This Week’s Top 5 Cybersecurity News Stories April 2024 | 04

Cybersecurity threats are evolving constantly as threat actors look to gain access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small, as we look at threats from espionage to security flaws in every day devices:

1. GenAI: A New Headache for SaaS Security Teams

The launch of OpenAI’s ChatGPT in November 2022 ignited a generative AI (GenAI) race among SaaS vendors, leading to a rapid integration of AI capabilities across tools and platforms. Notable GenAI products like Microsoft 365 Copilot and GitHub Copilot offer enhanced productivity, enabling software development, automated content creation, and sales automation. However, this rapid adoption raises cybersecurity concerns, with risks such as data leaks, intellectual property (IP) theft, and deepfake attacks. Recent bans on AI tools by financial institutions and U.S. Congress highlight these risks, emphasizing the need for better oversight and security measures.

While organizations are struggling to manage GenAI in the workplace, the U.S. government has advised appointing Chief AI Officers to oversee AI technologies and ensure responsible use. Solutions like SSPM (SaaS Security Posture Management) offer zero-trust approaches to monitor and manage AI risks, focusing on stronger protection against the evolving threats posed by GenAI. These tools can help organizations maintain control and visibility over AI-enabled applications to safeguard against emerging cyber threats. For more about this story click here

 

2. DPRK hacking groups breach South Korean defense contractors

South Korea’s National Police Agency issued an urgent warning about North Korean hacking groups targeting defense industry companies to steal sensitive technology information. Recent investigations revealed that the Lazarus, Andariel, and Kimsuky groups breached several South Korean defense entities, exploiting vulnerabilities in the companies’ or subcontractors’ systems to install malware and exfiltrate data.

Lazarus hackers infiltrated poorly managed network testing systems and transferred sensitive data to a cloud server. Andariel gained access through stolen credentials from a maintenance company and spread malware on defense subcontractor servers, while Kimsuky exploited an email server vulnerability, allowing large file downloads without authentication. The police advise implementing stronger network security, periodic password changes, two-factor authentication, and blocking foreign IP accesses to combat these threats. For more about this story click here

 

3. Hackers hijack antivirus updates to drop GuptiMiner malware

North Korean hackers have been exploiting the update mechanism of the eScan antivirus to deliver the GuptiMiner malware, a sophisticated backdoor used to plant cryptocurrency miners and perform other malicious activities. Avast’s report revealed that the attackers hijacked eScan’s virus definition updates and replaced them with a malicious file containing GuptiMiner. This malware uses DLL sideloading to gain system-level privileges and performs a range of harmful activities, including DNS manipulation, code virtualization, and fetching additional payloads. The GuptiMiner malware, linked to the Kimsuky APT group, can also deactivate certain security products, deploy multiple backdoors, and deliver the XMRig Monero miner, possibly as a distraction from the primary attack vector. Despite eScan’s efforts to address the exploited vulnerability, ongoing infections suggest that some eScan clients may be outdated or vulnerable. For more about this story click here

 

4. Synlab Italia suspends operations following ransomware attack

Synlab Italia, part of a global medical diagnostic network, has suspended all services due to a ransomware attack that forced its IT systems offline. The breach, which occurred on April 18, impacted its 380 labs and medical centers across Italy, causing a complete shutdown of operations to prevent further damage. As a result, all laboratory analysis and sample collection services are halted, with customers advised to contact Synlab via phone as email systems are also down. The company has not confirmed if sensitive medical data was exposed. Synlab is working to restore systems from backup and gradually reactivating some services while ensuring the removal of malware. No ransomware group has claimed responsibility for the attack. Customers can follow Synlab’s social media channels for updates, with no specific timeline for recovery provided yet. For more about this story click here

 

5. The Week in Ransomware – Attacks Ramp Up

Ransomware attacks have intensified after disruptions to LockBit and BlackCat operations. A new ransomware group, RansomHub, gained attention this week after a BlackCat affiliate used its data leak site to re-extort Change Healthcare, resulting in an $872 million loss for UnitedHealth Group. The Daixin ransomware gang claimed responsibility for a cyberattack on Omni Hotels, causing IT system shutdowns and affecting reservations. Other ransomware targets included chipmaker Nexperia, the Atlantic States Marine Fisheries Commission, and Octapharma Plasma, indicating a broader scope of attacks. The U.S. Justice Department charged a Moldovan national for running a large-scale botnet that spread ransomware, while the FBI reported that Akira ransomware earned $42 million from over 250 victims. In addition, the HelloKitty ransomware operation rebranded as HelloGookie, releasing sensitive data from past attacks. For more about this story click here

Here at DIESEC, we have experts on hand waiting to help you with all of your cybersecurity needs, from ensuring your system is safe and secure to teaching your employees how not to fall victim to social engineering ploys.

For more information please contact us now!