Les Bell

Welcome to today's daily briefing on security news relevant to our CISSP (and other) courses. Links within stories may lead to further details in the course notes of some of our courses, and will only be accessible if you are enrolled in the corresponding course - this is a shallow ploy to encourage ongoing study. However, each item ends with a link to the original source.

News Stories

Healthcare System Ransomware Attacks Continue

Although ransomware operators will often attack any target of opportunity - their primary goal is profit, after all - it seems that healthcare organizations are singled out for particular attention. In the latest attack, one of the largest hospital chains in the US, CommonSpiritHealth, revealed that it had experienced "an IT security issue" that took its systems down.

CommonSpirit operates over 140 hospitals, with many in Tennessee, Texas and Seattle announcing that they were affected. Patients have reported their surgery being delayed.

Collier, Kevin, Ransomware attack delays patient care at hospitals across the U.S., NBC News, 8 October 2022. Available online at https://www.nbcnews.com/tech/security/ransomware-attack-delays-patient-care-hospitals-us-rcna50919.

FBI Warns of Fake Batteries

Counterfeiting of their products has long been a problem for fashion brands such as Louis Vuitton and others, but it reaches a critical level for products such as aircraft parts, where the failure of an off-spec part can lead to tragedy. Somewhere in between these is the growing problem of counterfeit batteries; fakes may lack functionality  - I found this out the hard way after purchasing a replacement phone battery and discovering that a fake lacked the NFC functionality built into the OEM product, rendering some phone application useless.

Another problem is the possibility of short battery life or low capacity, or even thermal runaway leading to a fire which could destroy a device, or worse. So serious is the problem that the FBI has issue an alert providing advice, perhaps the best of which is the old adage: if that price is too good to be true, then the battery is likely counterfeit.

Uncredited, The FBI and Intellectual Property Rights Center Warns Public of Counterfeit Battery Scams, Alert Number I-093022-PSA, 30 September 2022. Available online at https://www.ic3.gov/Media/Y2022/PSA220930.

1.2 Million Compromised Credit & Debit Cards Leaked

Researchers at Cyble, monitoring dark web carder sites, have discovered the release of a dataset of over 1.2 million debit and credit cards by a group calling themselves 'BidenCash'.

The database, which was leaked on a forum hosting mainly Russian- and English-speaking cybercriminals, provides the card number, expiry date, CVV, the cardholder's name, address, date of birth, email and phone number, and also includes the social security number of US cardholders. Sorted by number of affected consumers, the top countries are the US, India, Brazil, the UK, Mexico, Turkey, Spain, Italiy, Australia and China.

Cyble's report includes a detailed analysis and a brief history of the 'BidenCash' group.

Uncredited, 'BidenCash' Strikes Again: Over 1.2 Million Compromised Payment Cards Data Leaked, Cyble blog, 7 October 2022. Available online at https://blog.cyble.com/2022/10/07/bidencash-strikes-again-over-1-2-million-compromised-payment-cards-data-leaked/.

Intel Alder Lake UEFI BIOS Source Code Leaked

Intel has confirmed that the UEFI BIOS source code for their Alder Lake processors has been leaked to 4chan and GitHib, along with tools for building optimized BIOS images. In confirming the breach, and Intel spokesperson claimed that they do not believe this leak will expose any new security vulnerabilities, and in fact, since the code is covered by the company's bug bounty program, it is an opportunity for researchers to help harden the code.

However, researcher Mark Ermolob, who immediately set to work analyzing the code, reported that he had found previously-undisclosed MSR's (Model-Specific Registers). Since the UEFI BIOS code runs at the beginning of the secure boot process, working closely with the TPM (Trusted Platform Module), and the MSR's are typically reserved for trusted code, this could pose a problem.

Even worse, Ermolov found the private key used to sign code for Intel's Boot Guard feature, so that feature is now useless. This all suggests that there could be further serious ramifications of this breach.

Alcorn, Paul, Intel Confirms Alder Lake BIOS Source Code Leak, New Details Emerge, Tom's Hardware, 10 October 2022. Available online at https://www.tomshardware.com/news/intel-confirms-6gb-alder-lake-bios-source-code-leak-new-details-emerge.

'Fattening the Pig' - More Details Emerge

As previously reported, Cambodia-based scammers have lured thousands of people from Thailand, Vietnam, Taiwan and elsewhere to work in scam call centers under appalling conditions. Now further details have emerged, detailing threats of beatings and even electrocution for workers who fail to make quotas of roughly $US12,500 'revenue' each month, in exchange for an initial 'salary' of $US200 or, in most months, nothing. When a worker does not make enough money for the bosses, they are sold to another gang.

The scam workers target victims all over the world, using romance and investment lures, working from converted hotels surrounded by walls to prevent escape. According to the Global Anti-Scam Organization, the average loss from victims is about $US100,000.

Thai police complain of a lack of cooperation from Cambodian authorities which has hampered attempts to repatriate Thai workers. In August, one group of predominantly Vietnamese workers managed to escape, throwing Molotov cocktails to startle their guards, then running from the building to jump into the Binh Di river and swim to Vietnam, on the other bank at least 70 m away. One 16-year-old drowned, and another man was caught, dragged backwards and beaten.

Ratcliffe, Rebecca, Nhung Nguyen and Navaon Siradapuvadol, Sold to gangs, forced to run online scams: inside Cambodia's cybercrime crisis, The Guardian, 10 October 2022. Available online at https://www.theguardian.com/world/2022/oct/10/sold-to-gangs-forced-to-run-online-scams-inside-cambodias-cybercrime-crisis.

These news brief blog articles are collected at https://www.lesbell.com.au/blog/index.php?courseid=1. If you would prefer an RSS feed for your reader, the feed can be found at https://www.lesbell.com.au/rss/file.php/1/dd977d83ae51998b0b79799c822ac0a1/blog/user/3/rss.xml.

Copyright to linked articles is held by their individual authors or publishers. Our commentary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.