An unauthorized intrusion forced Global Affairs Canada to shut down a number of their systems in an effort to mitigate the reach of the breach. In other cybersecurity news, a new and very sophisticated trojan named DazzleSpy is infecting MacOS devices.
Android bot campaigns found in multiple countries
Researchers have been tracking two separate Android malware campaigns named FluBot and TeaBot that spread through malicious SMS messages and trojanized apps on the Google Play store. Bots abuse infected devices by using the victim’s contact list to spread itself by sending messages that come from a trustworthy contact. While FluBot was active in 2021, with over 100,000 malicious messages being identified in December alone, TeaBot has taken over the market as January progresses.
Ohio healthcare provider settles over 2020 data breach
Nearly 18 months after vision care provider EyeMed identified a data breach in their systems, they have finally reached a $600,000 settlement with the patient victims. After compromising an internal email account, hackers spent nearly a week exfiltrating extremely sensitive information on 2.1 million patients and employees. The attackers then launched a secondary phishing campaign using the stolen contact info. The settlement was filed for the State of New York, and the ~98,000 New Yorkers that were directly affected by the data breach.
DazzleSpy backdooring MacOS devices
A new trojan backdoor has been spotted on several MacOS devices with a surprising array of monitoring, tracking and system control options that showcase developer sophistication. While there is less Mac malware than Windows malware, these new samples show specialization that targets exploits that aren’t commonly patched. DazzleSpy uses an exploit through a compromised website that only requires the victim to open the page. It then runs a variety of silent tasks with administrative access to the device.
DeadBolt ransomware targets QNAP devices
QNAP users are being encouraged to disconnect their devices from the internet following a series of ransomware attacks that encrypt files with “.deadbolt” as the appended file extension. The DeadBolt group leaves a ransom note that demands ~$1,100 in Bitcoin to decrypt the individual device. They also offer to release the master key that decrypts all victims for a payment of 50 Bitcoins, which is roughly $1.85 million. It is believed that this attack stems from a zero-day vulnerability that has yet to receive a patch.
Canadian foreign affairs office hit with cyberattack
Global Affairs Canada, the country’s foreign affairs department, is investigating an unauthorized intrusion into their systems. While some systems were taken offline to prevent additional access, it has yet to be confirmed if any sensitive information was compromised, or the overall extent of the intrusion.
