There was no shortage of cybersecurity news for June, so this month’s recap from SWK Technologies will consolidate and cover the biggest trends to watch out for among the top stories. From making sure your vendors are practicing cybersecurity, helpful knowledge of recent breaches concerning the masses, to new information about past attacks that have implications for an industry we have touched on it all.
Here are some of the top cybersecurity news stories to watch from June 2023:
Nearly Half a Million Personal Health Records Compromised in Ransomware Attack
It has been reported that nearly half a million people’s personal data was stolen by hackers after an attack on Intellihartx, a company that handles patient healthcare information earlier this year. Among the data stolen was patient names, addresses, dates of birth and Social Security numbers.
It appears to be the work of a ransomware group named Clop. This was not their first attack which prompted the U.S. Department of Health and Human Services to publish an alert warning the healthcare industry.
That is troubling about this particular attack is that it involved targeting Intellihartx vendor, Fortra, which it parlayed into accessing Intellihartx’s data. This kind of behavior is not new and further emphasizes the need to vet your vendors to ensure they have proper cybersecurity measures in place.
Security Warning for Gmail Users
Earlier this month Google issued a security warning to its 1.8 billion Gmail users after a critical flaw was discovered in their new Gmail checkmark system. The checkmark system was created to provide users with a way to easily identify verified organizations (like Twitter) so that it is easier to weed out potential scams. However, as reported by Forbes, hackers found a way to bypass this system which raises concerns about Gmail’s security.
Hackers were able to dupe Gmail’s checkmark system and undermine the whole purpose of this new security feature. Google has since made this a high priority for them and at the time of writing is working on a fix.
Events like this emphasize the need to remain vigilant when it comes to cybersecurity and scams. Even with new features hackers are always looking for exploits. Preventative measures like security awareness training can be the difference between getting duped and preventing an attack.
Infected apps with Android spyware — do you have these installed?
If you have an Android smartphone you should check it now to see if you have an infected app. Over 100 Android apps have been discovered to be infected with a new malware strain.
A spyware module has been discovered inside the affected apps dubbed ‘SpinOk’ by Dr. Web, which can perform a number of malicious activities in the background.
Here are some of the most popular apps, but you can find the full list here:
- Noizz: video editor with music
- Zapya – File Transfer, Share
- vFly: video editor&video maker
- MVBit – MV video status maker
- Biugo – video maker&video editor
- Crazy Drop
- Cashzine – Earn money reward
- Fizzo Novel – Reading Offline
- CashEM: Get Rewards
- Tick: watch to earn
Most of the apps have since been removed from the Play Store, but not every one at the time of writing. It is recommended to delete the apps if you have them on your phone, even though it has been said to have been patched out in recent updates.
You should always be wary of apps, in their respective stores for download or not. Anything that asks for seemingly unnecessary permissions could be potential trouble.
As it turns out JBS’s cybersecurity was poor prior to 2021 ransomware attack
Remember the cyber-attack that back in 2021 on JBS where they paid out $11 million? Well it turns out their cybersecurity was found lacking. It was just recently reported that after evaluation their overall rating was poor by comparison to their peers. Which may come as no surprise considering the events that took place, but it brings to light a bigger issue…That food processing companies are more vulnerable to attacks.
The reason why these types of companies are more susceptible to attacks has a lot to do with their infrastructure. Hackers look to exploit vulnerabilities and with so many smart technologies and connected devices with all the automation it opens them up to more attack vectors. What’s more is that many of these control systems that use connected devices are often not as up to date as something like a computer or server. Because of that they pose a potential weak point for a hacker to gain entry.
While it is possible to tighten up security for these companies, the main barrier stopping them from doing so is cost. For such large systems it can become a large cost to bring everything up to today’s cybersecurity standards. As the case with cybersecurity throughout the business world, it is always one of those things that you don’t always see the tangible ROI and it makes it a harder pill to swallow. However, if you thwart an attack maybe you save the $11 million ransom…
Get More Updates from SWK
Cybersecurity news continues to be prolific, but SWK Technologies will keep you updated on critical issues that could threaten your business and leave your data exposed. Get in touch with our experts today to learn more about the top stories in the news and what you can do to defend your systems and data.
Contact SWK here to get more updates from the top cybersecurity news out of the month and discover how to prepare against emerging cyber threats.
See More Cybersecurity News from August 2022