CYBER SECURITY NEWS – WEEK OF FEBRUARY 05, 2024
Insurance Broker Notifying 1.5 Million of Health Info Hack
- Insurance broker Keenan & Associates is notifying more than 1.5 million individuals about a ransomware and data exfiltration attack last August that compromised health insurance information, passport numbers and Social Security numbers.
- The Torrance, California-based Keenan & Associates handles employee benefits, workers’ compensation and property liability, and reported the hacking incident on Monday as affecting nearly 1.51 million individuals.
- Information potentially compromised in the incident includes individuals’ names; birthdates; numerical identifiers such as Social Security, passport number and driver’s license; health insurance information; and general health information.
Hackers obtain confidential information on Romanian officials after cyber attack at Parliament
- Hackers breached the database of the Romanian Chamber of Deputies, the lower house of the Parliament, and reportedly managed to obtain confidential information, such as the prime minister’s identity documents, medical analyses, and other personal data.
- The minister of research, Bogdan-Gruia Ivan, stated that approximately 250 Gigabytes of data were extracted, partly personal documents, and partly data related to the electronic devices of the parliamentarians.
- Medical records, contracts with banks, and data regarding personal vehicles could be among the stolen documents. The hackers threatened to release the personal data of the deputies if they did not receive a ransom of 0.8 bitcoins, equivalent to EUR 30,000.
AnyDesk says hackers breached its production servers, reset passwords
- AnyDesk, the remote access solution that allows users to remotely access computers over a network or the internet, suffered a recent cyberattack that allowed hackers to gain access to the company’s production systems, in which source code and private code signing keys were stolen.
- While the company says that no authentication tokens were stolen, out of caution, AnyDesk is revoking all passwords to their web portal and suggests changing the password if it’s used on other sites.
- As part of their response, AnyDesk says they have revoked security-related certificates and remediated or replaced systems as necessary. The company has already begun replacing stolen code signing certificates, and are using a new certificate in AnyDesk version 8.0.8, released on January 29th.
Data leak at Fintech giant Direct Trading Technologies
- The leaked data included the trading activity of over 300,000 users spanning the past six years, along with names, email addresses, phone numbers, home addresses, emails sent by the company, and IP addresses.
- On October 27th, a research team discovered a misconfigured web server with backups and development code references allegedly belonging to the fintech company. The discovered directory included multiple database backups, each holding a significant amount of sensitive information about the company’s users and partners.
- While Know Your Customer (KYC) documents were not exposed, the leaked files revealed the locations where the documents are stored and other metadata.
Iran-linked hackers claim attack on Albania’s Institute of Statistics
- An Iran-linked hacking group with a history of targeting Albanian state agencies and businesses claimed an attack on the country’s Institute of Statistics (INSTAT), which is responsible for census information and other official statistics.
- In a statement, INSTAT said that recent census data was not accessed by hackers, because it “is stored in other systems dedicated specifically for this purpose.” After the incident occurred on January 31, INSTAT claimed it immediately disabled its internet connection and notified relevant state agencies.
- The hackers, however, claimed that they had accessed over 100 terabytes of Albania’s geographic information system and population data. “The data have been copied and removed from the servers,” the group, called Homeland Justice, wrote on their Telegram channel along with a video showing allegedly leaked documents.
Cactus ransomware gang claims the Schneider Electric Hack
- Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack that hit the Sustainability Business division of the company on January 17th.
- The attack, which impacted the services of Schneider Electric’s Resource Advisor cloud platform, was carried out by the Cactus ransomware gang, which claims to have stolen terabytes of corporate data from the company.
- The stolen data could contain sensitive information about customers’ power utilization, industrial control and automation systems, and compliance with environmental and energy regulations.