In this week’s Cyber Weekly Digest we dive into the latest cyber security news, including the phishing campaigns exploiting the death of Queen Elizabeth II to lure in victims. Keep reading to stay up to date on the biggest cyber security stories from around the world.
Uber disclosed Thursday it's responding to a cybersecurity incident involving a breach of its network and that has been in touch with law enforcement authorities. It has been reported that the attack forced the company to take its internal communications and engineering systems offline as it investigated the extent of the breach. The New York Times reported that the malicious intruder compromised an employee's Slack account and broadcasted a message that the company had "suffered a data breach," in addition to listing internal databases that were supposed to have been compromised.
Six high-severity firmware vulnerabilities impacting a broad range of HP devices used in enterprise environments are still waiting to be patched, although some of them have been publicly disclosed since July 2021. Binarily reported that it has been a month since the flaws were made public at Black Hat 2022, and the vendor hasn’t released security updates for all of the impacted models, which leaves many customers exposed to attacks. HP has released three security advisories acknowledging the mentioned vulnerabilities, along with an equal number of BIOS updates addressing the issues for some of the impacted models. However, many business notebook PCs (Elite, Zbook, ProBook), business desktop PCs (ProDesk, EliteDesk, ProOne), point of sale systems, and also HP workstations (Z1, Z2, Z4, Zcentral) have not received patches yet.
China recently accused the U.S. National Security Agency of conducting an operation of cyber attacks aimed at the aeronautical and military research-oriented North-western Polytechnical University in the city of Xi’an in June 2022. The National Computer Virus Emergency Response Center (NCVERC) disclosed its findings last week and accused the Office of Tailored Access Operations (TAO), a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA), of conducting thousands of cyber-attacks against the entities within China. It was reported that TAO used 40 tactics and techniques that were designed to steal passwords, network equipment configurations and data, and operation and maintenance data. They also used two zero-days for the SunOS Unix-based operating system to breach servers used in educational institutions and commercial companies to install what is called the OPEN Trojan.
Attackers are exploiting the death of Queen Elizabeth II in phishing attacks to lure their targets to malicious sites designed to steal their Microsoft account credentials. The attackers also attempt to steal multi-factor authentication (MFA) codes to take over the accounts. In the campaign, researchers noticed the phishing actors impersonate “the Microsoft team” and try to bait the recipients into adding their memo onto an online memory board “in memory of Her Majesty Queen Elizabeth II.” After clicking a link embedded in the phishing email, the targets are instead sent to a phishing landing page where they are asked to enter their credentials. EvilProxy, a reverse proxy phishing as a service tool for low levelled threat actors to bypass and steal MFA code, was used to harvest MFA codes as they were sent to bypass the MFA protection.
This year alone, threat actors have stolen more than $4.6 million from healthcare companies after gaining access to customer accounts and changing payment details. The Federal Bureau of Investigation (FBI) has issued an alert about attackers targeting healthcare payment processors to route payments to bank accounts controlled by the attacker. The FBI stated that in just three incidents, in February and April this year, attackers diverted to their accounts more than $4.6 million from the victims. The threat actors harvest credentials to gain access to the financial suite in the hospital, they will then change the deposit details to what is called a “Bankdrop” in the black hat hacking underworld. Attackers can buy “Bankdrops” from other attackers for cryptocurrency for whatever purpose they please. The FBI recommends training put in place to make sure employees don’t hand over credentials in social engineering attacks.