Cyware Monthly Threat Intelligence

Monthly Threat Briefing • Jan 2, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Monthly Threat Briefing • Jan 2, 2023
Quantum computing will change cryptography as we know it. The U.S. President signed a bipartisan law referring to post-quantum cybersecurity guidelines. Investments in cybersecurity are on the rise. U.S. Congress set aside $2.9 billion in funds for cybersecurity initiatives in the FY2023 spending bill. In the wake of rising cyberattacks in France, the government announced its plan to train all its employees at the most important health facilities under a new initiative by May 2023.
President Joe Biden signed the Quantum Computing Cybersecurity guidelines into law to motivate federal agencies to adopt technology protected from decryption by quantum computing. Called Quantum Computing Cybersecurity Preparedness Act, the bill will help organizations to protect their systems against quantum tech threats.
The FTC and the HHS updated their Mobile Health App Interactive Tool to improve the data security of patients. The tool is for anyone developing a mobile app to understand the implications of collecting and misusing the PHI of patients. It also helps developers navigate the patchwork of different laws that may be applicable while building mobile apps to ensure that any sensitive health information is protected accordingly.
About $2.9 billion has been allocated to the CISA for the fiscal year 2023. With the given budget, the CISA aims to improve emergency communications preparedness and strengthen civilian and government networks. A portion of the amount will also be used for CISA’s advanced cybersecurity operations.
The French government has announced a vast training program to help hospitals and medical facilities protect themselves against cyberattacks. The development comes following repeated attacks against hospitals that saw either hackers damaging their critical infrastructures or stealing patients’ sensitive data.
Financial and healthcare institutions remained the top sectors as the hotbed of cyberattacks. The California Department of Finance and crypto platforms, such as 3Commas, BitKeep, and BTC[.]com, were added to the long list of hacks that took place last year in the crypto world. Victims in healthcare include Lake Charles Memorial Health and a hospital in Riverside County of California. Besides, security analysts laid bare an investment scam group that victimized at least 40 firms in fintech, cryptocurrency, and asset management services.
The Royal ransomware group claimed responsibility for a cyberattack against telecommunications company Intrado. As proof of the breach, the gang shared a 52.8MB archive containing scans of passports, business documents, and driver’s licenses of employees.
The California Department of Finance confirmed that it suffered a security breach, hours after the LockBit ransomware gang listed the agency as a victim on its dark web leak site. The gang has given time until Christmas eve to avoid the publishing of more than 500GB of stolen files.
Restaurant CRM platform SevenRooms confirmed suffering a data breach after a hacker claimed to have stolen 427GB of customer records and leaked a sample on a cybercrime forum. The leaked sample included a folder named after big restaurant chains, clients of SevenRooms, API keys, promo codes, payment reports, reservation lists, and more.
A hospital in California’s Riverside County reported a data breach that impacted its patients’ sensitive information, such as Social Security numbers and medical information. According to the notice, the hackers had unauthorized access to the data between October 29 and November 10.
The details of more than 70,000 Uber employees have reportedly been leaked online, marking another data breach for the company this year. The incident occurred after a threat actor targeted a third-party software provider, Teqtivity, used by Uber for IT asset management services.
Members of the North Korean Kimsuky cyberespionage group have been found impersonating think tank members to reach out to political and foreign affairs analysts. It was also associated with a new spear-phishing campaign that was aimed at nearly 900 foreign policy experts in South Korea.
Australian telecommunications giant TPG revealed that emails of 15,000 iiNet and Westnet business customers were breached as hackers looked for cryptocurrency and other financial information. Investigation into the incident is underway. However, the breach did not affect mobile or broadband services.
Comcast Xfinity accounts were hacked through credential stuffing attacks that bypassed the 2FA protection. This enabled the attackers to use the compromised customer accounts and reset passwords for other sites, such as Coinbase and Gemini.
The Play ransomware group claimed to have stolen an unconfirmed amount of data from H-Hotels. The group has recently listed the company as a victim on its Tor site. It allegedly pilfered private and personal data, including client documents, IDs, passport data, and more. While H-Hotels denied the possibility of data exfiltration last week, hackers have also failed to present any proof.
Several crypto platforms, including BTC[.]com, 3Commas, and Bitkeep, lost millions to cybercriminals in different hacking incidents. BTC[.]com lost approximately $3 million worth of crypto assets. 3Commas suffered a massive API key hack impacting Kucoin, Coinbase, and Binance. Hackers exploited BitKeep wallets to steal around $8 million worth of assets.
Popular authentication services and IAM solutions provider Okta suffered a breach impacting its private GitHub source code repositories. The company said attackers could not access the Okta service or its customers’ data.
Threat actors used Black Basta ransomware to steal sensitive data from multiple electric utilities linked to the Chicago-based engineering firm Sargent & Lundy, which is also a major U.S. government contractor. The attack occurred in October.
Lake Charles Memorial Health System in Louisiana disclosed that the personal data of nearly 270,000 patients were accessed in an October ransomware attack. This included patients’ health insurance information, medical records, and Social Security numbers.
A previously unknown investment scam group named CryptosLabs has reportedly stolen up to $505 million from victims in France, Belgium, and Luxembourg. The group has been active since 2018 and has targeted over 40 companies in fintech, cryptocurrency, and asset management services.
Besides, researchers took the wraps off an offensive marketplace, InTheBox, that has been relaying 400+ customer web injects to other hackers. New ransomware strains Cryptonite and CatB and a potential info-stealer dubbed RisePro surfaced last month. Meanwhile, Xnspy spyware app was found laced with flaws exposing the personal data of iPhones and Android users.