Cyber Intelligence Weekly

Cyber Intelligence Weekly (June 11, 2023): Our Take on Three Things You Need to Know

By Dan Desko
Posted on Jun 11 / 2023

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Before we get started on this week’s CIW, I’d like to highlight an upcoming webinar with Echelon and our friends at Panorays. How is third-party risk like a blind date? Join this upcoming webinar, "Vendor Security Risk: A Blind Date Encounter," on June 13 to find out! Discover the intriguing parallels between onboarding a new vendor and going on a blind date. Just like in a budding relationship, first impressions matter! Gain invaluable insights on what to look for (and what to avoid) when selecting a vendor, how to foster trust, and the keys to maintaining a mutually beneficial partnership in the long term.

Our esteemed speakers, Dov Goldman - VP of Risk Strategy at Panorays, and Tom Garrubba - Director of TPRM Services at Echelon Risk + Cyber, will share their expertise in risk analysis, due diligence, and the significance of comprehensive assessments for establishing successful vendor relationships. Don't miss this opportunity to acquire practical strategies that will help you navigate the vendor landscape with confidence! Register now for an engaging and informative session that will transform the way you approach vendor onboarding and risk mitigation here: https://lnkd.in/d62NKs5g

No alt text provided for this image

Away we go!

1. Barracuda Networks Advises Replacing Compromised Email Security Gateway Appliances

There have been some major developments to a story that we broke last week involving network security vendor Barracuda Networks, who is facing a major security issue with its email security gateways. Since discovering a zero-day vulnerability in its Email Security Gateway (ESG) appliances and recommending that customers patch the device, the company is now urging that its customers replace the affected hardware instead of relying on the software updates.

No alt text provided for this image

The vulnerability, which has been reportedly exploited by attackers since October 2022, compromised the Barracuda software component responsible for screening attachments for malware. Despite releasing a patch for the flaw, Barracuda found that ongoing malware activity persisted on a subset of compromised appliances. As a result, the company advised wholesale replacement of impacted ESG devices, estimating that around 5% of active ESG appliances globally showed signs of compromise.

The decision to replace rather than patch the affected appliances is unusual and suggests a fundamental compromise in the security of Barracuda's email security gateways. The malware involved allowed attackers persistent backdoor access to the devices, potentially resulting in data exfiltration.

Barracuda assured customers that its other products, including SaaS email solutions, were not impacted by the vulnerability. The company offered to provide replacement products to affected customers at no cost. While the exact nature of the compromise and the attackers' persistence remain unclear, experts suspect the involvement of state-sponsored actors due to the level of access achieved and the stealthiness of the malware.

2. Another Medical Data Breach Tied to Forta SFTP Software

Intellihartx, a Tennessee-based company specializing in patient payment balances and collections, has revealed that hackers stole the personal and health information of approximately 489,830 patients during a ransomware attack earlier this year. The attack targeted Intellihartx's vendor, Fortra, and compromised patient data such as names, addresses, dates of birth, Social Security numbers, medical billing and insurance information, as well as diagnoses and medication details.

This incident is part of a larger mass ransomware attack that targeted Fortra's GoAnywhere file-transfer software, affecting numerous organizations, including Hatch Bank, Rubrik, and the City of Toronto. The Clop ransomware group claimed responsibility for exploiting a previously undisclosed security flaw in the software.

The healthcare industry has been a major target of Clop's ransomware attacks, leading the U.S. Department of Health and Human Services as well as CISA to issue a warning about the group's activities. In addition to Fortra's GoAnywhere software, Clop has also targeted other vendors of file transfer tools, including Accellion's file transfer appliance and Progress Systems' MOVEit.

The breach of Intellihartx underscores the growing threat to patient data and highlights the need for robust cybersecurity measures in the healthcare sector to safeguard sensitive information and protect individuals from the consequences of such breaches.

3. Largest Healthcare Data Breach of 2023: Dental Insurer Hacked, 9 Million Patients Affected

A major ransomware attack on Managed Care of North America (MCNA) Dental, one of the largest dental insurers in the US, has resulted in the exposure of personal information belonging to nearly nine million individuals.

The attack occurred between February 26 and March 7, 2023, but MCNA became aware of unauthorized activity on March 6. The stolen data includes patients' names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, and driver's licenses.

Additionally, health insurance information, including plan details and Medicaid ID numbers, as well as billing and insurance claim data, were compromised. The LockBit ransomware group claimed responsibility for the attack and published the stolen files on their dark web leak site after MCNA refused to pay a $10 million ransom demand.

This incident marks one of the largest healthcare data breaches of 2023, highlighting the ongoing threat posed by ransomware attacks in the healthcare sector.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about

Sign Up for Weekly Cyber Intelligence Delivered to Your Inbox

Sign Up
Sign up to get Cyber Intelligence Weekly in your inbox.