Top news stories this week
- Dirty business. Former COO of a cyber security firm confesses to hacking hospitals to boost sales.
- Hefty fines. Binance and Morgan Stanley respectively pay USD 4.3 billion and USD 6.5 million to settle separate US charges.
- Ransomware ripples. Confidence shaken in ICBC and London & Zurich following cyber attacks.
- Sticky fingers. Vulnerabilities in biometric sensors enable the bypass of Windows Hello authentication.
- Evolving threat landscape. Anonymous Russia leader exposed; Play Ransomware evolves into a RaaS model.
- Insurance Policy. Fortune 500 insurer Fidelity National Financial impacted by Blackcat ransomware attack.
Listen to the Cyber Intelligence Briefing
1. Cyber security executive attacks two hospitals as a ‘sales strategy’
The former COO of a network security company has pleaded guilty to breaching two hospitals in June 2021 in order to boost his revenues and solicit future business. The former executive disrupted services at the hospitals, exfiltrated data and posted the personal details of victims on X.
Organisations must vet their employees through background checks, contacting references and assessing candidates' suitability for a role.
2. Binance and Morgan Stanley pay hefty fines to settle US charges
Cryptocurrency exchange Binance has agreed to pay USD 4.3 billion to settle allegations that it failed to flag suspicious transactions from terrorists and other criminals, including ransomware gangs, due to deficient controls. Binance’s CEO Changpeng Zhao also pled guilty to several related charges and stepped down from his role.
Separately, Morgan Stanley agreed to pay USD 6.5 million for exposing sensitive customer information. An investigation by various US Attorney Generals said the bank failed to maintain adequate vendor controls when it hired an inexperienced company to dispose of hardware that contained undecrypted data.
Organisations should conduct thorough and regular due diligence on their third-party vendors/providers and customers to ensure appropriate security controls are in place.
3. ICBC and London & Zurich under scrutiny after cyber attacks
Earlier this month, a ransomware attack disrupted major trading operations at the Industrial and Commercial Bank of China's (ICBC) US unit. This has made numerous ICBC partners reluctant to reestablish network connections with the bank amid safety concerns.
Separately, the direct debit company London & Zurich faced criticism for their alleged poor communication and lack of support response following a ransomware attack. At least one of the company's clients reportedly had to resort to a short-term loan to handle their financial backlog.
Cyber attacks can cause significant reputational damage, shake business confidence, and potentially weaken future partnership prospects. Having a timely communication plan both during and post-incident is critical to manage such scenarios effectively.
Join S-RM for our webinar on the 7th of December to gain valuable insights from our award-winning cyber experts
4. Fingerprint authentication flaws found in Windows Hello
Security researchers have disclosed vulnerabilities that allow Windows Hello fingerprint authentication to be bypassed. Tests performed on fingerprint sensors, used in Lenovo, Dell and Microsoft devices, revealed that it was possible to spoof the sensor’s communication with the device and falsely authorise a sign in. The exploits all require having physical access to the devices.
Biometrics are not foolproof. It is important to be aware of vulnerabilities in authentication methods used by your organisation.
5. Anonymous Russia leader exposed; Play evolves into RAAS model
The pro-Kremlin hacktivist group Killnet, led by Nikolai Serafimov (Killmilk), is facing internal issues and reduced activity. Killmilk's actions, such as exposing Anonymous Russia's leader, have led to criticism, indicating a decline in Killnet's influence.
Separately, Play ransomware has evolved into a ransomware-as-a-service (RaaS), allowing affiliates to easily deploy it with minimal variations. This shift raises concerns about increased attacks and reflects the growing maturity of the RaaS ecosystem, contributing to a 40% rise in ransomware incidents over the past year.
These shifts underscore the evolving cyber threat ecosystem, including diverse threat actors from sophisticated state-backed hackers to less experienced individuals leveraging RaaS services.
6. Fortune 500 insurer suffers disruption after ransomware attack
Fortune 500 insurer Fidelity National Financial (FNF) was forced to shut down systems after being impacted by a Blackcat ransomware attack. The incident disrupted the firm’s mortgage transactions, title-related insurance services, escrow services, and technology products, after attackers accessed FNF systems and credentials.
Implementing a Privileged Access Management (PAM) solution greatly reduces the risk of cyber criminals accessing privileged user account credentials.