The week has been full of cybersecurity news that continues to shake the cyber world as usual. Here’s our latest cybersecurity news piece sharing the latest developments to help you keep a step ahead of threat actors.
Canada Says No to WeChat and Kaspersky on Government Devices
Canada has banned the use of Kaspersky security products and Tencent’s WeChat app on mobile devices that are used by its government.
The country has taken this step as the officials believe that these applications share sensitive information with Russia and China. Smartphones and tablets are routinely moved in and out of workspaces. This poses a challenge for the effective monitoring of covert data siphoning.
The President of the Treasury Board, Anita Anand, spoke about the ban as well. She explained, “The Chief Information Officer of Canada determined that WeChat and Kaspersky suite of applications present an unacceptable level of risk to privacy and security.”
The ban took effect on 30 October 2023, requiring the removal of this software from government-issued mobile devices by that date. The government has also put extra phishing protection measures in place. The measures will block the download of these applications to prevent reinstallation on the devices.
Kaspersky broke the silence, outlining that Canada’s decision lacks consultation on alleged security concerns. Furthermore, the organization says that the decision focuses more on geopolitical considerations and not on a proper technical evaluation.
U.S. Puts the Squeeze on Russian Linked to Money Laundering for Ryuk Ransomware
Ekaterina Zhdanova, a Russian national, has been officially sanctioned by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC).
This was a response to Zhdanova’s involvement in laundering millions in cryptocurrency for various people, including actors linked to ransomware activities. Zhdanova used her expertise in cryptocurrency and blockchain networks to navigate through platforms like Garante. Chainalysis shared a report shedding light on Zhdanova’s public businesses, which are potentially connected to her money laundering schemes.
Both OFAC and Chainalysis emphasize her utilization of a global network of money launderers to complicate her financial activities. The reported activities of Zhdanova extend to her alleged involvement in laundering over $2.3 million in ransom payments for an affiliate of the Ryuk ransomware operation. The Ryuk gang was active from 2018 to 2021 and targeted various sectors.
Image sourced from norton.com
Authorities have also verified cases where Zhdanova arranged for Russian clients to obtain UAE tax residency, I.D. cards, and bank accounts. As a result, all U.S.-based assets belonging to Ekaterina Zhdanova will be frozen, and U.S. persons and entities will be prohibited from engaging in any transactions with her.
FBI Reveals: Ransomware Crews Target Casinos Through Third-Party Gaming Partners
The FBI has outlined that these threat actors employ legitimate system management tools. They use the tools to escalate their permissions on the network, posing a significant risk. The FBI shared that third-party vendors and services are a prevalent attack vector in these cases. The agency pointed out new trends in which ransomware actors exploit vulnerabilities in vendor-controlled remote access to casino servers.
Since the beginning of 2022, the FBI has observed ransomware attacks specifically targeting small and tribal casinos, encrypting servers, and compromising Personally Identifiable Information (PII) of both employees and patrons. The ransomware gang behind these attacks is Luna Moth/SRG. The threat actor gang focuses on data extortion without encrypting the files. Previous reports have highlighted fake subscription renewal lures associated with their email phishing tactics.
The FBI recommends maintaining encrypted and immutable offline backups for the organizational data infrastructure, implementing policies for remote access, and allowing only known and trusted applications to stay safe.
McLaren Health Care Reveals Data Breach Affecting 2.2 Million Individuals
McLaren Health Care (McLaren) has revealed a significant data breach that occurred between late July and August this year, impacting almost 2.2 million individuals.
The breach was detected on 22 August 2023 and prompted McLaren to launch investigations with the assistance of external cybersecurity experts. The findings indicated that unauthorized access had been ongoing since 28 July 2023. The compromised data includes a range of sensitive information, including full names, Social Security numbers (SSN), health insurance details, dates of birth, billing or claims information, diagnoses, physician details, medical record numbers, Medicare/Medicaid information, prescription/medication specifics, and diagnostic results and treatment information.
McLaren has already begun notifying affected individuals via email. The notification includes detailed instructions on enrolling in identity protection services for a year, emphasizing the importance of utilizing advanced threat defense to safeguard personal information.
While there is currently no evidence of misuse, McLaren advises that affected individuals should exercise caution with unsolicited communications and maintain a close eye on their bank account activity.