Take a look at this week’s Cyber Weekly Digest to find out about the biggest cyber security stories including a cyber attack on the world’s most expensive observatory in Chile and the return of the Emotet botnet. Keep reading to stay up to date on the latest cyber security news.
Australian Clinical Labs (ACL) has disclosed a February 2022 data breach that impacted its Medlab Pathology business, exposing the medical records and other sensitive information of 223000 people. ACL operates 89 healthcare laboratories and performs six million tests annually. The firm states that they are not aware of any misuse of the stolen information, however, it is notifying all clients individually of what data was exposed in the attack. Almost 130,000 Medicare numbers, 30000 credit cards, and 18000 individual health records were leaked in the attack. The Australian Cyber Security Centre (ACSC) has confirmed that the threat actors have published the stolen data on the dark web. The hackers used the ransomware called Quantum, which uploaded all stolen files on to its Tor site in June 2022. Over the past two months, Australia has been hit with numerous data breaches and cyberattacks, including attacks on Optus, Medibank, MyDeal, and Vinomofo.
The world-famous Atacama Large Millimeter Array (ALMA) observatory in Chile has become the latest victim of a cyber-attack, forcing it offline. It has said the attack on its computer systems came last Saturday, “forcing the suspension of astronomical observations and the public website.” ALMA is believed to have cost around $1.4bn to build, making it one of the most expensive observatories in the world. The ALMA website published a statement claiming “There are limited email services at the observatory. The threat has been contained, and our specialists are working hard to restore affected systems. The attack did not compromise the ALMA antennas or any scientific data,”. According to researchers, threat actors are increasingly targeting space-related technology.
The US Federal Trade Commission (FTC) has sued education technology company Chegg after exposing the sensitive information of tens of millions of customers and employees in four data breaches suffered since 2017. The agency’s proposed order would require Chegg to improve security, implement multifactor authentication (MFA) to help users secure their accounts, limit collected and stored customer data, and allow customers to access and delete their data. The FTC complaint alleges that Chegg failed to implement MFA support, which led to the use of a single login for all compromised databases, and not monitoring malicious activity. Chegg is also accused of storing the employees’ and customers’ sensitive information insecurely and failing to provide its employees and contractors with phishing awareness training.
The OpenSSL Project has patched two high-severity security flaws in its open-source cryptographic library used to encrypt communication channels and HTTPS connections. The vulnerabilities (CVE-2022=3602 and CVE-2022-3786), affecting OpenSSL version 3.0.0 and later, have been addressed in OpenSSL 3.0.7. CVE-2022-3602 is an arbitrary 4-byte stack buffer overflow that could trigger crashes or lead to remote code execution (RCE), while CVE-2022-3786 can be exploited by attackers via malicious email addresses to trigger a denial-of-service state via a buffer overflow. A member of the OpenSSL team stated that there is no known proof of concept that is replicable to openly exploit these vulnerabilities. IT Admins and organisations have been warned since October 25th to search their environments for vulnerable instances and prepare them for patching when OpenSSL 3.0.7, the newest patched version, is released.
5. Emotet botnet starts blasting malware again after a 5 month break. The Emotet malware operation is back spamming malicious emails after almost a five-month “vacation” that saw little activity from the notorious cybercrime operation. The Emotet malware is spread through phishing campaigns containing malicious Excel or Word documents. When users open these documents and enable macros, the Emotet DLL will be downloaded and loaded into memory. Once the malicious document is loaded, the malware will search for and steal emails to use in future spam campaigns and drop additional payloads such as Cobalt Strike or other malware that commonly leads to ransomware attacks.