4th November – Threat Intelligence Report - Check Point Research

4TH NOVEMBER – THREAT INTELLIGENCE REPORT November 4, 2024 For the latest discoveries in cyber research for the week of 4th November, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Free, the second-largest telecom company in France, has been hit by a cyberattack resulting in unauthorized access to personal data associated with certain subscriber accounts. The incident surfaced following an attempted sale of stolen customer data on a cybercrime forum, impacting potentially up to 19 million customers. Although passwords and bank details were not compromised, Free is alerting affected users and has filed a complaint with local authorities. The San Joaquin County Superior Court has been impacted by a cyberattack resulting in widespread technical outages. The incident has disrupted access to court services, including public-facing applications and internal operations, affecting case management and public record systems. AEP, a German pharmaceutical wholesaler, suffered a ransomware attack leading to partial encryption of its IT systems, impacting medicine supplies to over 6,000 pharmacies. The company, headquartered in Bavaria, has disconnected affected systems and is working with external cybersecurity experts to address the incident. The Housing Authority of the City of Los Angeles (HACLA) has been targeted in a ransomware attack, with the Cactus ransomware gang claiming responsibility and alleging data theft of 861 GB, including personal, financial, and backup information. This incident marks the second cyberattack HACLA has faced in recent years, following an earlier breach by LockBit in 2023. Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Wins.Cactus.ta.*, Ransomware.Win.Cactus.*) Pro-Ukraine hacktivists “Ukrainian Cyber Alliance” allegedly launched a cyberattack on the parking payment system in Tver, Russia, as part of ongoing digital assaults amidst the conflict. The attack disrupted the city’s payment infrastructure, allowing residents to park for free for nearly two days. The French Ministry of Labor and Employment has reported a cyberattack on a service provider for its Local Missions network, which supports individuals aged 16 to 25 with employment and training. The breach, which occurred in October 2024, potentially exposed personal data, including names, birthdates, nationalities, and contact information, of young people registered in the program. Financial details, social security numbers, and identity documents were not compromised. Interbank, a major Peruvian financial institution, suffered a data breach in which sensitive customer data, including financial information, was reportedly exposed. The breach led to the unauthorized disclosure of personally identifiable information and account details. Investigations are ongoing to determine the extent of the compromised information and potential vulnerabilities exploited. VULNERABILITIES AND PATCHES Synology addressed two critical zero-day vulnerabilities (tracked together as CVE-2024-10443) discovered during the recent Pwn2Own Ireland 2024 competition. The flaws, dubbed RISK:STATION, affected Synology Photos and BeePhotos software and could allow remote code execution on exposed NAS devices. Patches were released within 48 hours due to the high risk of exploitation, urging users to update to secure their systems. QNAP has patched a critical zero-day SQL injection vulnerability (CVE-2024-50387), in its SMB Service, discovered at Pwn2Own Ireland 2024. The vulnerability was patched within a week, with updates available in SMB Service version 4.15.002 or later. A critical vulnerability in the AI Power Complete AI Pack WordPress plugin (CVE-2024-10392) is affecting approximately 10,000 WordPress websites. The flaw enables arbitrary file uploads, potentially allowing attackers to execute code on vulnerable sites. THREAT INTELLIGENCE REPORTS Check Point Research has published its September 2024 ransomware report, highlighting emerging trends in ransomware. Noted are the rapid rise of RansomHub, which accounted for 19% of ransomware victims this month, and a shift by groups like Meow towards data extortion over encryption. The report also shows Lockbit’s decline in activity, following law enforcement actions. Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Win.RansomHub; Ransomware.Wins.RansomHub.ta.*) The FBI, U.S. Treasury, and Israel National Cyber Directorate have issued joint advisory detailing updated tactics by the Iranian group Emennet Pasargad, also known as Aria Sepehr Ayandehsazan (ASA). This group, active in influence operations targeting events like the 2024 Summer Olympics, has utilized advanced methods such as fictitious hosting resellers, IP camera content harvesting, and interest in AI resources for cyber-enabled information operations. Researchers have conducted a five-year investigation into multiple China-based APT groups, including Volt Typhoon, APT31, and APT41/Winnti, focusing on their sophisticated attacks against Sophos network perimeter devices. The threat actors developed and deployed advanced TTPs, such as rootkits, UEFI bootkits, and backdoored Java classes, to compromise devices and target high-value entities in the Indo-Pacific, including government and critical infrastructure sectors. Researchers have identified that the Chinese threat actor, Storm-0940, has been using stolen credentials obtained through password spray attacks to access targeted systems. The actor operates through a covert network to obfuscate its activities, enabling access to sensitive data across various sectors. This campaign highlights the persistent and sophisticated approach of Storm-0940 in leveraging credential-based tactics. GO UP BACK TO ALL POSTS POPULAR POSTS CHECK POINT RESEARCH PUBLICATIONS GLOBAL CYBER ATTACK REPORTS THREAT RESEARCH “The Turkish Rat” Evolved Adwind in a Massive Ongoing Phishing Campaign CHECK POINT RESEARCH PUBLICATIONS GLOBAL CYBER ATTACK REPORTS SECURITY REPORT THREAT RESEARCH 2024’s Cyber Battleground Unveiled: Escalating Ransomware Epidemic, the Evolution of Cyber Warfare Tactics and strategic use of AI in defense – Insights from Check Point’s Latest Security Report GLOBAL CYBER ATTACK REPORTS 8th May – Threat Intelligence Report BLOGS AND PUBLICATIONS CHECK POINT RESEARCH PUBLICATIONS GLOBAL CYBER ATTACK REPORTS THREAT RESEARCH January 22, 2020 THE 2020 CYBER SECURITY REPORT GLOBAL CYBER ATTACK REPORTS December 15, 2021 STEALTHLOADER MALWARE LEVERAGING LOG4SHELL CHECK POINT RESEARCH PUBLICATIONS GLOBAL CYBER ATTACK REPORTS THREAT RESEARCH February 17, 2020 “THE TURKISH RAT” EVOLVED ADWIND IN A MASSIVE ONGOING PHISHING CAMPAIGN CHECK POINT RESEARCH PUBLICATIONS GLOBAL CYBER ATTACK REPORTS THREAT RESEARCH January 22, 2020 THE 2020 CYBER SECURITY REPORT GLOBAL CYBER ATTACK REPORTS December 15, 2021 STEALTHLOADER MALWARE LEVERAGING LOG4SHELL CHECK POINT RESEARCH PUBLICATIONS GLOBAL CYBER ATTACK REPORTS THREAT RESEARCH February 17, 2020 “THE TURKISH RAT” EVOLVED ADWIND IN A MASSIVE ONGOING PHISHING CAMPAIGN CHECK POINT RESEARCH PUBLICATIONS GLOBAL CYBER ATTACK REPORTS THREAT RESEARCH January 22, 2020 THE 2020 CYBER SECURITY REPORT 123 This website uses cookies in order to optimize your user experience as well as for advertising and analytics.  For further information, please read our Privacy Policy and ourCookie Notice. 404 Not Found nginx When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information Allow All Manage Consent Preferences Functional Cookies Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Strictly Necessary Cookies Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Performance Cookies Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. Targeting Cookies Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Performance Cookies Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Reject All Confirm My Choices