Cyber Security Today, Feb. 12, 2024 – US seizes a website selling the Warzone malware

The U.S. seizes a website selling the Warzone malware.

Welcome to Cyber Security Today. It’s Monday, February 12th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

American authorities have seized a website and several domains that sold the Warzone remote access trojan to threat actors. The malware takes screenshots, records keystrokes, turns on computer video cameras and steals data. As part of the operation the U.S. also indicted individuals in Malta and Nigeria for alleged computer crimes. Both have been arrested. American authorities are trying to extradite the man in Malta for trial in the U.S. The U.S. credited Canada, Croatia, Finland, Germany, the Netherlands and Romania with helping in the takedown of the Warzone servers.

Cyber investigators in France are still looking into data breaches at two supplementary health insurance companies two weeks ago which saw the theft of data of more than 33 million people. That’s about half the country. The country’s privacy commission said data stolen on policyholders included people’s names, date of birth and their social security number. No banking or health data was stolen.

Separately, the France Info radio network reports that a ransomware attack forced a hospital in northern France to take its IT systems offline Sunday. It also had to temporarily close its emergency department.

Personal data on over 13 million Americans was stolen last spring from a company that provides medical transcription services to healthcare organizations. The company is Perry Johnson & Associates. Among its clients is Concentra Health Services, which has clinics across the U.S. Perry Johnson said the attacker accessed the IT system that held data on Concentra patients in April. Notification of the millions of victims started in November. We’re learning about it now because Perry Johnson filed a description of the data breach notification letters last week with Maine’s attorney general’s office.

Planet Home Lending, an American loan provider, has updated the number of victims involved in a data breach that took advantage of a Citrix vulnerability in its servers. Last month it said data on just under 200,000 customers was stolen in November. In an updated filing with Maine’s attorney general the company now says the number is almost 285,000 people.

A new backdoor targeting Mac computers has been discovered. Researchers at Bitdefender say the malware seems to impersonal an update for Microsoft Video Studio. So Mac users should be wary of emails or popups claiming to be a patch for this application. This malware may have been circulating since last November. Bitdefender suspects it may have been created by a ransomware gang.

The U.S. Federal Communications Commission won’t allow anyone in the U.S. to use artificial intelligence software to create voice-cloned automated phone calls. The regulator said last week calls recorded with AI-generated voices are forbidden on the Telephone Consumer Protection Act. Crooks are sending out robocalls that imitate the voices of celebrities and politicians for scams or misinformation. They are even using the technology to imitate family members for extortion. Not only will police go after crooks for robocalls for fraud, they will now be able to prosecute for illegal use of AI.

Last November news emerged that a Pennsylvania water authority’s water pressure regulating system was hacked by an Iranian threat group. The group planted a message on the system’s interface. The entry point was the system’s Unitronics internet-connected controller. As a result of that attack researchers at Censys did some internet scanning and found 149 internet-exposed Unitronics devices and services in the U.S. Interestingly, a number of them are honeypots. That is they are designed to lure hackers. However, Censys said many operators of the web control panels of Unitronics PLCs are still using the default password of 1111. Censys warns IT and OT administrators to a) make sure the default password is changed and b) that if these devices do have to be connected to the internet they should be protected by a VPN or firewall.

Want to start the day with more news? IT World Canada’s Jim Love has a daily general IT news podcast. It’s called Hashtag Trending. It can be found here or where Cyber Security Today is: on Apple Podcasts and Google Podcasts.