header image

Cyber Intelligence Briefing: 29 April 2022

Kyle Schwaeble, Roddy Priestley 29 April 2022
29 April 2022    Kyle Schwaeble, Roddy Priestley

INVESTING IN CYBER RESILIENCE: SPEND, STRATEGY, AND THE SEARCH FOR VALUE

Today's fast-changing threat landscape puts increased pressure on companies to make the right investment choices and improve their cyber resilience. For this report, S-RM surveyed 600 senior leaders and IT decision makers to discover which cyber investment areas provide the best value for money and what savings result from investing in cyber security.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.


top NEWS stories this week

  1. Coca-Cola data breach. Stormous cybercrime gang claims to have hacked Coca-Cola.

  2. In the ER. Healthcare industry hit with a wave of cyber attacks.

  3. BlackCat attacks. FBI reports 60+ organisations hit by ransomware strain.

  4. Costa Rica denies Conti. Costa Rican government refuses Conti’s ransom demands.

  5. Malware for sale. New Prynt Stealer malware sold in time-based subscriptions.

  6. Protect your data. French authorities fine medical software provider for data protection breach.

 

And finally, S-RM is proud to be nominated for Cyber Event Response Team of the Year at Advisen's 2022 Cyber Risk Awards. Thank you to those who nominated us, and to our fantastic team for their commitment and dedication to our clients.

You can cast your vote here


1. COCA-COLA INVESTIGATES DATA THEFT CLAIM

Stormous, a Russian-linked cybercrime collective, claims to have stolen 161GB of data from The Coca-Cola Company. The group has listed the stolen data for sale on its dark web leak site for approximately USD 64,000; this is a relatively low amount and suggests that any stolen data is unlikely to be very sensitive.

Coca-Cola has not verified the validity of Stormous’ claims but is investigating the matter.

 

SO WHAT?

Threat actors who exfiltrate data from victims often leak it for free or sell it on the dark web. Organisations that experience data theft need to determine what data may have been stolen as soon as possible, and assess its value, in order to inform decision making during the incident response process.

 

 

2. HEALTHCARE SECTOR FINDS ITSELF IN THE ER

An overview of some of the recent high profile cyber attacks affecting the healthcare industry.
  • Tenet Healthcare Corporation, one of the largest healthcare companies in the US, recently disclosed that it suffered an unspecified “cyber security incident. The incident disrupted some hospital services although Tenet has stated that critical operations have mostly been restored.
  • Separately, an undisclosed threat actor has attacked French hospital group GHT Couer Grand Est. and stolen sensitive data, including patient health information. The healthcare provider disconnected all network connectivity to prevent further data theft. Approximately 29GB of GHT’s data has been made available for sale on Industrial Spy, a dark web marketplace.
  • The American Dental Association suffered a cyber attack that forced them to take affected services offline. A new ransomware group named Black Basta has claimed responsibility for the attack. There are suggestions that Black Basta is closely affiliated with the Conti ransomware group.

 

SO WHAT?

The healthcare industry is a particularly attractive target for threat actors for several reasons, including that organisations in the industry typically hold valuable protected health information and often have immature cyber security postures.

 

 

3. BLACKCAT RANSOMWARE HITS AT LEAST 60 ORGANISATIONS

The FBI has released a flash report on the BlackCat/ALPHV ransomware as a service (RaaS) group indicating that, as of March 2022, the group has compromised at least 60 organisations worldwide. The FBI further reported that BlackCat typically gains access to its victims’ networks by leveraging previously compromised user credentials.

 

SO WHAT?

Basic security measures like strong password policies, mandatory password changes after a set period of time, and implementing multi-factor authentication (MFA) can significantly reduce the risk of cyber attacks leveraging exposed credentials.

 

 

4. COSTA RICA DENIES CONTI

Costa Rica has refused to pay a USD 10 million ransom to the Russian cybercriminal group Conti. The refusal comes after Conti breached networks of several government ministries and agencies, including the Ministry of Finance and the Labour Ministry. Conti claims to have exfiltrated 1TB from the Ministry of Finance. The Costa Rican government has since regained control of its systems.

 

SO WHAT?

For businesses, the decision whether to pay a ransom or not can have a significant reputational impact amongst clients, industry stakeholders, and employees.

 

 

5. PRYNT STEALER MALWARE

A new info-stealer malware has emerged that targets various web browsers, messaging applications, and games. Prynt Stealer has several capabilities, including recording keystrokes and the theft of user credentials and credit card details. The malware is being sold online on a time-based subscription model, ranging from USD 100 per month to USD 900 for a lifetime subscription. 

 

SO WHAT?

Malware like this is often spread through malicious email attachments, such as Microsoft Excel or Word documents with hidden macros. Organisations must ensure employees are trained to identify and avoid suspicious emails and attachments.

 

 

6. PROTECT YOUR DATA

The French Authority for Data Protection has fined Dedalus Biologie, a France-headquarted medical software provider, EUR 1.5 million for breaching various articles of the GDPR. The fine is the largest that French authorities can impose. The GDPR breaches included: lacking appropriate data migration procedures, failing to encrypt personal data held by the company, and employees sharing credentials for user accounts.

The fine follows a February 2021 data breach in which personal data relating to almost 500,000 people was exposed.

 

SO WHAT?

All organisations that process the personal data of European citizens must comply with the GDPR guidelines.

 

 

Cyber Intelligence Briefing

To discuss this article or other industry developments, please reach out to one of our experts.

Kyle Schwaeble
Kyle schwaeble Associate Email Kyle
Roddy Priestley
Roddy priestley Director, Cyber Security Email Roddy

Intelligent Business 2022 Strategic Intelligence Report

The evolution of strategic intelligence in the corporate world. Read S-RM's latest report.

Download Report