Global Cyber News Digest

How to Tell a Job Offer from an ID Theft Trap

This massive phishing campaign delivers password -stealing malware disguised as ransomware

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment

An NTSB for cyber attacks?

FBI employee i ndicted for stealing classified info on FBI cybersecurity work

Microsoft is finally getting rid of its most-hated product

Microsoft Exchange admin portal blocked by expired SSL certificate

Bay Area water supply targeted by cybercriminals

• Similar to the Oldsmar water treatment attack in Florida, the threat actor used legitimate credentials to break into remote access tool TeamViewer. After logging in, they deleted programs that the plant used to treat drinking water.
• The unidentified criminal used a former plant employee's username and password to gain entry to the unidentified Bay Area water treatment facility on Jan. 15.
• “The consequences of a data breach can vary greatly depending on the intention of the adversary. Some hackers simply aim to cause disruption. Others extract valuable PII to sell on the Dark Web, while others look to extort money due to ransomware. When a cyberattack is attempted against critical infrastructures such as hospitals, electrical grids, or water systems, the potential repercussions can affect thousands of individuals like you and me. It can be devastating — or even deadly. In fact, the 2020 Global State of Industrial Cybersecurity report found that 74% of IT security professionals are more concerned about a cyberattack on critical infrastructure than an enterprise data breach." - Bill O'Neall, VP - ThycoticCentrify
• "Working smarter with automation technologies in managing large volumes of data streams, analyzing them for anomalies and reporting risk in real time, is the only way forward for CNI protection. This, in partnership with continued user education in being diligent and applying critical thinking analysis to system activity reports, is critical.” - Sam Humphries, Exabeam

CVS Health Faces Data Breach,1B Search Records Exposed

• More than 1 billion CVS Health search records were accidentally posted online in a data breach incident in late March by an unnamed third party vendor.
• The records contained search data from CVS.com and CVSHealth.com for both COVID-19 vaccines and medications.
• Independent cybersecurity researcher Jerimiah Fowler discovered the breach and quickly alerted CVS and the database was taken offline on the same day.
• Fowler and the research team at WebsitePlanet discovered the database, which was not password-protected, on March 21st. Their findings uncovered CVS’ configuration settings and backend operations—information that could be used for phishing attacks if it were obtained by bad actors.
• Even if no personal data was collected, a breach of this size can present legitimate risks to large organizations like CVS who track search data for analytics, marketing, and customer engagement purposes.
• Fowler did not download the entire database due to ethical concerns. Because of this, it is unclear exactly how many CVS customers were impacted by the data breach.

Over 30,000 Fertility Clinic Patients Hit by Ransomware Data Breach

• Reproductive Biology Associates (RBA) was the first organization of its kind to offer IVF in the US state of Georgia and is the founding partner of the nationwide fertility clinic network My Egg Bank.
• In a new breach notification, RBA claimed to have first become aware of a cyber-incident on April 16 this year, when it discovered that a file server containing embryology data had been encrypted.
• "We quickly determined that this was the result of a ransomware attack and shut down the affected server, thus terminating the actor’s access, within the same business day. Based on our investigation, we believe the actor first gained access to our system on April 7, 2021 and subsequently to a server containing protected health information on April 10, 2021.”
• 38,000 patients were exposed in the incident, with full names, addresses, Social Security numbers, lab results and “information related to the handling of human tissue” potentially impacted.