Blog
LATEST CYBERTHREATS AND ADVISORIES - OCTOBER 21, 2022
Ransomware derails big businesses as the Australian cyberattack spree and student loan forgiveness scam highlight a disturbing week in the cybersecurity world. Here are the latest threats and advisories for the week of October 21, 2022.
Threat Advisories and Alerts
FBI Warns That Fraudsters May Target Beneficiaries of Student Loan Forgiveness
Individuals seeking US federal student loan forgiveness should be cautious of potential scams related to the Student Loan Debt Relief Plan introduced in August of this year. Scammers are using a variety of digital tools – including websites, email, mobile phones and more – to trick victims into giving them financial information, payment or personal information. Beneficiaries of the Student Loan Debt Relief Plan can protect themselves by exercising caution when entering sensitive information online, not clicking on links in suspicious emails and verifying the legitimacy of official US government sites.
Source: https://www.ic3.gov/Media/Y2022/PSA221018
Nearly 900 Servers Compromised Due to Zimbra Vulnerability
A critical vulnerability in Zimbra Collaboration Suite has led to cyberattacks on 876 servers. Zimbra has released fixes for the vulnerability (CVE-2022-41352), which can be exploited when an email is sent with a malicious archive attachment that plants a web shell. Admins and users of the affected products are recommended to apply the appropriate security updates immediately. For more details see the SingCERT alert .
Source: https://www.bleepingcomputer.com/news/security/almost-900-servers-hacked-using-zimbra-zero-day-flaw/
Treat cyber crime as a ‘strategic threat’, UK businesses told
The UK government has urged businesses to start treating cybercrime and digitally enabled fraud as a major strategic threat as it launches a new National Cyber Advisory Board, a group of sector leaders that will meet regularly to discuss live security threats and how to counter them. Nadim Zahawi will chair the board alongside Lloyds Banking Group chief security officer Sharon Barber, as part of a new drive for businesses to tighten up their security under the auspices of the £2.6bn National Cyber Strategy.
Source: https://www.computerweekly.com/news/252526265/Treat-cyber-crime-as-strategic-threat-UK-businesses-told
Emerging Threats and Research
Verizon Prepaid Customer Accounts Fall Victim to Breach
An undisclosed number of Verizon prepaid customers were warned their accounts were breached, exposing credit card info and putting them at risk for SIM swapping attacks. SIM swapping occurs when a cybercriminal uses social engineering to convince mobile carriers to swap a victim’s phone number to an attacker-controlled SIM card. While the threat actors reportedly didn’t access full credit card numbers and other financial information, they may have stolen names, telephone numbers, billing addresses and other personal information.
Personal Information of 2.2 Million MyDeal Customers Exposed in Breach
Australian retail marketplace MyDeal (majority owned by Woolworths) suffered a data breach last Friday, affecting 2.2 million customers. The breach occurred when a threat actor accessed the company’s Customer Relationship Management system, enabling the cybercriminal to view and export customer information. Names, emails and delivery addresses, phone numbers and some birth dates were exposed, and the stolen data is now being sold for $600 on a hacking forum. Affected customers will be notified by MyDeal in the coming weeks.
Concern that web trackers may have leaked 3 million patients’ info
A hospital network in Wisconsin and Illinois fears visitor tracking code on its websites may have transmitted personal information on as many as 3 million patients to Meta, Google, and other third parties. Advocate Aurora Health (AAH) reported the potential breach to the US government’s Health and Human Services. As well as millions of patients, AAH has 27 hospitals and 32,000 doctors and nurses on its books.
Source: https://www.theregister.com/2022/10/20/health_group_says_tracking_pixel/
Ransomware Attack Hits Australian Insurance Firm Medibank
Another big Australian business suffered a cyberattack last week. This time the private health insurance provider Medibank, which covers more than 3.7 million people, fell victim. The ransomware attack caused a temporary service outage last week, but according to CEO David Koczkar, no systems were encrypted and there’s no evidence of stolen customer data.
German Newspaper Crippled by Ransomware
The regional German Newspaper Heilbronn Stimme was hit by a ransomware attack last Friday that severely disrupted newspaper delivery. Heilbronn Stimme has a circulation of 75,000 copies, and the publisher was forced to issue an “emergency” six-page edition on Saturday after its printing systems were crippled by the attack. Other publications in the Stimme Mediengruppe media group – including Echo, RegioMail and Pressedruck – were also affected. The media group is working with authorities to resolve the technical issues as soon as possible.
Wine Merchant Vinomofo Added to List of Recent Australian Cyberattacks
Wine retailer Vinomofo is the latest company to become a victim of the recent cyberattack spree sweeping through Australian businesses. As many as a half million customers may have had their personal data exposed, which includes what seems like now a common list of coveted data: birth dates, addresses, email addresses, name, gender and phone numbers. Cyberattacks on Vinomofo, Medibank, MyDeal, Optus and Telstra all occurred in the past few weeks, signifying a disturbing uptick in Australian cybersecurity incidents.
Source: https://www.infosecurity-magazine.com/news/breaches-expose-millions-at-aussie/
To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.
