Daixin Ransomware Team

 

Ransomware does not slow down. Bad guys saw the gain in this attack technique and they are highly motivated to carry on this attack.

A ransomware warning against the Daixin Team for healthcare sector came from CISA (Cybersecurity and Infrastructure Security Agency), FBI and HHS (Health and Human Services) in USA.

Daixin Team attackers have been linked to multiple health sector ransomware incidents since (at least) June 2022.

"U.S. health organizations are advised to take the following measures to defend against Daixin Team's attacks:

- Install updates for operating systems, software, and firmware as soon as they are released.

- Enable phishing-resistant MFA for as many services as possible.

- Train employees to recognize and report phishing attempts."

https://www.bleepingcomputer.com/news/security/us-govt-warns-of-daixin-team-targeting-health-orgs-with-ransomware/

"'The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022,' the advisory revealed.

Since June, Daixin Team attackers have been linked to multiple health sector ransomware incidents where they've encrypted systems used for many healthcare services, including electronic health records storage, diagnostics, imaging services, and intranet services."

"The ransomware gang gains access to targets' networks by exploiting known vulnerabilities in the organizations' VPN servers or with the help of compromised VPN credentials belonging to accounts with multi-factor authentication (MFA) toggled off."

INTERPOL's Black Axe Cyber Crime Operation

 

Cyber crime is not a joke. It is a quite serious thing.

INTERPOL led an operation where they took down an organized cyber crime syndicate called "Black Axe".

The amount of seized assets in this operation was not so big (around $2 million) but the important and great thing here is that 14 countries are involved in this operation.

https://thehackernews.com/2022/10/interpol-led-operation-takes-down-black.html

https://www.interpol.int/en/News-and-Events/News/2022/International-crackdown-on-West-African-financial-crime-rings

https://www.theregister.com/2022/10/17/interpol_black_axe_fraud/

"The International Criminal Police Organization, also called the Interpol, has announced the arrests of 75 individuals as part of a coordinated global operation against an organized cyber crime syndicate called Black Axe.

'Black Axe' and other West African organized crime groups have developed transnational networks, defrauding victims of millions while channeling their profits into lavish lifestyles and other criminal activities, from drug trafficking to sexual exploitation,' the agency said.

The law enforcement effort, codenamed Operation Jackal, involved the participation of Argentina, Australia, Côte d'Ivoire, France, Germany, Ireland, Italy, Malaysia, Nigeria, Spain, South Africa, the U.A.E, the U.K., and the U.S.

Black Axe, which originated as a confraternity in Nigeria around 1977 before evolving into a mafia group, has not only been linked to killing and scamming operations, but also has been accused of infiltrating the country's political system.

Two of the alleged online scammers, who were arrested late last month in South Africa, are believed to have orchestrated a variety of fraudulent schemes that netted them $1.8 million from victims.

The probe further led to 49 property searches, resulting in the seizure of 12,000 SIM cards and other luxury assets, including a residential property, three cars, and tens of thousands in cash. It also intercepted €1.2 million in the suspects' bank accounts.

In October 2021, eight members of the cartel were charged by the U.S. Justice Department for engaging in 'widespread internet fraud involving romance scams and advance fee schemes' from at least 2011 through 2021.

'Illicit financial funds are the lifeblood of transnational organized crime, and we have witnessed how groups like Black Axe will channel money gained from online financial scams into other crime areas, such as drugs and human trafficking,' Interpol's Stephen Kavanagh said."

Optus Data Breach

Data breaches occur all around the world in all continents.

2.1 million ID numbers were exposed from an Australian telecommunications company.

https://www.securityweek.com/optus-says-id-numbers-21-million-compromised-data-breach

"Australian telecommunications company Optus says that 2.1 million of its customers had numbers associated with their identification documents compromised in a recent data breach.

On September 22, the wireless carrier announced it had fallen victim to a cyberattack that resulted in the potential compromise of the personally identifiable information of some of its customers, without providing specifics on the number of impacted individuals."

