Hello and welcome to GlobalSign’s weekly cybersecurity news round up. It’s been yet another active week, though thankfully there haven’t been any devastating attacks (got to be grateful for that!) But by no means have cyber criminals taken a break. Let’s dive in!
One of the most talked about incidents this week was a ransomware attack on a grain cooperative in Iowa. BlackMatter is responsible for the attack that some say could lead to food shortages. The BlackMatter ransomware group is demanding $5.9 million from the New Cooperative not to leak stolen data and provide a decryptor. Tas of several days ago, the group was threatening to increase the ransom to $11.8 million if the company didn’t pay within five days.
Microsoft’s security team has just uncovered a massive Phishing-as-a-Service operation. The operation, known as BulletProofLink, BulletProftLink, or Anthrax, provides phishing services to cybercrime gangs. BulletProofLink’s offering appears to take phishing into new territory, beyond that of phishing kits. For just $800, customers can get services such as web page set up to host the phishing site. What a bargain!
Speaking of cybercrime gangs, there’s a new one in town – FamousSparrow. The research team at ESET announced the new cybercrime group targets entities to spy on them. They say the advanced persistent threat (APT) group is a new entry to the cyberespionage space and has been linked to attacks against governments, international organizations, engineering firms, legal companies, and the hospitality sector. It also appears that FamousSparrow is connected to the Microsoft Exchange servers attack that took place last March. In that incident, FamousSparrow joined 10 other APT groups that exploited ProxyLogon, a chain of zero-day vulnerabilities that compromised the Exchange servers worldwide.
Also this week, some concerning statistics from a new healthcare study. Research from Censinet and conducted by the Ponemon Institute, revealed that one in four respondents reported increased patient mortality rates after ransomware attacks. The study compiled survey responses from 597 healthcare organizations including regional health systems, community hospitals, and integrated delivery networks. Nearly three quarters of survey respondents reported that healthcare ransomware attacks led to a longer length of stay and delays in procedures and tests that resulted in poor outcomes. About 65 percent of respondents reported an increase in the number of patients being diverted to other facilities, and 36 percent reported an increase in complications from medical procedures.
“Leave the body…take the…data???”
If you’re like me and you’ve seen ‘The Godfather’ a gazillion times, one of your favorite lines might be “Leave the gun. Take the cannoli.” (Not only is it a great line from one of the best movies ever made, but hey, who doesn’t love Italian pastry?? But I digress.)
Given the massive uptick in cybercrime over the last several years, it only makes sense the mafia would eventually expand into a 21st century line of work. Perhaps they no longer care about physical violence, and are more interested in nefarious methods of obtaining people’s personal data.
That seems to be the case, as police in Italy and Spain this week arrested 106 people who allegedly stole more than $11 million. And, officials say, those arrested are linked to the Italian mafia. The criminals were purportedly involved in scams including phishing, credit card fraud and other cybercrimes in conjunction with drug trafficking and property crime, according to the European law enforcement agency Europol.
Thieves used business email compromise schemes and SIM swapping — in which scammers take control of a victim’s phone number to steal sensitive information — before laundering the funds via a network of shell companies and money mules.
That’s a wrap for this week. Have a great weekend!
Top Global Industry News
ZDNet (September 23, 2021) New advanced hacking group targets governments, engineers worldwide
“A new hacking group targeting entities worldwide to spy on them has been unmasked by researchers.
Dubbed FamousSparrow by ESET, on Thursday, the team said that the advanced persistent threat (APT) group — many of whom are state-sponsored — is a new entry to the cyberespionage space. Believed to have been active since at least 2019, the APT has been linked to attacks against governments, international organizations, engineering firms, legal companies, and the hospitality sector.
What makes this new APT interesting is that the group joined at least 10 other APT groups that exploited ProxyLogon, a chain of zero-day vulnerabilities disclosed in March which was used to compromise Microsoft Exchange servers worldwide.”
Health IT Security (September 22, 2021) Healthcare Ransomware Attacks Lead to Increased Patient Mortality
“Financial strain, care disruptions, and time-consuming recovery operations often result from healthcare ransomware attacks, but new research revealed that increased patient mortality is also likely in the aftermath of a cyberattack.
The study, commissioned by Censinet and conducted by the Ponemon Institute, compiled survey responses from 597 healthcare organizations including regional health systems, community hospitals, and integrated delivery networks.
One in four respondents reported increased patient mortality rates after ransomware attacks.”
Channel Futures (September 21, 2021) Grain Cooperative Ransomware Attack Could Prompt Food Shortages
“The BlackMatter ransomware group’s attack on an Iowa grain cooperative could lead to food shortages in the coming weeks and months. That’s according to Curtis Simpson, Armis‘ CISO. The BlackMatter ransomware group is demanding $5.9 million from New Cooperative not to leak stolen data and provide a decryptor. New Cooperative is a farmer’s feed and grain cooperative with more than 60 locations throughout Iowa.
BlackMatter said the ransom will increase to $11.8 million if the company doesn’t pay within five days.
‘Like with other supply chains, one attack on an element of the food and agriculture supply chain fundamentally has a downstream impact on consuming businesses and consumers,’ Simpson said. ‘Your favorite dish at a nearby restaurant or cut of meat at the butcher counter may simply be unavailable for some time or, much, much more expensive if it remains or becomes available again in the future.’”
Recorded Future blog (September 21, 2021) Microsoft uncovers giant Phishing-as-a-Service operation
“Microsoft’s security team said today that it uncovered a massive operation that provides phishing services to cybercrime gangs using a hosting-like infrastructure that the OS maker likened to a Phishing-as-a-Service (PHaaS) model.
Known as BulletProofLink, BulletProftLink, or Anthrax, the service is currently advertised on underground cybercrime forums.
The service is an evolution on ‘phishing kits,’ which are collections of phishing pages and templates imitating the login forms of known companies.
BulletProofLink takes this to a whole new level by providing built-in hosting and email-sending services as well.”
Cyberscoop (September 20, 2021) Police say scammers who used email fraud, SIM swapping are connected to Italian mafia
“Police in Europe have arrested more than 100 people who allegedly stole more than $11 million in a years-long fraud operation that law enforcement officials have linked to an Italian mafia group.
Officials in Italy and Spain arrested 106 suspects who are accused of using phishing, credit card fraud and other cybercrime techniques in conjunction with drug trafficking and property crime, according to the European law enforcement agency Europol. Thieves used business email compromise schemes and SIM swapping — in which scammers take control of a victim’s phone number to steal sensitive information — before laundering the funds via a network of shell companies and money mules, police said in a statement Monday.”
Other Industry News
Epik Confirms Hack, Gigabytes of Data on Offer – Threatpost
FBI withheld decryption key for Kaseya ransomware attack for three weeks: report – The Hill
The US Treasury issued its first-ever sanctions against a crypto exchange for aiding ransomware attacks – Business Insider
Four months on from a sophisticated cyberattack, Alaska’s health department is still recovering – ZDNet
Cybercrime gang backdoors U.S. finance organizations with malware – Digital Journal
French shipping giant CMA suffers data breach – Portswigger
Fed up with constant cyberattacks, one country is about to make some big changes – ZDNet
Sberbank deputy chair: “We’re the number one target for hackers around the globe” (fintechfutures.com)
Simon Coveney’s phone is the story of Irish cyber security – Independent.ie
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.