06/01/22
Critical Infrastructure Daily Brief
Statewide Terrorism & Intelligence Center
Critical Infrastructure Daily Brief
**UNCLASSIFIED **
(U) STIC is providing this information to our partner agencies for situational awareness. This document contains information obtained from open source information. While STIC has gone to great lengths to verify the information found in open source documents on the internet, this information may not be accurate.
Cybersecurity
The Federal Trade Commission Tuesday warned companies that if they fail to take action to remedy a major recent software vulnerability in open-source software tool Log4j, there could be legal repercussions. “When vulnerabilities are discovered and exploited, it risks a loss or breach of personal information, financial loss, and other irreversible harms,” the agency warned. “It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action.” Log4j is ubiquitous in software used throughout the technology industry, and is found in products built by companies including Amazon, Google and Microsoft. The widespread use of such technology has made it difficult to identify potential victims. At the same time, the popularity has made it an easy target for a range of cybercriminals to exploit. The warning shot from the top consumer protection agency comes as lawmakers debate the specifics of a federal law overseeing requirements for companies that suffer a breach. The FTC has in the past applied its oversight authority to such consumer concerns.
Cybersecurity researchers have taken the wraps of an organized financial-theft operation undertaken by a discreet actor to target transaction processing systems and siphon funds from entities primarily located in Latin America for at least four years. The malicious hacking group has been codenamed Elephant Beetle by Israeli incident response firm Sygnia, with the intrusions aimed at banks and retail companies by injecting fraudulent transactions among benign activity to slip under the radar after an extensive study of the targets' financial structures. "The attack is relentless in its ingenious simplicity serving as an ideal tactic to hide in plain sight, without any need to develop exploits," the researchers said in a report shared with The Hacker News, calling out the group's overlaps with another tracked by Mandiant as FIN13, an "industrious" threat actor linked to data theft and ransomware attacks in Mexico stretching back as early as 2016. Elephant Beetle is said to leverage an arsenal of no fewer than 80 unique tools and scripts to execute its attacks, while simultaneously taking steps to blend in with the victim's environment over long periods to achieve its objectives.
A new Zloader campaign exploits Microsoft's digital signature verification to deploy malware payloads and steal user credentials from thousands of victims from 111 countries. The campaign orchestrated by a threat group known as MalSmoke appears to have started in November 2021, and it's still going strong, according to Check Point researchers who have spotted it. Zloader (aka Terdot and DELoader) is a banking malware first spotted back in 2015 that can steal account credentials and various types of sensitive private information from infiltrated systems. More recently, Zloader has been used to drop further payloads on infected devices, including ransomware payloads such as Ryuk and Egregor, MalSmoke has explored various ways of distributing the info-stealing malware, ranging from spam mail and malvertising to using adult content lures.
Healthcare
Florida-based Broward Health announced this weekend that a data incident in October had affected the personal information of more than 1.3 million patients and staff members. According to a notice posted to the health system's website, an intruder accessed its network through the office of a third-party medical service provider. A report to the Maine Attorney General said that 1,357,879 people had been affected by the incident. "No matter how robust your security stack is, your organization can still be vulnerable to intrusions stemming from compromised credentials – especially those that belong to third-party vendors and partners," noted Steve Moore, chief security strategist at Exabeam, in a statement to Healthcare IT News.
Illinois-based Advocate Aurora Health faced a protected health information (PHI) breach due to a billing error that caused the health information of over 1,600 patients to be mailed to the wrong location, the Chicago Tribune reported. According to the Office for Civil Rights (OCR) data breach portal, the incident impacted a total of 1,729 individuals. The health system, which contains 26 hospitals and more than 500 care sites across Illinois and Wisconsin, discovered the breach on October 29, 2021. The billing statements, containing the protected health information of other patients, were addressed to one Advocate Aurora patient and were mailed on July 29, according to the Chicago Tribune. However, the billing statements never reached the destination. The billing statements included patient names, the provider visited, visit account numbers, and types and dates of healthcare services received. Advocate Aurora Health has not yet released an official statement on its website, but officials told the Chicago Tribune that all patients have been notified and were offered free credit monitoring. Advocate Aurora said that the error was caused by an accidental and unnoticed change to an account type in the health system’s billing software. The health system said it was unaware of any misuse as a result of the mailing error, but it will take steps to improve internal processes and security measures.
Related Links
Back to index