"While the wireless carrier has not provided specific details on how the cyberattack occurred, it appears that the company might have inadvertently exposed internal resources to the internet, providing the attackers with an easy way in."

A Hospital In Texas Facing Ransomware

 

Ransomware attacks against hospitals keep increasing. The victim is from Texas - USA this time.

A ransomware attack against a medical center caused some communication issues and also disruptions.

It is scary that the hospitals are facing ransomware attacks.

https://www.scmagazine.com/analysis/ransomware/texas-hospital-facing-communication-issues-system-rebuild-amid-ransomware-attack

"A ransomware attack deployed against OakBend Medical Center on Sept. 1 caused communication issues and IT disruptions..."

"The hospital turned over the ransomware investigation to 'a team consisting of the FBI, CYD, and the Ft. Bend County Government Cyberteam.'"

"The update released on Sept. 9 shows that OakBend is still working to bring its clinical systems back online “in a controlled, systemic environment” and is facing continued telephone and email issues..."

"A report from DataBreaches.net shows the Daixin ransomware group is claiming responsibility for the attack."

"The incident at OakBend joins an estimated 55 other ransomware attacks deployed against U.S. healthcare entities this year, according to RedSense Intelligence Operations estimates. Several lawmakers recently requested an urgent meeting to determine how the health sector is fighting off the threat of ransomware and what help is needed to support defense."

"Currently, a French hospital and the U.K. National Health Service are facing similar outages..."

InterContinental Hotels Cyber Attack

Did you stay in the following hotels recently (or since 2016)?

Regent, InterContinental Hotels and Resorts, Crowne Plaza, Holiday Inn, Holiday Inn Express, Candlewood Suites, Atwell Suites, and Even Hotels?

If yes, then read this post a little bit carefully.

The IT systems of InterContinental Hotels Group which operates 17 hotel brands globally, is compromised.

Not a good news just after the holiday season but you cannot escape from the realities.

And this has been the 3rd time that this hotels group was compromised. (Cyber defense actions are needed.)

And maybe you will think twice before booking a hotel room online after having read the news below.

https://www.theregister.com/2022/09/06/ihg_hotels_data_breach/

"The IT systems of InterContinental Hotels Group, the massive hospitality organization that operates 17 hotel brands around the world, have been compromised, causing ongoing disruption to the corporation's online booking systems and other services.

IHG, which is headquartered in Denham, England, and has offices in Atlanta, Singapore, and Shanghai, said in a statement to the London Stock Exchange Tuesday that 'parts [of its] technology systems have been subject to unauthorised activity.'"

https://www.londonstockexchange.com/news-article/IHG/unauthorised-access-to-technology-systems/15617013?s=31

"Attempts by The Register to book a room online via the IHG website were unsuccessful, as we repeatedly ran into a message saying the requested page was unresponsive. Clicking on links to other pages on the site were met with the same message, though some pages popped up after a few minutes of delay.

The company put a message to guests at the top of the home page informing them that 'at this time, you may have challenges booking a new reservation, accessing information about your upcoming reservations and accessing your IHG One Rewards account.'"

"IHG is a massive operation, running 6,028 hotels and 882,897 rooms in more than 100 countries. It has about 325,000 employees and included in its brands are Regent, InterContinental Hotels and Resorts, Crowne Plaza, Holiday Inn and Holiday Inn Express, Candlewood Suites, Atwell Suites, and Even Hotels."

"This isn't the first time IHG has been hit by a cyberattack. A network security breach in 2016 impacted the company for about three months, with IHG officials admitting in April 2017 that 1,200 hotels were affected by the intrusion. In that snafu, attackers deployed malware that accessed payment card data that was then used make fraudulent payments with cloned cards."

"Marriott Hotels in July said it had been hit by a third cyberattack in four years, with miscreants making off with 20GB of data, including credit card information and internal company documents."