Skyhigh Security Intelligence Digest

Recent reports of both Microsoft and Hewlett Packard Enterprise (HPE) being breached via their cloud-based email infrastructures have taken the cybersecurity industry by storm; frankly, for more reasons than one!

Remember the QakBot cyberthreat (otherwise known as Qbot or Pinkslipbot)? This threat was shut down as part of a coordinated law enforcement effort in August 2023—and it’s making a comeback!

The recent cyber intrusion targeting MGM Resorts International has underscored pressing issues surrounding the safeguarding of sensitive data and the exposed vulnerabilities that modern organizations confront within today’s threat landscape.

HCA Healthcare, a prominent healthcare provider with a widespread presence in Florida and 19 other states, recently fell victim to a severe data breach potentially affecting as many as 11 million people. The unsettling incident came to light when personal patient information surfaced on an online forum.

A recent advisory jointly released by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Cyber Security Centre (ACSC) details the heightened threats posed by the BianLian ransomware and extortion group. With the cybercriminal group active since June 2022, it appears that the more conventional encryption of victim files for ransomware payouts has now been shifted to exfiltration of compromised data for blackmail and extortion purposes.

According to recent industry research, multiple campaigns and tools being executed by the MERCURY APT group (aka MuddyWater, Static Kitten) – widely considered to be affiliated with Iranian Ministry of Intelligence and Security (MOIS) interests – have been observed launching damaging attacks in Microsoft Azure cloud environments.

What started as a means of generating laughs through short video clips during the coronavirus pandemic, TikTok has taken the attention-capturing short-form video format and solidified its place among the most popular social media apps. But just like other foreign-owned apps that go viral, Chinese-owned TikTok continues to face scrutiny over its data collection and privacy practices. This time, however, it’s not only the United States sounding the alarm bell.

As organizations continue their rampant surge into the cloud, OneNote presents a useful notetaking and task management bridge between corporate premises, BYOD, and enterprise cloud realms, however, attackers have turned their attention to the app as a viable route for malware distribution.

The latest inception of phishing attacks is on the horizon. With the pervasiveness of cloud apps and the evolving nature of how they are used, from single-sign-on token integrations, users are being prompted to authorize access in what has become an overlooked attack vector to facilitate data leakage.

Email has been the lifeblood of enterprise communication and collaboration for decades; there’s simply no doubt about it. Email, however, is also still one of the most effective ways to distribute malware or ransomware, responsible for over 90% of malware deliveries and infections.

Hot on the heels of numerous high-profile breaches at the hands of cybercrime gangs, Cisco undoubtedly takes no pleasure in confirming a breach of its corporate network in a recent extortion attack from the Yanluowang ransomware group.

A common misconception among enterprises and their users leads the belief that cloud environments are immune to threats of ransomware. However, in a recent discovery made by Proofpoint researchers, malicious actors can instigate ransomware attacks by exploiting Microsoft 365 file version backups – made available thanks to the platform’s native file “auto-save” feature.

An unsecured server has exposed sensitive data belonging to airport employees across Colombia and Peru. The AWS S3 buckets containing approximately 3TB of data dating back to 2018 consisted of airport employee records, ID card photos, and personally identifiable information (PII), including names, photos, occupations, and national ID numbers.

The new hot name in ransomware attacks is Lapsus$. If you haven’t heard of them before, you’ve probably heard of some of the companies they attacked, including Nvidia, Samsung, Okta, and Microsoft – just to name a few. For the uninformed, Lapsus$ is a hacking group that focuses on data theft and extortion.

According to reporting from Bleeping Computer, threat actors are ramping up their efforts against Microsoft Teams for malware distribution by planting malicious documents in chat threads, ultimately resulting in victims executing Trojans that hijack their corporate systems.