The Check Point Research team identified a significant increase in cyber attacks aimed at healthcare organizations. From January to September 2024, the healthcare industry saw a 32% increase in cyberattacks, averaging 2,018 attacks per organization per week.
The Asia-Pacific region suffered the most attacks, with an average of 4,556 per week (an increase of 54%). Latin America saw a 34% increase and Europe saw 1,686 attacks per organization per week, but had the highest percentage increase at 56%.
The main threat is ransomware, with cybercriminals exploiting vulnerabilities, trading patient data and using ransomware as a service (RaaS) for attacks. Hackers sell access to hospital systems on illegal forums. For example, there they sell access to Brazilian hospitals for $250.
ATTACKS AND DATA LEAKS
Check Point revealed phishing campaign using Google Apps Script macros to attack organizations. The campaign includes approximately 360 emails in various languages that trick recipients into clicking on a fake link in the subject line that leads to a fake Google Apps Script page. Fraudulent emails claim to provide account details for registration, which the user never initiated.
A tech giant Dell is investigating claims of a data breach after a hacker known as “grep” released data that was said to belong to more than 10,000 of the company’s employees and partners. The leaked data includes employee names, unique identifiers and internal data, a sample of which he shared for free on a hacking forum.
Singaporean cryptocurrency platform BingX has confirmed a cyber attack that resulted in the theft of more than 44 million US dollars. In the attack, they exploited vulnerabilities in the BingX wallet, which led to unauthorized access to the network. Despite the significant financial impact, the company has committed to cover all losses from equity.
Ransomware attack on German radio station Radio Geretsried disrupted her regular broadcast and forced her to broadcast music from emergency backups. The attackers have encrypted the music files and demand a high ransom. The station team is working to restore all data and operations.
Access Sports, provider of orthopedic services in New Hampshire, reported a data breach involving more than 88,000 individuals. The company was attacked by the Inc Ransom ransomware gang, which gained unauthorized access to sensitive data including names, social security numbers, financial information and medical records.
Russian antivirus company Dr.Web suffered a cyber attack over the weekend, which led to the disconnection of its servers and the stopping of virus database updates. The breach began on September 14, and the company says it was detected and managed without impacting customers. After investigating, Dr.Web restored virus updates and used its security tools to isolate the threat.
VULNERABILITIES AND PATCHES
Mozilla Foundation released an update to fix a vulnerability (CVE-2024-8897) that allows users to be redirected to a malicious site via an open redirect. A malicious site “pretends” to have the same URL address as a trusted site.
Vmware addressed two critical vulnerabilities (CVE-2024-38812, CVE-2024-38813) found in its vCenter Server and VMware Cloud Foundation products. Attackers could use them to remotely execute code and gain elevated privileges.
Cisco Smart Licensing Utility has a critical vulnerability (CVE-2024-20439) that affects the tool. In a technical analysis, StarkeBlog states that an unauthenticated, remote attacker could exploit it to log in with administrative privileges via the Cisco Smart Licensing Utility API. This would give him full administrative access to the affected system.
Horizon3 shared a technical analysis of the vulnerability in Ivanti Cloud Services Appliance (CVE-2024-8190) which allows remote code execution.
Regular weekly review THREAT INTELLIGENCE REPORT you can watch via the LinkedIn network
Research team Check Point Research has been tracking security trends, evaluating anomalies, and bringing up-to-date warnings and news about cyber threats to the community for more than three decades. Experts continuously collect and analyze data on global cyber attacks from monitoring the networks they manage, open source platforms, the ThreatCloud network and intelligence from the dark web.
Source: www.nextech.sk
