Weekly News Roundup: September 16-22, 2024 – Cyber Threats, Data Breaches, and Global Law Enforcement Successes

Before we dive into this week's cybersecurity news, we have an exciting announcement—Markus Mutter has officially joined Hedgehog Security as our new Sales Director! Markus comes to us with a refreshingly unconventional background, having spent the last six years as a Freediving and Breathwork Instructor in the Canary Islands. Now, he's bringing that same passion and focus to cybersecurity.

Markus recently shared on LinkedIn how his experience in freediving uniquely informs his approach to business, particularly cybersecurity. According to Markus, freediving teaches preparation, calm under pressure, and the importance of focus—skills that translate directly to defending against cyber threats. As he puts it, the ocean may seem unrelated to business. Still, the principles that guide freediving are surprisingly relevant to building resilience in today's fast-moving digital landscape.

We're thrilled to have Markus on board and can't wait to see his impact at Hedgehog. Welcome, Markus! Now, let's get into the latest in cybersecurity.

This week has been buzzing with significant cybersecurity incidents, international law enforcement victories, and some chilling vulnerabilities that serve as stark reminders of why staying ahead in cybersecurity is a 24/7 job. Let's dive into the top stories that dominated headlines, keeping you well-informed and aware of the evolving cyber landscape.

Haute Couture, Hacked: Harvey Nichols Suffers Data Breach

If you thought a shopping spree at a high-end department store like Harvey Nichols only cost your wallet, think again. The British luxury retailer confirmed a data breach that compromised customers' personal information, such as names, phone numbers, and addresses. While passwords and financial details were reportedly unaffected, the incident is a prime example of how even the most exclusive brands can fall victim to cybercriminals. This incident serves as a stark reminder of the importance of robust cybersecurity measures, regardless of the industry or brand reputation.

Harvey Nichols has apologized to its customers and warned them to be extra cautious of phishing attacks. The breach, which was poorly publicized on official channels, highlights how organizations still have a long way to go in handling incident communications properly. So, if you've shopped there recently, now might be a good time to keep a sharp eye on your inbox and bank accounts!

Ghost Crime Platform Busted: 51 Arrests and Criminal Networks Dismantled

In a significant blow to organized crime worldwide, law enforcement agencies took down the encrypted messaging platform 'Ghost,' often used by criminal groups for drug trafficking, money laundering, and violent crime orchestration. The operation resulted in 51 arrests and revealed that Ghost, believed to be uncrackable, was being used by mafias from Italy and Ireland to operate illicit businesses. This incident underscores the pervasive use of technology in criminal activities and the need for international cooperation to combat such threats.

The takedown showcases the importance of international cooperation in fighting cybercrime. Australia, Ireland, Italy, and a host of other countries played vital roles, with Europol's Executive Director remarking that even the most hidden criminal networks can't evade the long arm of the law. This global collaboration ensures that cybercriminals don't stay free for long, giving us all a sense of reassurance and confidence in the fight against cybercrime.

Ivanti Under Attack: Critical Cloud Appliance Vulnerability Exploited

Ivanti is back in the spotlight this week after revealing a critical flaw in its Cloud Service Appliance (CSA). This vulnerability rated a staggering 9.4 on the CVSS scale, allows remote attackers to access restricted functionality and potentially execute arbitrary commands. Even worse, it's actively exploited in the wild, putting numerous organizations at risk.

Ivanti has addressed the vulnerability in a recent patch. Still, users running older versions are strongly urged to upgrade as version 4.6 is no longer supported. This incident is a stark reminder for businesses to update their software and apply patches promptly—before cybercriminals beat them to it.

Brazilian Hackers Target Italy with New SambaSpy Malware

In a peculiar phishing campaign, a Brazilian threat actor targets Italian users with a new strain of malware known as 'SambaSpy.' Unlike most attackers, who cast a wide net, this group appears laser-focused on Italian victims. It deploys phishing emails that lead to remote access Trojan (RAT) infections. The malware can handle everything from file management and keylogging to remote desktop control. This incident not only highlights the evolving tactics of cybercriminals but also the need for heightened vigilance and robust cybersecurity measures, especially in regions where such targeted attacks are on the rise.

The focus on Italy might indicate that the attackers are "testing the waters" before expanding their operation to other countries, potentially Spain and Brazil. If you're in Italy, this is an excellent time to be hyper-vigilant about phishing emails—don't let SambaSpy dance its way into your system!

Healthcare Sector Faces New Threat from INC Ransomware

In a concerning new development, the healthcare sector is now being targeted by a previously unknown ransomware strain called "INC." Vanilla Tempest, the financially motivated group behind the attacks, has been deploying this ransomware to lock up healthcare data while demanding a hefty payout.

The attackers exploit vulnerabilities through GootLoader infections, followed by tools like Supper backdoor and AnyDesk for lateral movement. The healthcare sector is no stranger to ransomware attacks. Still, the increasing sophistication and persistence of groups like Vanilla Tempest make it clear that organizations must continuously improve their cybersecurity defenses to fend off evolving threats.

Ransomware, North Korea, and the Aerospace Industry

A new North Korean-linked malware called MISTPEN has been observed infiltrating the aerospace and energy sectors. Disguised as job postings, this spear-phishing attack targets senior employees, aiming to steal confidential information and wreak havoc on critical infrastructure.

MISTPEN is an advanced malware capable of downloading additional payloads to deepen its reach within compromised systems. With North Korean hackers increasingly focusing on high-value targets, organizations must be wary of not just technical vulnerabilities but also social engineering attacks disguised as harmless job offers.

VMware Issues Critical Patch: Time to Update

If you're using VMware vCenter, it's time to patch—again. A newly discovered vulnerability (CVE-2024-38812) could allow attackers to execute remote code on your system. Given the high CVSS score of 9.8, this flaw poses a severe risk to network security, especially in environments where attackers can exploit heap overflow bugs.

Remember, securing your virtual environment is just as crucial as protecting physical hardware. Patches are your best friend in this fight, empowering you to take control of your network security—don't ignore them.

Final Thoughts: Stay Vigilant, Stay Secure

This week's roundup potently reminds us of the relentless pace of cyber threats. Whether it's a retailer exposing personal data, a ransomware gang targeting healthcare, or nation-state actors exploiting vulnerabilities, the cyber landscape never rests. At Hedgehog Security, we understand the challenges businesses face, and we're here to help you stay one step ahead. As we always say, Don't suffer cyberattacks; keep the pricks on the outside.

Until next week, stay sharp and secure. Want to know how we can help you defend against threats like these? Contact Hedgehog Security to learn more.

‍