company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Bulk IP/Domain Lookup

Threatspy

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Phishing

Advertising

Facebook

loading..
loading..
loading..

Millions generated luring Facebook users by a massive phishing attack

Researchers discovered a large-scale phishing campaign tricking Facebook messenger users through malicious advertisements into entering account credentials…

09-Jun-2022
4 min read

Related Articles

loading..

Phishing

Discover how a phishing attack on Los Angeles County Department of Health Servic...

In February 2024, the Los Angeles County Department of Health Services (DHS) suffered a data breach due to a phishing attack, compromising patients' personal and health information. ## Breach Overview The phishing attack targeted DHS employees, resulting in the compromise of 23 employee credentials. Attackers gained access to employees' email accounts, which contained sensitive information such as patients' names, dates of birth, medical records, and health plan details. Fortunately, Social Security Numbers and financial data were not accessed. ## Attack Vector Analysis The breach occurred when employees clicked on a link in a phishing email, mistakenly believing it to be from a legitimate source. This highlights the need for comprehensive employee training on identifying and avoiding phishing attempts. Utilizing simulated phishing exercises can help employees recognize and report suspicious emails effectively. ## Impact Assessment While no evidence suggests misuse of the exposed data, the potential impact on affected individuals remains a concern. Patient privacy and trust are paramount in healthcare, necessitating swift and transparent response measures from DHS. ## Response and Mitigation Measures Upon discovery of the breach, DHS took immediate action to contain the incident and mitigate further risks. They disabled compromised email accounts, reset employee devices, and quarantined suspicious emails. Additionally, DHS circulated awareness notifications and reinforced email security protocols among staff. ## Regulatory Compliance and Reporting DHS adhered to regulatory requirements by notifying relevant authorities, including the U.S. Department of Health & Human Services' Office for Civil Rights and the California Department of Public Health. Compliance with data breach notification laws is crucial for maintaining transparency and accountability. ## Future Recommendations To prevent similar incidents, DHS should implement multifactor authentication, regular security audits, and continuous employee training. Investing in advanced email security solutions and threat intelligence platforms can enhance the organization's resilience against cyber threats.

loading..   26-Apr-2024
loading..   2 min read
loading..

Ransom

OPTUM

UnitedHealth confirms paying hackers to protect sensitive patient data after a m...

The UnitedHealth Group suffered a cyberattack, resulting in a ransom payment to protect sensitive data. This [Threatfeed](https://www.secureblink.com/cyber-security-news) delves into the attack's details, implications, and security measures. ### Attack Overview In late February, UnitedHealth Group experienced the Optum ransomware attack, causing a disruption in critical services, including payment processing and prescription writing. The attack led to $872 million in financial damages. ### Attackers and Tactics The [BlackCat](https://www.secureblink.com/cyber-security-news/malvertising-enables-black-cat-spy-boy-terminator-joins-the-arsenal)/ALPHV ransomware gang claimed responsibility for the attack, alleging theft of 6TB of patient data. They demanded a ransom, leading to a payment of $22 million. However, an affiliate, "Notchy," claimed BlackCat cheated them of the payment. ### Response and Investigation Following the attack, the U.S. government launched an investigation into potential data theft. RansomHub, an extortion group, increased pressure on UnitedHealth by leaking corporate and patient data stolen during the attack. UnitedHealth confirmed paying a ransom to protect patient data from disclosure. ### Data Breach and Impact UnitedHealth acknowledged a data breach, stating that sensitive information, including protected health and personally identifiable information, was compromised. While only a few screenshots have surfaced on the dark web, the full extent of data exfiltration remains under investigation. ### Mitigation Measures UnitedHealth is taking steps to mitigate the impact, offering two years of free credit monitoring and identity theft protection services. Despite the breach, 99% of services are operational, with medical claims flowing at near-normal levels.

loading..   24-Apr-2024
loading..   2 min read
loading..

Sandworm

APT44

Russian hackers, Sandworm, target Ukraine's 20 critical infrastructure orgs. Pow...

Ukraine yet again reportedly suffered a severe cyber threat from the notorious Russian hacker group Sandworm, also known as BlackEnergy, Seashell Blizzard, Voodoo Bear, and APT44. These attackers, believed to be associated with Russia's GRU, targeted approximately 20 critical infrastructure facilities, including energy, water, and heating suppliers. The attacks aimed to disrupt operations, posing a significant risk to Ukraine's national security and stability. ### Attack Methodology Sandworm leveraged a combination of sophisticated techniques to infiltrate and compromise the targeted networks. One notable approach involved poisoning the software supply chain to deliver compromised or vulnerable software to the organizations. Additionally, the hackers exploited the technical support access of software providers to gain unauthorized entry into the systems. ### Malware and Tools Sandworm deployed a variety of malware and tools to carry out its attacks effectively. Notable malware includes: - **QUEUESEED/IcyWell/Kapeka**: A C++ backdoor for Windows used to collect system information and execute remote commands. It establishes secure communications via HTTPS and encrypts data using RSA and AES. - **BIASBOAT**: A newly emerged Linux variant of QUEUESEED, disguised as an encrypted file server, used alongside **LOADGRIP**. - **LOADGRIP**: Another Linux variant of QUEUESEED developed in C, utilized to inject payloads into processes using the ptrace API. - **GOSSIPFLOW**: A Go-based malware on Windows, utilized for setting up tunneling and providing SOCKS5 proxy functionality to exfiltrate data. ### Open Source Tools Sandworm also leveraged open-source tools such as Weevly webshell, Regeorg.Neo, Pitvotnacci, Chisel tunnelers, LibProcessHider, JuicyPotatoNG, and RottenPotatoNG. These tools aided in maintaining persistence, hiding malicious processes, and elevating privileges on compromised systems. ### Cyber Defense [CERT-UA](https://cert.gov.ua/article/6278706), the Ukrainian agency, responded to the attacks by engaging in extensive counter-cyber attack operations from March 7 to March 15, 2024. These operations involved informing affected enterprises, removing malware, and enhancing security measures to mitigate further risks. ### Impact and Motivation The attacks by Sandworm not only disrupted critical infrastructure operations but also aimed to amplify the impact of potential Russian missile strikes on these facilities. This underscores the strategic nature of the cyber threat, which seeks to undermine Ukraine's stability and national security. ### Attribution and Hacktivist Connections Mandiant's recent revelation of [Sandworm's connection to hacktivist-branded Telegram](https://www.secureblink.com/cyber-security-news/russian-hackers-infiltrate-water-systems-as-hacktivists) groups adds another layer to the complexity of the threat landscape. This connection highlights the potential collaboration between state-sponsored threat actors and hacktivist entities, further complicating cybersecurity efforts.

loading..   23-Apr-2024
loading..   3 min read
Company Logo
logo

Secure Blink automates the application and API security testing for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.

Find Us Online

Facebook Logo
Twitter Logo
LinkedIn Logo
Telegram Logo
YouTube Logo
contact@secureblink.com

This website uses cookies to ensure you get the best experience on our website. By continuing on our website, you consent to our use of cookies. To find out more about how we use cookies, please see our Cookies Policy.

contact@secureblink.com

@ Copyright 2024 Secure Blink. All rights reserved.

4th Floor, Plot No- 7-10 Sector 126, Noida, UP -201303