Hello and welcome to the latest NewsScam.
June was interesting because it brought a subject that’s not been in the spotlight recently back onto the center stage: Multi-factor authentication (MFA). This was kicked off by the discovery of a major hack at cloud storage provider Snowflake. About 165 customers, including Santander Bank, Ticketmaster and Lending Tree, were impacted. The secret to the hacker’s success? Some of Snowflake’s customers were not taking advantage of MFA. Snowflake’s policy regarding MFA has now changed, as it will soon be enabled by default for all accounts.
But Snowflake is hardly the only company that’s not been using MFA. Look no further than Change Healthcare. The lack of multifactor authentication was also determined to be the cause of the nearly catastrophic attack in February that has cost the company hundreds of millions. To make matters worse, on June 20th the company confirmed that the medical records of a ‘substantial proportion’ of Americans were stolen during the attack, and it is now in the process of notifying those impacted.
And now it’s been revealed that the truly massive 2022 hack of Australian health insurance provider Medibank can also be pinned on the lack of multi-factor authentication.
If all these examples do not convince a company to take advantage of MFA I don’t know what will!
Of course, there is a lot more news covered in this month’s NewsScam, so please keep scrolling to read it all. Thanks for stopping by!
Hackers Continue to Hammer Healthcare – But Major Companies are Trying to do What they Can to Help
Nowadays, people have become accustomed to cyber-attacks, but when it comes to a medical institution, one still has to scratch their head. This brings us to the cyber-attack on British pathology services vendor, Synnovis. The chaos-inducing June 3rd attack - now believed to have been undertaken by the Russian group Qilin - has disrupted multiple London hospital's ability to match patient’s blood with available stocks. That lead to England's National Health Service issuing an urgent appeal for O positive and O negative blood donations because the ransomware attack impacted Synnovis’ entire IT system. In addition to blood supply concerns, both emergency and non-emergency surgeries, pathology appointments, and even transplant surgeries were canceled due to the disruption. Now, the threat actor is demanding $50 million from Synnovis to end the attack. On top of that, they have now allegedly published sensitive data online.
Speaking of hospitals, on June 10th, the White House announced that Google and Microsoft have stepped up to the plate to help curb attacks on remote hospitals. The Biden administration says that Google is going to provide endpoint security advice to rural hospitals and nonprofit organizations at no cost. There will also be a “pool of funding” available to enable software migration. In addition, plans are in the works for a pilot program at Google for those hospitals to help develop a package of security capabilities that are unique to participating medical institutions. As for Microsoft, it has announced its own program for rural hospitals which should allow for “non-profit pricing” and other discounts of up to 75% for security products
Major Snowflake Hack Leaving Customers Feeling Frosty
Another attack making news this month: the Snowflake hack, which is being blamed on a lack of multi-factor authentication at the company. The attack on the cloud storage provider began in April and appears to be connected to criminal group UNC5537. About 165 customers were impacted, including Santander Bank, Ticketmaster and LendingTree. For Ticketmaster, the breach is very serious, as it may have impacted 560 million users. Now, the cybercriminals behind the attack are demanding payments as high as $5 million from 10 companies. According to Bloomberg, the scheme “has entered a “new stage” as the gang looks to profit from its criminal activities.
15,000 North American Car Dealerships Disrupted by Ransomware Attack on Software Supplier
Car dealerships across the US and Canada are being disrupted for a second week by back-to-back cyberattacks on software supplier CDK Global. Approximately 15,000 car dealerships have been impacted by the incident, which began on June 19th. Six days later, the company has acknowledged it was indeed a ransomware attack responsible for the chaos. The hack by the Blacksuit ransomware group has forced dealers to revert to paper and pen to process car sales and repairs while CDK works to bring its systems back online. The attacks began early on the 19th, which the company seemed to initially overcome. However, it was hit with a one-two punch when a second attack occurred in the evening. On June 21, the company informed customers it did “not have an estimate time frame for a resolution,” so dealerships are going to continue to be impacted until this is resolved. CDK has also told customers it is aware of “bad actors” claiming to be affiliates of the company in an attempt to gain system access.
LockBit Has Not Left the Building
I’ve mentioned it in previous posts, but back in February, a worldwide coalition of authorities gloriously claimed they had successfully taken down notorious cybercrime gang LockBit via Operation Cronos. Unfortunately, their joy was quite premature because, like rats after a nuclear attack, LockBit has survived and reemerged. And now, the group has gone big, because on June 23, LockBit claimed on a new dark web leak site it breached the United States Federal Reserve Board. As of June 25th, it's not clear whether the claims are true or not. Time will have to tell.
“Hacker-Safe” Labels for Consumer Devices in the US Will be Available Soon(ish)
There’s good news to report in the effort to provide consumers with so-called “hacker safe” devices. According to CNBC, consumers will be able to purchase devices with “hacker-safe” labels on Amazon, Best Buy and Google within the next year or two. The devices will bear the ‘U.S. Cyber Trust Mark’ shield logo which will have a QR code consumers can scan on their smartphones to receive detailed, up-to-date security information about the specific device. Manufacturers of smart IoT devices such as doorbell cameras, voice-activated speakers, baby monitors, TVs, kitchen appliances, thermostats and fitness trackers will be required to meet a series of cybersecurity standards developed by NIST. At the moment it doesn’t seem likely these items will be available for the 2024 holiday season, although, your hacker-safe device wishes might come true in December 2025!
But Wait, There’s More
Germany's main opposition party hit by ‘serious’ cyberattack - The Record
Fake Tom Cruise warns of violence at Paris Olympics in pro-Russian info op - Cyberscoop
Digital IDs and Biometrics Upgrades Define Future of Transaction Security - PYMNTS
Toronto District School Board hit by a ransomware attack - Bleeping Computer
Brazil's Climb Onto the World Stage Sparks Cyber Risks - Data Breach Today
Businesses face growing patchwork of state AI laws - TechTarget
Inside Baseball: The Red Sox Cloud Security Game - Dark Reading
Rethinking Cybersecurity: The Role of MSSPs - Data Breach Today
FCC approves $200M for cybersecurity in schools - SC Mag