Cybercrimes in the post-COVID world are even more furious than before, and therefore, using robust cybersecurity tools is the only way to ensure a safe cyberspace. Following are the top security headlines from the bygone week to help you strengthen your organization’s cybersecurity posture.
Beware Of Missed Delivery Texts From Flubot
How often do you check the SMS texts on your phone and respond to them? This Android-based spyware sends out fake delivery messages with links to download a so-called missed package delivery app. Once the user believes the text and reaches the link, the spyware Flubot gets downloaded on the smartphone, steals all banking credentials and personal details, removes passwords, and sends similar delivery texts to all numbers on the contact list. Such Flubot attacks have been rapidly increasing in the U.K.
Looking at the severity of the attacks, the NCSC and mobile network providers Vodafone and Three have issued alerts for all Android users on their network. Since mobile screens are smaller and SMSs come with limited characters, it becomes challenging to look for errors and sense the scam. Therefore, users should take cybersecurity measures seriously and refrain from opening links received on SMS, especially those directed towards downloading applications. Users must remember applications should only be downloaded from the official app store.
Ransomware Attack On Elekta Impacts Several U.S-Based Cancer Hospitals
What if radiotherapy were to stop for Cancer patients? Well, in a recent ransomware attack on Elekta (a Swedish oncology and radiology system provider), several of its customer hospitals were unable to deliver timely radiotherapy treatments to patients. The attack had impacted Elekta’s first-generation cloud storage system, and a subset of U.S. customers had their data encrypted in the process.
The service provider quickly executed its cybersecurity measures, informed law enforcement, and investigated the breach to resolve the issue at the earliest and reinstate services for customers and their patients. All affected customers were informed about the situation. The impacts of the security incident vary from one hospital to another. While the Lifespan Cancer Institute and Rhode Island Hospital had just one afternoon of its appointments affected, the Connecticut-based Yale New Haven Health had to shut down its radiation equipment offline for a week and transfer patients to other providers. Attacks on third-party vendors are not really in the cybersecurity realm of hospitals or other institutions; therefore, adopting proactive cybersecurity tools such as behavior-based security analytics is vital to ensure protection from unknown threat factors.
Once Again Telegram Becomes A Pawn At The Hands Of Adversaries (Toxiceye)
ToxicEye is a popular malware strain that uses Telegram as C2 to steal sensitive data stored on user devices. In a recent survey, researchers found 130 ToxicEye attacks in just the past three months. In this cybersecurity scam, the adversaries first create a Telegram account and a bot (which remains concealed in the malware’s configuration). The malicious documents are attached as malicious .exe files and sent to targeted users via phishing emails. Downloading the attached file enables the Telegram bot to connect the user’s device with the attacker’s C2. The RAT can then access all instant messages on the victim’s device, steal credentials, browser history, computer OS details, etc.
Such threats exploiting Telegram are likely to increase in the near future. Therefore, users must use email security services to ensure that emails from suspicious sources get blocked directly.
Lloyds Bank Customers Must Beware Of Fake Transaction Notifications
Britons have a new attack scheme to watch out for; this one claims to be from the Lloyds Bank and informs customers that they have “successfully scheduled a payment of £69.99 to payee MR ADAMS 28/04”. It further asks them to click on the given (malicious) link if they didn’t schedule the mentioned payment. Naturally, recipients would panic and quickly visit the link to stop Mr. Adams from stealing their £69.99. But what happens upon clicking the link?
A fraudulent website opens upon clicking the link. This website is designed to steal the personal information of victims or download harmful malware into their devices and, in some cases, do both! Britons must remember to be rational in responding to any text that claims to be from Lloyds Bank as the bank would never ask for customers’ account details or passwords. The best thing to do upon receiving such a text is to delete it and never open the link! Customers can use the online banking facility to their advantage and cross-check any account activity that the text presents. The National Cyber Security Centre is doing its part and provides cybersecurity guidelines to all those who receive fake texts from Lloyds Bank.
New Ransomware Wickrme Attacks Microsoft Sharepoint
A new ransomware operator by the name of WickrMe or Hello has attacked the Microsoft SharePoint servers. Microsoft SharePoint servers were abused as entry vectors into corporate networks. SharePoint became like Microsoft Exchange email servers, Palo Alto Network VPNs, Citrix gateways, Fortinet, F5 BIG-IP load balancers, Pulse Secure, etc., which ransomware gangs in the past have similarly exploited.
Hello/WickrMe used the CVE-2019-0604 vulnerability in Microsoft’s SharePoint servers to control it and install a Cobalt Strike beacon as a web shell. This backdoor ultimately downloads and installs the Hello ransomware. SharePoint must update its systems to ensure robust protection against ransomware threats!
Eaton Power Supply Fixes Siv Severe Vulnerabilities
In a move that encourages organizations to take ransomware protection before the worst happens, the Eaton power management solutions provider has recently released patches to address several vulnerabilities in its Intelligent Power Manager (IPM) software. These vulnerabilities, if left unattended, could have led to command execution, SQL injection, deleting arbitrary files, remote code execution, or uploading arbitrary files by adversaries.
Eaton’s IPM solution enabled organizations to manage, monitor, and ensure uninterruptible power supply (UPS) devices on their network; hence the patches were necessary to avoid power supply disruption. The six patched vulnerabilities fix security loopholes in Eaton IPM and IPM VA versions before 1.69, the IPP versions before 1.68, and ports 4679 and 4680.