At a glance.
- Telegram for data dumps.
- BazarLoader and bogus streaming services.
- COVID-19 test results exposed.
- Scripps Health ransomware recovery.
Could Telegram become a data dump hotspot?
Encrypted messaging app Telegram has already earned a reputation as a gathering place for hate groups and other unsavory individuals, but now it’s also apparently attracting cybercriminals discussing and distributing data leaks, activities typically reserved for the dark web. Researchers at vpnMentor joined several of these Telegram groups in order to offer a closer look at the action. Hackers on the platform are exchanging information about data dumps and exploitation techniques both in public channels and in dedicated hacking groups. They’re also using the app as a means to communicate with data extortion victims, and even exploiting Telegram bots to automate their operations. Requiring only a phone number to create an account, the platform is attractive to hackers because it provides privacy and an audience without the need to purchase a domain service or gain the know-how necessary to navigate the dark web. Telegram is notorious for being less than diligent about clamping down on illegal activities, so often these groups can operate for months before being shut down. A possible saving grace: experts have noted that Telegram’s encryption is questionable, and the company is tight-lipped about their data-sharing policies, so criminals on the app might be at risk of being exposed themselves.
Malware and chill.
Researchers at Proofpoint examine a BazarLoader malware operation masquerading as a movie streaming service. First the victim is baited with a phishing email from the fictitious BravoMovies stating their free trial period is coming to an end and they must take action to avoid being charged for a subscription. After calling a fake customer service line, the target is directed to a very convincing bogus website where their attempt to cancel the subscription actually downloads the malware to their machine. You’d think the elaborate infection chain would negate the success of the campaign, but the extensive victim interaction is actually what allows the operation to evade automated threat detection systems.
COVID-19 test results exposed by contractor.
Data privacy coalition Free Software Movement of India (FSMI) has found that XyramSoft, a COVID-19 testing contractor, exposed the test results and personal data of anyone who tested for the virus in the city of Karnataka, the Economic Times reports. XyramSoft was hired by Bruhat Bengaluru Mahanagara Palike (BBMP), the municipal corporation that handles civic amenities in Greater Bangalore, to create the Public Health Activities, Surveillance and Tracking website (PHAST). According to FSMI, anyone’s PHAST data could be accessed by the public using just a mobile phone number. In a letter to the BBMP special commissioner, FSMI’s general secretary Kiran Chandra wrote, “We demand an immediate shutdown of this PHAST site until access management and a security audit is done.” XyramSoft claims that BBMP is at fault, as they requested the PHAST site’s design, and they have modified the site so that a Specimen Referral Form ID is now required to access test results.
Update on the Scripps Health recovery.
As KGTV notes, Scripps Health was hit with a cyberattack in the first week of this month, and the healthcare organization confirmed in a letter to affected stakeholders Monday that the incident was indeed a ransomware attack.
We heard from Index Engines on the incident. They were particularly concerned to point out the dangers of recovery data itself coming under attack, and being corrupted. Jim McGann, VP of Marketing and Business Development at the company, wrote:
"Cyber criminals are now utilizing advanced techniques, including artificial intelligence, to penetrate the data center and corrupt critical data assets. Organizations need to be smarter and more aggressive in combatting these attacks, instead of using common and predictable approaches which have not worked in the past. These new approaches include protecting the backup data, checking the integrity, and ensuring that when they are attacked, they can recover quickly with a known good backup."
"Backup data is critical when recovering from a ransomware attack. Knowing that it is common for cyber-criminals to encrypt and corrupt files, backup is where organizations turn to bring the business backup to pre-attack conditions. If organizations do not check the integrity of the data in the backups they will be faced with an unwelcome surprise when using these backups to recover. Many will find these backups corrupted, and the data inside these images encrypted and unusable. Organizations that blindly backup data, and do not validate the integrity of the content do not have the confidence they need to ensure a reliable recovery from a cyber attack. Cyber criminals are smart and understand a company’s environment. They will corrupt data, and backups and make it difficult for any company to recover. If a company is continually validating the data’s integrity, they will outsmart the threat actors and enable a rapid recovery."