At a glance.
- Washington healthcare provider succumbs to phishing scam.
- HubSpot data breach update.
- Further developments in the Okta ransomware attack.
- Police arrest teenagers in Lapsus$ investigation.
Washington healthcare provider succumbs to phishing scam.
The Spokane Regional Health District (SRHD) has announced a data breach in which patients’ protected health information may have been “pre-viewed” by an intruder who penetrated the Washington state-based healthcare provider’s system via a phishing email KXLY, infiltrated reports. Lola Phillips, SRHD’s Deputy Administrative Officer, stated, “Similar to the rest of Washington state, SRHD has seen a record spike in phishing emails and malware installation attempts. In this case, employees fell victim to a phishing scam that exposed confidential information to data thieves.” Fortunately, the attacker does not appear to have opened or downloaded any documents, and no social security numbers or financial records were compromised.
HubSpot data breach update.
As we discovered earlier this week, customer relationship management (CRM) firm HubSpot, which provides services to cryptocurrency service providers, suffered a data breach originating from an employee account. threat post reports that a fraudulent HubSpot employee was fired over the incident; and that the attacker targeted customers in the company’s cryptocurrency industry. Crypto firms BlockFi, Swan Bitcoin, NYDIG, Circle, and Pantera Capital are among the growing list of affected companies. Camellia Chan, CEO and founder of embedded artificial intelligence company X-PHY, said the attack is not surprising given the growing popularity of digital currencies. “Technological advances create the perfect environment for cybercrime to thrive,” Chan said. “Therefore, with the rapid development of digital currencies has certainly come an increase in the associated cybersecurity risks.”
Further developments in the Okta ransomware attack.
US identity management company Okta, Inc. continues to respond to the Lapsus$ ransomware attack that led to potential customer data disclosure. The company has named external sub-processor Sitel as the source of the breach, ZDNet reports, and at a virtual briefing on Wednesday, Okta’s chief security officer, David Bradbury, admitted that the incident was “an embarrassment to me and the entire Okta team.” Bradbury explained that the attackers used Remote Desktop Protocol (RDP) to access the account manager’s laptop, which belonged to Sitel, and that up to 366 clients could be affected. The edge Remarks that Bradbury expressed disappointment at how long it took to issue a full investigation report after Okta’s initial notification to Sitel in January. Bradbury admitted, “After receiving Sitel’s summary report last week, we really should have acted more quickly to understand its impact.” not need to take any action.
Police arrest teenagers in Lapsus$ investigation.
Speaking of lapses$, City of London Police say they have arrested seven teenagers allegedly linked to the ransomware gang, including a 16-year-old boy who is said to be the ringleader. Using the names “White” and “Breachbase,” the Oxford teenager was doxxed on a hacker site after an argument with his business partners. The BBC reports that the Doxxers released his name, address and pictures from social media, along with a bio that explained: “After a few years, his net worth has accumulated to well over 300 BTC [close to $14m]… [he is] now is associated with a wannabe ransomware group called ‘Lapsus$’, which is extorting and ‘hacking’ multiple organizations.”
CRN Australia Remarks that Lapsus$, along with the recent data breach by identity management firm Okta, is allegedly behind recent attacks on high-profile companies Nvidia, Samsung and Microsoft. safety week explained that a recent Microsoft blog post describes Lapsus$’s strategy, which focuses on exfiltration and extortion rather than network encryption, and benefits from brazenly publicizing their kills. “DEV-0537 doesn’t seem to be covering his tracks. They go as far as announcing their attacks on social media or promoting their intent to buy credentials from employees of the targeted organizations,” Microsoft explained. Security Scorecard told The rapid rise of Lapsus$ in the ransomware ranks, initially targeting Brazilian and Portuguese organizations such as the Brazilian Ministry of Health and the Brazilian Government’s Virtual School, and then moving on to the prominent US tech companies mentioned above. In keeping with its youthful membership, the ransomware gang works with its social media followers on Telegram to determine which targets to disclose, focusing on attack vectors such as social engineering and stolen cookies, which do not require sophisticated technical skills to exploit are.
Ken Westin, Cybereason’s director of security strategy, thinks it’s easy to dismiss teenage hackers as script kiddies:
“It is difficult to discern the motivation of the teenager involved in this case, as many had speculated that he was an organized cybercrime syndicate or potential nation-state actors. However, I feel that the security community underestimates the younger generation. We forget that teenagers today not only grew up with computers, but also have access to an unprecedented number of educational resources on programming and offensive security.
“I speculated that the group was young by their approach or lack thereof, it was as if they were surprised by their success and unsure what to do with it. In some of her follow-up communications, her language seemed more interested in the notoriety and defense of her skills and achievements than any financial motivation.
“Nowadays, teenagers have seen how much money can be made from criminal hacking, in a way they are the new rock stars. Add to that the fact that for three years children have often been left with nothing but the internet to entertain themselves and we shouldn’t be surprised that we have experienced hackers. The problem is that their brains are still developing and the line between fun and crime can blur where it’s common for kids to hack to become popular among their peers, but that easily outweighs choices that affect the rest influence their lives.”
“Also, we should not underestimate the technical skills of teenagers behind keyboards. There are teenagers in some of the best offensive security units in the military today. Cybercrime is asymmetric, identifying a vulnerability, whether by skill or accident, is enough to bring one down. Furthermore, threat models should take into account a lone wolf as well as advanced nation-state adversaries.
“It’s too early to tell if this will be the end of Lapsus$, it could still be a false flag, a bad attribution, or even someone’s slander for the hacks.” If it’s this 16-year-old in England, then it’s likely we’ll see an end to the group’s activities unless one of their cybercrime partners takes over the mantle.”