two days.
CPC was struck first, while FPCC experienced its own attack a day after.
The CPC attack, on May 4, prompted the closure of IT and computer systems and prevented gas stations in the country from accessing the digital platforms used to manage revenue records."
Krebs on Security (May 6, 2020) Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware
"Fresenius, Europe’s largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems. The company said the incident has limited some of its operations, but that patient care continues.
Based in Germany, the Fresenius Group includes four independent businesses: Fresenius Medical Care, a leading provider of care to those suffering from kidney failure; Fresenius Helios, Europe’s largest private hospital operator (according to the company’s Web site); Fresenius Kabi, which supplies pharmaceutical drugs and medical devices; and Fresenius Vamed, which manages healthcare facilities.
On Tuesday, a KrebsOnSecurity reader who asked to remain anonymous said a relative working for Fresenius Kabi’s U.S. operations reported that computers in his company’s building had been roped off, and that a cyber attack had affected every part of the company’s operations around the globe."
Bleeping Computer (May 6, 2020) Cisco Webex phishing uses fake cert errors to steal credentials
"A highly convincing series of phishing attacks are using fake certificate error warnings with graphics and formatting lifted from Cisco Webex emails to steal users' account credentials.
Cisco Webex is a video and team collaboration solution that helps users set up video conferences, webinars, online meetings, and share their screens with their colleagues and friends. The platform is currently facing an influx of new users due to the unusual remote working increase caused by the COVID-19 pandemic.
According to stats shared by email security company Abnormal Security, these phishing emails have already landed in the mailboxes of up to 5,000 targets that use Cisco Webex while working remotely."
ZDNet (May 6, 2020) Logistics giant Toll Group hit by ransomware for the second time in three months
"For the second time in three months, Toll Group has become the victim of a ransomware attack that has led to the suspension of IT systems.
Melbourne, Australia-based Toll Group is a global logistics company that offers freight, warehouse, and distribution services. Toll has roughly 40,000 employees and operates a distribution network across over 50 countries.
On February 3, Toll said that IT systems had been disabled due to a malware infection, which later emerged to be the MailTo ransomware."
ZDNet (May 5, 2020) Europol arrests hackers behind Infinity Black hacker group
"Europol announced today the arrest of five Polish hackers who were part of the Infinity Black hacking group
The group formed in late 2018 and was primarily known for operating the Infinity[.]black website, where they sold access to 'collections' of user credentials.
The collections were assembled together by gathering usernames and passwords leaked during data breaches at other companies in prior years.
Sources in the threat intelligence community told ZDNet today that the hacker group also operated Discord channels, shops on the Shoppy.gg e-commerce platform, and threads on multiple hacking forums."
BankInfoSecurity (May 5, 2020) FINRA Warns of Phishing Emails Targeting Members
"The Financial Industry Regulatory Authority, a private organization that helps self-regulate brokerage firms and exchange markets in the U.S., warns that a 'widespread, ongoing' phishing campaign is targeting its members.
In an alert issued Monday, FINRA notes that the phishing emails bear the names of Bill Wollman or Josh Drobnyk, vice presidents of the organization. The emails appear to originate from a domain called '@broker-finra.org,' which is not associated with FINRA.
The messages, which carry the subject line 'Action Required: FINRA Broker Notice for [Firm Name],' ask recipients to take immediate action and open a file, which is sometimes a PDF document, according to the alert. The attachments direct the recipient to a website, which asks for a username and password for a Microsoft Office or SharePoint account, according to the alert."
Other Industry News
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.