By Ashwani Mishra, Editor-Technology, 63SATS
Dark Web: Zero-Day Exploits Dominate Cybercrime Markets, Detroit’s Wayne County Government Hit by Cyberattack, Dutch Police Point to State Actor Behind Data Breach, Cyberattack on Maui Clinic Affects Over 123,000 Patients, Growing Distrust in Threat Detection Tools Among SOC Teams, and North Korean Hackers Deploy VeilShell in Southeast Asia Campaign.
Stay tuned for more updates during Cybersecurity Awareness Month.
Dark Web: Zero-Day Exploits Dominate Cybercrime Markets
A new report from Kaspersky reveals that more than half of the dark web posts for buying and selling exploits involve zero-day or one-day vulnerabilities.
Between January 2023 and September 2024, Kaspersky discovered 547 listings on dark web forums and Telegram channels, targeting either undiscovered software vulnerabilities or those lacking patches. Notably, 51% of these listings were zero-day or one-day vulnerabilities, primarily exploited for unauthorized access and data theft.
Detroit’s Wayne County Government Hit by Cyberattack
A cyberattack has hit Wayne County, Michigan, disrupting all government websites and limiting several office functions. Home to Detroit and over 1.75 million residents, the county has transitioned services to backup processes.
According to spokesperson Doda Lulgjuraj, the county’s website is expected to resume normal operations soon, restoring access to essential services like property tax payments. The investigation, involving the FBI and Michigan State Police, is ongoing to determine the full extent of the attack.
Dutch Police Point to State Actor Behind Data Breach
The Dutch national police have reported a recent data breach, possibly orchestrated by a state actor. The breach compromised contact details, email addresses, phone numbers, and private information of multiple officers.
The attack involved hacking into a police account and accessing work-related details. The investigation is ongoing, and the authorities are yet to disclose details about the attacker, focusing instead on determining the nature, scope, and impact of the incident.
Growing Distrust in Threat Detection Tools Among SOC Teams
A Vectra AI report titled “The Defenders’ Dilemma” reveals that 60% of security operations center (SOC) practitioners believe they are flooded with unnecessary alerts from security vendors trying to avoid blame for breaches.
Additionally, 47% do not trust their tools to function effectively. This distrust is contrasted by growing confidence in their teams and optimism about AI’s potential in threat detection. The report highlights a struggle in detecting real threats due to the overwhelming number of siloed tools and inaccurate attack signals.
Cyberattack on Maui Clinic Affects Over 123,000 Patients
The Community Clinic of Maui, also known as Mālama, reported that a cyberattack in May exposed personal information of over 123,000 patients. The compromised data includes Social Security numbers, passport details, financial information, and medical treatment records.
The ransomware attack forced Mālama to close for nearly two weeks, impacting services even after reopening. The breach has caused significant concern among residents as the clinic struggled with offline servers and limited resources.
North Korean Hackers Deploy VeilShell in Southeast Asia Campaign
Threat actors linked to North Korea have been observed deploying a previously undocumented backdoor and remote access trojan (RAT) named VeilShell.
The campaign, dubbed SHROUDED#SLEEP by Securonix, has targeted Cambodia and other Southeast Asian nations and is attributed to APT37 (also known as InkySquid, Reaper, and more). The group is linked to North Korea’s Ministry of State Security and has previously used RokRAT (Goldbackdoor) and other custom tools for intelligence gathering as part of evolving state-aligned objectives.
