Cyber Weekly Digest - Week #41

In this week's digest, we explore the biggest cyber security stories from the week, including how threat actors had access to databases of the largest SMS routing firm for five years and the threat group zoning in on the healthcare sector with ransomware attacks. Keep reading to stay up to date with the latest cyber security stories.

1. Attackers leak 12GB of data allegedly belonging to Twitch.

On Wednesday, someone shared a torrent link on 4chan leading to a 125GB archive containing data allegedly stolen from roughly 6,000 internal Twitch Git repositories. Twitch has since claimed that no login credentials or credit card numbers belonging to users or streams were exposed in the data leak. They added that attackers were able to gain access to the stolen data due to a faulty Twitch server configuration change. The 4chan user who leaked the archive named the post "twitch leaks part one", hinting that additional stolen data is likely to also be leaked.

2. FIN12 threat actor focuses on targeting healthcare with ransomware attacks.

FIN12 is a prolific threat actor with a strong focus on making money that executes ransomware attacks and has been active since October 2018. In a recent profile of FIN12, researchers noted that the threat group have been targeting the healthcare sector utilising Ryuk and Conti ransomware. The report found that the group also have been reducing their attack time, with the average time spent on a victim's network dropping to less than three days in 2021. Researchers believe that FIN12 could be choosing their victims through a TrickBot administration panel which allows them to interact with compromised machines.

3. Apache patches an actively exploited vulnerability for its HTTP Server product.

On Thursday, the Apache Software Foundation released additional security updates for its HTTP Server product to remediate what it says is an "incomplete fix" for an actively exploited path traversal and remote code execution flaw that it patched earlier this week. Apache HTTP Server is an open-source, cross-platform web server that powers approximately 25% of websites worldwide. A Shodan search revealed over 112,000 Internet-exposed and vulnerable Apache HTTP servers providing the attackers with a wide selection of potential targets.