At a glance.
- Probable Iranian cyberespionage operation active in the Middle East and Asia.
- Scope of Newfoundland-Labrador healthcare breach expands.
- Signs of identity theft.
Espionage operation targets the Middle East and Asia.
Researchers at Symantec detail a cyberespionage campaign they’ve been tracking for the last six months and have tentatively attributed to the Iran-linked threat group Seedworm (aka MuddyWater, MERCURY, or Static Kitten). The operation has targeted organizations based in Middle Eastern countries including Israel, Jordan, Kuwait, Saudi Arabia, the United Arab Emirates, Pakistan, Thailand, and Laos. After infiltrating the victim’s system, the hackers move laterally across the network, typically hitting Exchange Servers with web shells. Some targets are being used as an entry point for supply chain attacks on additional victims.
Instead of custom malware, the threat actors have been leveraging a combination of legitimate tools, publicly available malware, and living-off-the-land tools. The attack vector has not been confirmed, but in at least one instance, a spear-phishing email bearing a malicious MSI file might have been the point of entry. Security Week notes that some of the attack tools and IP addresses were used in previous Seedworm attacks.
Scale of Canadian healthcare breach continues to grow.
In yet another instance in a string of healthcare breaches across the world connected to COVID-19 data, officials in the Canadian province of Newfoundland and Labrador have disclosed that the personal data of every individual who has undergone COVID-19 testing in the province was exfiltrated in an October cyberattack. As CTVNews reports, the full impact of the incident has been unfolding gradually since the attack. Officials just this week confirmed that data from all four of the province's health authorities was exfiltrated, instead of just three of the four as it was previously believed.
Oddly, although healthcare workers are not instructed to request social insurance numbers, the compromised data included the numbers of over twenty-five hundred patients (less than half of which are alive) due to an extraneous input field in the registration documents. Eastern Health president David Diamond says a mitigation plan is being constructed to prevent this data from being collected in the future. As is policy, officials have not revealed whether a ransom was requested or paid, but the impacted systems are in the process of being reconstructed. "We estimate we're 65 or 70 per cent of the way there," Diamond stated.
The warning signs of identity theft.
By the third quarter of 2021, the US had already seen nearly thirteen hundred instances of identity theft, more than all of the cases reported in 2020. With individuals spending more time on our mobile devices than ever, they’re also (intentionally and passively) sharing their personal data on social media platforms, in retail transactions, and consequently, with identity thieves. The folks at ESET offer a set of red flags that could indicate a cybercriminal has stolen your identity. For instance, a disruption in phone service could mean a thief has gotten his hands on login credentials and has hijacked the account or even ported the number to another device. Issues with filing taxes can also be a telltale sign that a cybercriminal has used a victim’s personal data in order to claim a fraudulent tax refund. Suspicious financial account activity, medical bill/claim issues, and unexplained calls from debt collectors are all possible indicators of identity fraud.