Russian, North Korean Hackers Target Vaccine Work, Vertafore ‘data event’ affects 27.7 million people, and more

Originally published at:

Round Up of Major Breaches and Scams

How Employees’ Password Habits Affects Workplace Cybersecurity

According to a recent survey by Visual Objects, 63% of employees in the U.S. have reused their passwords on work accounts and devices. Older employees follow more reliable password protection practices than younger workers with only 2% of baby boomers always using the same passwords for work accounts, compared to 13% of millennials who always recycle work passwords. It was also found that millennial workers are 6.5 times more likely to reuse work passwords than baby boomers.

Microsoft: Russian, North Korean Hackers Target Vaccine Work

Microsoft said it has detected attempts by state-backed Russian and North Korean hackers to steal valuable data from leading pharmaceutical companies and vaccine researchers. It said in a blog post Friday that most of the attacks in recent months were unsuccessful, but provided no information on how many succeeded or how serious those breaches were. Chinese state-backed hackers have also been targeting vaccine-makers, the U.S. government said in July while announcing criminal charges.

Hackers-for-hire APT group found targeting businesses globally

A hackers-for-hire APT group is using a strain of never-before-seen malware and targeting businesses in the CostaRicto campaign. Blackberry Research and Intelligence Team uncovered a cyber espionage campaign targeting financial institutions and entertainment firms across the globe. Researchers have dubbed this campaign CostaRicto. According to Blackberry researchers, this campaign seems to be the work of an APT hackers-for-hire mercenary group possessing bespoke malware tools, SSH tunneling, and VPN proxy capabilities.

Human error leads to 27.7M people in Texas impacted in Vertafore ‘data event’

A few months after its $5.3 billion acquisition by Roper Technologies Inc. (NYSE: ROP), Denver insurance tech giant Vertafore is in the midst of what the company is calling a “data event.” The company released a statement on Nov. 10 detailing human error that caused company data files to be accessed without authorization. The files, which included driver information for licenses issued before February 2019, contained approximately 27.7 million Texas driver’s license numbers, as well as names, dates of birth, addresses and vehicle registration histories.

Three voters demand €10m fine for IT firm behind huge data breach

Claudia Calleja has an update on litigation following a voter data leak involving C-Planet IT Solutions Ltd. Three of the 337,384 Maltese voters whose data was leaked in a massive security breach in April, have filed a complaint with the Data Protection Authority requesting that the IT company that held the data be fined up to €10 million. Their complaint comes a month after more than 620 claimants filed a joint lawsuit claiming EU data protection laws were breached by the data leak and asked the civil courts to quantify and award them damages for harm suffered due to the breach.

COVID-19 Data-Sharing App Leaked Healthcare Worker Info

A platform used by healthcare workers in the Philippines designed to share data about COVID-19 cases contained multiple flaws that exposed healthcare worker data and could potentially could have leaked patient data. Vulnerabilities found in both the COVID-KAYA platform’s web and Android apps allowed for unauthorized users to access private data about the platform’s users and potentially patient data, according to a report from researchers at the The Citizen Lab, an interdisciplinary laboratory based at the University of Toronto.

Ticketmaster cops £1.25m ICO fine for 2018 Magecart breach, blames someone else and vows to appeal

The Information Commissioner’s Office has fined Ticketmaster £1.25m after the site’s operators failed to spot a Magecart card skimmer infection until after 9 million customers’ details had been slurped by criminals. The breach began in February 2018 and was not detected until April, when banks realised their customers’ cards were being abused by criminals immediately after they were used for legitimate purchases on Ticketmaster’s website.

Round Up of Major Malware and Ransomware Incidents

Government in Australia issues Clop Ransomware warning to Healthcare Organizations

With the new alert, companies need to be very diligent in their protection and testing mechanism in order to prevent themselves from an attack. The SDBBot RAT is almost exclusively used by the TA505 group, their attack technique follows phishing and spam email campaigns to infect malware but from 2019, they started using SDBBot payload as a remote way to access systems. ACSC further mentioned, “SDBBot is comprised of 3 components. An installer that establishes persistence, a loader that downloads additional components, and the RAT itself.

DarkSide ransomware is creating a secure data leak service in Iran

The DarkSide Ransomware operation claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. To show they mean business, the ransomware gang has deposited $320 thousand on a hacker forum. DarkSide is run as a Ransomware-as-a-Service (RaaS) where developers are in charge of programming the ransomware software and payment site, and affiliates are recruited to hack businesses and encrypt their devices.

Round Up of Major Vulnerabilities and Patches

Security flaws in Schneider Electric PLCs allow full take over

Schneider Electric released advisories for multiple flaws, including issues that can allow taking control of Modicon M221 PLCs. Schneider Electric released security advisories for multiple vulnerabilities impacting various products, including four issues that can be exploited by attackers to take control of Modicon M221 programmable logic controllers (PLCs). Four encryption and authentication issues in Modicon M221 PLCs were reported by Trustwave, three of which have been independently found by the security firm Claroty.