Information Security News 12-11-2023

Share This Post

Feds Levy First-Ever HIPAA Fine for a Phishing Breach

Article Link: https://www.healthcareinfosecurity.com/feds-levy-first-ever-hipaa-fine-for-phishing-breach-a-23812

  • Recently, the Department of Health and Human Services (HHS) announced a $480,00 HIPAA case settlement that revolved around a phishing attack leading to a data breach, the first of such actions against a healthcare organization.
  • The data breach, which occurred in 2021, compromised the electronic protected health information (ePHI) of almost 35,000 people associated with the Louisiana-based Lafourche Medical Center.
  • The clinic was fined for two key reasons, cited by HHS. First, the clinic failed to conduct a thorough enterprise-wide risk analysis to identify potential risk around ePHI, a HIPAA requirement. Second, they lacked policies and procedures related to information security and the safeguarding of PHI.

Navy Contractor Austal USA Confirms Cyberattack After Data Leak

Article Link: https://www.bleepingcomputer.com/news/security/navy-contractor-austal-usa-confirms-cyberattack-after-data-leak/

  • Recently, the shipbuilding company and U.S. Government contractor Austal USA announced a data incident, allegedly at the hands of the Hunters International data extortion gang.
  • The Hunters International threat actors posted Austal USA information to their leak website and threatened to release more unless a ransom was paid. Austal USA are presumably not paying the threat actors as they stated that the incident was mitigated, there was no impact on operations, and no personal or classified information was accessed or taken by the threat actor.
  • As the article highlighted, Hunters International uses the same encryptor source code as the Hive threat actor group. It was also noted that Hunters International is focused on stealing data and using it to extort victims rather than ransoming victims.

LogoFAIL Vulnerabilities Impact Vast Majority of Devices

Article Link: https://cyberscoop.com/logofail-vulnerability-boot-process/

  • According to the cybersecurity firm Binarly, a vulnerability dubbed LogoFAIL impacts all x86 and ARM-based devices through the software that shows the manufacturer logo during the bootup process.
  • The vulnerability impacts the three main vendors who make BIOS startup software, AMI; Insyde Software; and Phoenix Technologies, that are used by leading brands like Lenovo and Intel. These three organizations serve about 95% of all computers in the world. As a result, it is highly likely that all of the devices in that 95% are susceptible to compromise via the LogoFAIL vulnerability.
  • To exploit the vulnerability, an attacker would need local administrator access to change the bootup logo with a new, malicious logo. Additionally, since the exploit occurs before a device is fully booted up, it is able to circumvent security tools and slip under the radar.
  • As of December 6th, several of the impacted manufacturers have patched the vulnerability.
  • Link to Binarly’s Report: https://binarly.io/posts/The_Far_Reaching_Consequences_of_LogoFAIL/index.html

Booking.com Customers Targeted in Hotel Booking Scam

Article Link: https://www.helpnetsecurity.com/2023/12/04/booking-com-hotel-booking-scam/

  • According to researchers at Secureworks, bad actors are hijacking the Booking.com accounts of hotels and then leveraging them to send out hotel booking scams and fake payment requests to potential hotel guests.
  • The scammers gain access to the hotel employee accounts by sending an email asking about a forgotten travel item or document and then sending a follow-up email several days later with a Google Drive link containing a malicious downloadable. From there, the bad actors use the compromised accounts of the hotel to pose as the various properties to unsuspecting victims.
  • As the article notes, this recent series of Booking.com scams are a microcosm of targeted attacks against the hospitality industry.
  • Several protection steps include implementing multifactor authentication (MFA) on corporate Booking.com accounts, educating employees on social engineering, and double-checking URLs before opening them.
  • Link to Secureworks’ Report: https://www.secureworks.com/blog/vidar-infostealer-steals-booking-com-credentials-in-fraud-scam

Microsoft Issues Deadline for End of Windows 10 Support

Article Link: https://www.theregister.com/2023/12/06/microsoft_windows_10_security/

  • On December 5th, Microsoft announced that full security support for Windows 10 will end on October 14, 2025, with the goal for Microsoft users to move over to Windows 11.
  • Organizations who need to stay on Windows 10 beyond October 2025 will be able to pay a subscription fee for extended security updates. While the prices have yet to be released, the scale will likely be similar to the Windows 7 ESU program, which started at $50 a device and then doubled in price each year thereafter.
  • As the announcement notes, there are several exceptions to this where the ESUs will not be an additional cost. These include Windows 10 devices that connect to a Cloud PC running Windows 11 for Windows 365 customers and Windows 10 instances in Azure Virtual Desktop.
  • The announcement from Microsoft also emphasizes that Microsoft tools, such as InTune, may be beneficial to larger organizations switching to Windows 11 all at once.
  • Link to Microsoft’s Announcement: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/plan-for-windows-10-eos-with-windows-11-windows-365-and-esu/ba-p/4000414

Municipalities Face a Constant Battle as Ransomware Snowballs

Article Link: https://www.darkreading.com/cybersecurity-operations/as-ransomware-attacks-abound-municipalities-face-a-constant-battle

  • Over the course of 2023, municipalities in the U.S. and across the globe have been under attack from ransomware gangs and other malicious hackers. Overall, the slew of cyberattacks highlight the need for robust cybersecurity defenses in a sector that has been historically unprepared in the cyber realm.
  • As the article highlights, municipalities continue to fall further behind from the threats they go up against. Likewise, most local governments are critically understaffed, underfunded, and lack minimal cybersecurity training. As such, attackers breach with ease and defenders struggle to stop attacks and bounce back afterwards.
  • While investing in automation, skilled cybersecurity professionals, and focusing on policies and procedures are helpful, a defensive gap still remains. Ultimately, the best way to move the security needle in a positive direction and maximize limited budgets is end-user training, vulnerability and patch management, regular data backups, system hardening, and disaster recovery drills.

Hacking the Human Mind: Exploiting Vulnerabilities in the ‘First Line of Cyber Defense’

Article Link: https://thehackernews.com/2023/12/hacking-human-mind-exploiting.html

  • The human mind is complex. As the article emphasizes, understanding our minds can provide insight into identifying and responding to potential cyber threats and social engineering attacks.
  • Attackers will often try to manipulate and exploit fundamental traits and characteristics about each of us to get what they want out of us. The article lists a variety of characteristics that attackers try to exploit including trust, empathy, greed, a desire for validation, and more.
  • Overall, attackers do and will continue to try and use what makes each of us human against us. A key way to help stay vigilant is to consider what the purpose or expectation of an interaction or consumed media is. If a strong emotion in any specific direction is felt, someone may be trying to exploit your mind.


Reach out to our incident response team for help

More To Explore

Information Security News 12-2-2024

Minnesota Mandates Updated Cybersecurity Incident Reporting Article Link: https://mn.gov/mnit/about-mnit/security/cir/ New York Fines GEICO $9.8 Million Over Data Breach Article Link: https://www.reuters.com/business/finance/new-york-fines-geico-98-million-over-data-breach-2024-11-25/ RansomHub Gang Says It

Information Security News 11-25-2024

Data is the New Uranium – Incredibly Powerful and Amazingly Dangerous Article Link: https://www.theregister.com/2024/11/20/data_is_the_new_uranium/ MITRE Updates List of 25 Most Dangerous Software Vulnerabilities Article Link:

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.