The Last 48 Hours Major Cyber Attacks and Data Breaches, CrowdStrike Update.

A North Korean hacking group targets healthcare, energy and finance. 

Mandiant has reported that the North Korean hacking group Andariel, traditionally known for targeting government and critical infrastructure, has expanded its focus to include the healthcare, energy, and financial sectors. This group, also known as APT45 and linked to North Korea's Reconnaissance General Bureau, has been sanctioned by the U.S. Treasury. Andariel is recognized for its sophisticated cyber operations, using advanced tools to avoid detection and increase their impact. The group has been active since at least 2009 under various names and is connected to the notorious Lazarus group. Mandiant, a Google subsidiary, monitors Andariel's espionage activities, which now include financially motivated actions like ransomware. These cyberattacks are part of North Korea's strategy to fund weapons development and strengthen its economy, especially after a suspected COVID-19 outbreak in the country. Mandiant warns that Andariel can quickly adapt its tactics to target new sectors.

Leaked Leidos documents surface on the dark web. 

Leidos Holdings, a key IT services provider for the Department of Defense and other U.S. agencies, experienced a significant security breach, resulting in internal documents being leaked on the dark web. This breach is linked to a 2022 cyberattack on Diligent Corporation, a governance software provider utilized by Leidos. Although the attack happened two years ago, Leidos only recently discovered that the documents were circulating. The company has since issued the necessary breach notifications.

The leaked data primarily involves internal corporate details, such as employee reviews and complaints, rather than sensitive military information. This incident has placed a spotlight on Leidos, one of the largest IT service providers in the defense industry, especially following its merger with Lockheed Martin's Information Systems & Global Solutions in 2016. Headquartered in Reston, Virginia, Leidos employs approximately 47,000 people and reported $15.4 billion in revenue for 2023.

A Middle Eastern financial institution suffered a record-breaking DDoS attack. 

A Middle Eastern financial institution recently endured an unprecedented six-day Distributed Denial of Service (DDoS) attack orchestrated by the hacktivist group SN_BLACKMETA. This extensive assault, spanning ten waves and amounting to 100 hours of attack time, highlighted the increasing complexity and scale of modern cyber threats. At its peak, the attack generated 14.7 million malicious requests per second, severely disrupting the institution's web services.

Radware’s Web DDoS Protection Services played a crucial role in mitigating the attack's impact, successfully blocking over 1.25 trillion malicious requests. SN_BLACKMETA, known for ideologically driven cyber activities, publicized their attack on Telegram. Their tactics often focus on targeting critical infrastructure while maintaining transparency to garner public support. This incident underscores the evolving threat landscape and the importance of robust cybersecurity measures.

Crowdstrike latest Update

CrowdStrike has issued a warning about a phishing campaign using a fake recovery manual for Windows devices affected by a Falcon platform update outage, which spreads Daolpu, an information-stealing malware. The attackers distributed phishing emails with a malicious Word document resembling a Microsoft support bulletin. Upon enabling macros, the attachment downloads a DLL file, which Windows' certutil decodes, allowing Daolpu to steal browser-stored credentials and cookies. CrowdStrike has shared a YARA rule and indicators of compromise to help detect the malware. BleepingComputer suggests that Daolpu may originate from Vietnam.

Additionally, cloud monitoring and insurance services provider Parametrix reported significant financial losses due to the Microsoft-CrowdStrike outage on July 19. The outage resulted in a direct financial loss of approximately $5.4 billion for Fortune 500 companies, with an average loss of $44 million per organization and up to $150 million for the most impacted, such as airlines. Only 10%-20% of these losses were covered by cyber insurance. The healthcare sector experienced the largest loss at $1.94 billion, followed by banking at $1.15 billion. The incident affected a quarter of Fortune 500 companies, including all six major airlines and 43% of retailers. Experts say this underscores the need for better risk diversification and management in response to systemic cyber events.