Weekly Cyber News Roundup

August 14th to August 18th 2023

Content 

01. News Bites
  • Cumbria, Norfolk and Suffolk Police reveal data breaches
  • IBM caught up in MOVEit hack with 4 million people impacted
  • Bangladesh Central Bank suspends internal services to prevent cyber attack
  • Advisory issued over Citrix NetScaler vulnerabilities

02. Conclusion

Quick News Bites

Cumbria, Norfolk and Suffolk Police all reveal data breaches 

Following the recent data breach at the Police Service Northern Ireland (PSNI) which exposed officer details, Cumbria Police, along with Norfolk and Suffolk Police, have also reported breaches. Earlier this year, Cumbria Police mistakenly released the names and salaries of its personnel online. Though the information was promptly removed, the duration it remained online is uncertain. 

Norfolk and Suffolk constabularies jointly disclosed an issue concerning a fraction of their responses to Freedom of Information Requests for crime statistics between April 2021 and March 2022. A glitch resulted in undisclosed raw data being embedded in files, which, though hidden, should not have been present. This data covered crime reports including details of victims, witnesses, and suspects, and a spectrum of offences. 

After reviewing the incidents, both constabularies are informing 1,230 affected individuals about the breach. Eamonn Bridger, the assistant chief constable of Suffolk Police, expressed regret and assured the public of their continuous review of data handling procedures. While they believe the data hasn't been accessed externally, the UK's data watchdog, the Information Commissioner's Office, has been informed. 

IBM caught up in MOVEit  hack with 4 million people impacted  

IBM inadvertently played a role in a potential data breach of US medical patients data involving the Clop ransomware gang.  

The Colorado Department of Health Care Policy and Financing (HCPF) sounded the alarm to over 4 million individuals, predominantly those enrolled in low-income health schemes. 

While HCPF manages Colorado's Medicaid and other health initiatives, it wasn't directly involved in using the compromised software, MOVEit by Progress Software. However, IBM did. The cyber attackers exploited IBM's installation of this tool to potentially access the sensitive information held by HCPF. 

An official statement from the department assured that no direct breaches occurred in the HCPF or any associated Colorado systems. 

Still, the assurances might provide limited comfort to the 4,091,794 Health First Colorado and Child Health Plan Plus (CHP+) members. Their personal details, including names, National Insurance numbers, health records, and insurance data, could now be at risk. 

Since the MOVEit hack was first reported 685 organisations and between 42- 46 million people have been impacted.   

Bangladesh Central Bank suspends internal services to prevent cyber attack 

Bangladesh's central bank temporarily halted several of its online services to avert potential cyber threats. The Bangladesh Bank (BB) paused specific web services for 36 hours as a precautionary move, recalling the 2016 incident when hackers pilfered close to $1 billion, as stated in a bank notice. 

BB's Executive Director, Md. Mezbaul Haque, told news outlets that since Sunday, heightened surveillance was in place to deter cyber threats. He emphasized that this shutdown affects only certain internal systems, ensuring public services remain unaffected. 

This decision came in response to an Aug. 4 warning from the nation's electronic incident team, alerting about a potential cyber onslaught on key information infrastructures, banks, governmental agencies, and private entities. 

In 2016, hackers targeted the Bangladeshi central bank's account at the Federal Reserve Bank of New York, managing to extract close to a billion-dollars, marking it as one of the largest cyber thefts in history. 

Following the cyber warning, BB disseminated an 11-point directive, urging all banking and financial entities to stay vigilant. This advisory emerged after 'hacktivists' from India purportedly threatened institutions in Bangladesh and Pakistan. 

Advisory issued over Citrix NetScaler vulnerability  

Almost 2,000 Citrix NetScaler systems have been breached using a backdoor, capitalising on a recently revealed critical security flaw. 

The aggressors are believed to have systematically exploited the CVE-2023-3519 vulnerability, inserting web shells into susceptible NetScalers to maintain prolonged access. The vulnerability allows adversaries to run any command through this web shell, even if the NetScaler has been patched or restarted. 

CVE-2023-3519 is a critical code injection flaw affecting NetScaler ADC and Gateway servers, permitting unauthorised remote code execution. Citrix addressed this issue last month. So far, 2,491 web shells have been detected on 1,952 distinct NetScaler devices. The bulk of these compromised systems are in European countries including Germany, France, Switzerland, Japan, Italy, Spain, the Netherlands, Ireland, Sweden, and Austria. Interestingly, though Canada, Russia, and the U.S. had numerous vulnerable servers, none of them showed any signs of these web shells. 

The current breach campaign is believed to have affected around 6.3% of the 31,127 NetScaler systems that were exposed to CVE-2023-3519 as of July 21, 2023. 

The incident underscores the paramount importance of timely patching and updating systems to thwart potential cyber threats. 

 

Closing Summary

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

Disclaimer

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.

Need advice?

If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.

More detailed threat intelligence news?

If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.

We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.

Security-first-stacked-logo4-No-Padding

Cyber Security Conference

LONDON | 28 April 2022
DUBLIN | 11 May 2022

Join us in Dublin or London for the Security First 2022 conference.  We'll be bringing together industry professionals and specialist experts to discuss the latest cyber security trends and offer actionable advice on preparing your business to put security first in 2022.