This week our incident response team warns that smishing scams are on the rise in Ireland and we take a look at some of the biggest cyber related news stories.
This week’s observations from our Incident Response Team
It appears that people in Ireland are being targeted in a convincing smishing scam involving Omicron Covid alerts and self-tests. The scam uses the URL hxxps://pcr-self-testingkit[.]com, which is currently marked as safe by VirusTotal, but not rated by URLScan.io. It is possible that the site is actively blocking scan requests from these tools, making it difficult to assess its safety.
The landing pages for the scam are similar to the real COVID test request pages on the HSE websites, which may make it difficult for some people to distinguish between the two. The scam involves asking victims to enter personal information and credit card data for ‘COVID Test Fast Track Delivery.’
It is important to remember that smishing scams can be very convincing and can use legitimate- looking URLs and websites to trick victims. It is crucial to be cautious when receiving unexpected text messages, and to never provide personal or financial information in response to unsolicited requests. Additionally, relying on threat intelligence IOCs alone is not sufficient for protecting against smishing scams, as these tools may not always have the latest information or may not be able to adequately assess the safety of a website.
Uber hacked again
In yet another example of the risks associated with third-party vendors, Uber has suffered a data breach involving a malicious actor who accessed the company’s Amazon Web Services (AWS) backup server through a third-party provider. The breach resulted in the leak of employee email addresses, corporate reports, and IT asset information.
This incident highlights the importance of conducting thorough compliance reviews and implementing strong security measures to protect data once it has left an organisation’s control. In this case, Uber emphasized that the leaked files were related to an incident at a third-part vendor and were not connected to the company’s security incident in September.
Despite this, the breach serves as a reminder that organisations must prioritise the security of their data and work with trusted vendors to ensure the protection of sensitive information.
Lockbit takes responsibility for California cyber attacks
The California Cybersecurity Integration Center (Cal-CSIC) has confirmed that the state’s finance department has been the victim of a cybersecurity attack. In a blog post, Cal-CSIC said that the intrusion was identified through coordination with state and federal security partners, and that digital security experts were quickly deployed to assess the extent of the intrusion and to evaluate, contain and mitigate any vulnerabilities.
While the Cal-CSIC said it cannot comment on the specifics of the ongoing investigation, it confirmed that no state funds have been compromised. The Russia affiliated ransomware group LockBit has claimed responsibility for the attack, saying that it has stolen 76GB of data including IT and financial documents, confidential data and ‘sexual proceedings in court’ The group gave the department until Christmas Eve to pay up or else it will publish the stolen files.
The cost of the cyber attack that hit the Irish Health Service Executive (HSE) last year has officially reached €80 million. The attack, which is believed to have been carried out by Russia based state actors, was reportedly caused by a malicious Microsoft Excel file delivered via a phishing email.
In February of this year, the Irish Department of Health suggested that the attack could end up costing up to €100 million. However, it has now been confirmed that the costs have already reached €42 million in 2021 and almost €39 million until October of this year.
The incident serves as a reminder of the significant financial and reputational costs that can result from a cyber attack and how it is essential for organisations to prioritise cyber security and implement robust measures to protect against such threats.
Apple rolls security updates to deal with new zero day
Apple has released security updates for iOS, iPadOS, macOS, tvOS, and the Safari web browser to address a new zero day vulnerability that could allow malicious code to be executed. The vulnerability, known as CVE-2022-42856, is a type confusion issue in the WebKit browser engine that can be triggered when processing certain types of content.
Apple said it is aware of a report that the issue may have been actively exploited against versions of iOS released before iOS 15.1. While details of the attacks are not yet known, it is likely that they involved social engineering or a ‘watering hole’ attack, in which user’s devices were infected when they visited a rogue or compromised website via the browser.
These security updates are important for protecting against this and other potential vulnerabilities. It is recommended that users update their devices to the latest version of the relevant operating system to ensure the highest level of security.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager.
Get in touch to find out how you can protect your organisation.