28 November 2023

7 min read

Cyber security executive attacks two hospitals as a ‘sales strategy’ | Cyber Intelligence Briefing: 28 November

November 2023
Cyber Briefing News

 

Top news stories this week

  1. Dirty business. Former COO of a cyber security firm confesses to hacking hospitals to boost sales.
  2. Hefty fines. Binance and Morgan Stanley respectively pay USD 4.3 billion and USD 6.5 million to settle separate US charges.  
  3. Ransomware ripples. Confidence shaken in ICBC and London & Zurich following cyber attacks.
  4. Sticky fingers. Vulnerabilities in biometric sensors enable the bypass of Windows Hello authentication.
  5. Evolving threat landscape. Anonymous Russia leader exposed; Play Ransomware evolves into a RaaS model.
  6. Insurance Policy. Fortune 500 insurer Fidelity National Financial impacted by Blackcat ransomware attack.

Listen to the Cyber Intelligence Briefing

New call-to-action New call-to-action New call-to-action New call-to-action

1. Cyber security executive attacks two hospitals as a ‘sales strategy’

The former COO of a network security company has pleaded guilty to breaching two hospitals in June 2021 in order to boost his revenues and solicit future business. The former executive disrupted services at the hospitals, exfiltrated data and posted the personal details of victims on X.

So what?

Organisations must vet their employees through background checks, contacting references and assessing candidates' suitability for a role.


2. Binance and Morgan Stanley pay hefty fines to settle US charges 

Cryptocurrency exchange Binance has agreed to pay USD 4.3 billion to settle allegations that it failed to flag suspicious transactions from terrorists and other criminals, including ransomware gangs, due to deficient controls. Binance’s CEO Changpeng Zhao also pled guilty to several related charges and stepped down from his role.

Separately, Morgan Stanley agreed to pay USD 6.5 million for exposing sensitive customer information. An investigation by various US Attorney Generals said the bank failed to maintain adequate vendor controls when it hired an inexperienced company to dispose of hardware that contained undecrypted data.

So what?

Organisations should conduct thorough and regular due diligence on their third-party vendors/providers and customers to ensure appropriate security controls are in place.


3. ICBC and London & Zurich under scrutiny after cyber attacks 

Earlier this month, a ransomware attack disrupted major trading operations at the Industrial and Commercial Bank of China's (ICBC) US unit. This has made numerous ICBC partners reluctant to reestablish network connections with the bank amid safety concerns.

Separately, the direct debit company London & Zurich faced criticism for their alleged poor communication and lack of support response following a ransomware attack. At least one of the company's clients reportedly had to resort to a short-term loan to handle their financial backlog.

So what?

Cyber attacks can cause significant reputational damage, shake business confidence, and potentially weaken future partnership prospects. Having a timely communication plan both during and post-incident is critical to manage such scenarios effectively.


Join S-RM for our webinar on the 7th of December to gain valuable insights from our award-winning cyber experts

LEARN MORE AND REGISTER


4. Fingerprint authentication flaws found in Windows Hello  

Security researchers have disclosed vulnerabilities that allow Windows Hello fingerprint authentication to be bypassed. Tests performed on fingerprint sensors, used in Lenovo, Dell and Microsoft devices, revealed that it was possible to spoof the sensor’s communication with the device and falsely authorise a sign in. The exploits all require having physical access to the devices.

So what?

Biometrics are not foolproof. It is important to be aware of vulnerabilities in authentication methods used by your organisation.


5. Anonymous Russia leader exposed; Play evolves into RAAS model 

The pro-Kremlin hacktivist group Killnet, led by Nikolai Serafimov (Killmilk), is facing internal issues and reduced activity. Killmilk's actions, such as exposing Anonymous Russia's leader, have led to criticism, indicating a decline in Killnet's influence. 

Separately, Play ransomware has evolved into a ransomware-as-a-service (RaaS), allowing affiliates to easily deploy it with minimal variations. This shift raises concerns about increased attacks and reflects the growing maturity of the RaaS ecosystem, contributing to a 40% rise in ransomware incidents over the past year.

So what?

These shifts underscore the evolving cyber threat ecosystem, including diverse threat actors from sophisticated state-backed hackers to less experienced individuals leveraging RaaS services.


6. Fortune 500 insurer suffers disruption after ransomware attack 

Fortune 500 insurer Fidelity National Financial (FNF) was forced to shut down systems after being impacted by a Blackcat ransomware attack. The incident disrupted the firm’s mortgage transactions, title-related insurance services, escrow services, and technology products, after attackers accessed FNF systems and credentials

So what?

Implementing a Privileged Access Management (PAM) solution greatly reduces the risk of cyber criminals accessing privileged user account credentials.

SUBSCRIBE TO RECEIVE OUR WEEKLY CYBER THREAT INTELLIGENCE BRIEFING VIA EMAIL

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Authors

Kyle Schwaeble
Kyle Schwaeble
Senior Associate, Cyber Security

Kyle Schwaeble is a senior associate on S-RM’s cyber security team, bringing expertise in incident response management and, particularly, the secure restoration and recovery from cyber incidents such as ransomware attacks and business email compromises. In addition to his incident response work, Kyle has also supported multinational clients with their security transformation programmes, advising on the development and implementation of new technological, procedural, and cultural security controls.  

Kyle joined S-RM in 2019, initially working as an analyst in the Corporate Intelligence team, where he supported various corporate and diligence investigations. He holds a BCom(LLB) from Stellenbosch University in South Africa and is GSEC certified. 

Miles Arkwright
Miles Arkwright
Associate, Cyber Advisory
James Tytler
James Tytler
Associate, Incident Response

James Tytler is an associate in S-RM’s incident response team. In addition to responding to a wide range of cyber security incidents, he also supports clients with cyber threat intelligence services.

Before joining S-RM’s cyber security team, James worked at a London-based corporate intelligence firm, where he specialised in Middle Eastern subjects.

James has a BA in Arabic and Persian from the University of Cambridge, and an MA in International Security from Sciences Po Paris. He speaks fluent French.

Kyle Schwaeble
Kyle Schwaeble

Senior Associate, Cyber Security

Miles Arkwright
Miles Arkwright

Associate, Cyber Advisory

James Tytler
James Tytler

Associate, Incident Response

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.