Global Cyber Pulse: 20 November, 2024

November 20, 2024 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

Cybersecurity vulnerabilities continue to plague critical sectors worldwide, with nearly 27 million Americans relying on water systems at high risk and Australian critical infrastructure facing escalating cyber threats from state-sponsored actors like China and Russia.

Meanwhile, Ford confirmed its systems remain secure despite claims of a data breach, and Aspen Healthcare disclosed a ransomware attack compromising sensitive consumer information. Cybercriminals are also hijacking misconfigured Jupyter Notebooks for illegal sports streaming and recruiting penetration testers for ransomware operations.

These incidents underscore the urgent need for robust cybersecurity measures across industries.

Millions of Americans at Risk Due to Cybersecurity Gaps in Water Systems

A recent report from the U.S. Environmental Protection Agency’s Office of the Inspector General (OIG) reveals that nearly 27 million Americans rely on water systems with significant cybersecurity risks. An additional 83 million are served by systems with medium to low vulnerabilities, such as open portals visible externally.

The OIG’s findings align with earlier warnings from the Government Accountability Office (GAO), the EPA, and cybersecurity experts about threats targeting water infrastructure, including activities by Russian and other foreign adversaries. Water systems remain one of the most vulnerable critical infrastructure sectors, often unprepared for prolonged disruptions.

Fortunately, recent attacks on American Water Works and Arkansas City’s systems did not impact operational technology (OT) networks. However, the OIG cautioned that exploiting these vulnerabilities could lead to service disruptions or physical damage to water infrastructure.

Ford Confirms No Breach in Alleged Data Theft Incident

Ford Motor Company has clarified that its systems remain secure, and no customer data was compromised following claims of a breach. A threat actor, identified as “EnergyWeaponUser,” had alleged they accessed a database containing 44,000 customer records, including names, addresses, and purchase details.

Despite these claims, Ford’s investigation confirmed there was no breach of its network or customer data. “Ford’s systems were not compromised, and no customer information was exfiltrated,” the company stated.

Aspen Healthcare Reports Data Breach Following Ransomware Attack

Aspen Healthcare Services has disclosed a ransomware attack that compromised sensitive consumer information. According to a notice filed with the Texas Attorney General, the breach affected data such as names, birthdates, addresses, insurance IDs, health records, and Social Security numbers.

The attack, detected on October 23, 2024, prompted Aspen Healthcare to secure its systems, notify authorities, and investigate the incident. Impacted individuals have been notified, with further details provided on the compromised information.

Victims are urged to monitor their accounts for potential fraud and consider legal advice to understand their rights and options.

Hackers Exploit Jupyter Notebooks to Stream Illegal Sports Events

Cybercriminals are leveraging misconfigured Jupyter Notebooks to hijack systems for illegally streaming sports events. Cloud security firm Aqua discovered these attacks while monitoring its honeypots, revealing that attackers use tools like FFmpeg to capture and stream live broadcasts.

Jupyter Notebooks, commonly used in data science, have become an unexpected vector for enabling piracy, highlighting the need for stricter configurations and monitoring in these environments.

Ransomware Gangs Recruiting Pen Testers for Affiliate Programs

Cybercriminal groups, including Apos, Lynx, and Rabbit Hole, are actively recruiting penetration testers to enhance their ransomware operations. Research by Cato Networks’ Cyber Threats Research Lab (CTRL) uncovered job listings on Russian marketplaces seeking experts to identify vulnerabilities in systems.

Etay Maor, Chief Security Strategist at Cato Networks, explained that skills traditionally used to secure systems are now being repurposed by ransomware affiliates to exploit them.

Cyberattacks on Australian Infrastructure Escalate

Over 11% of cybersecurity incidents in Australia last year targeted critical infrastructure, including electricity, water, and transportation, according to a report by the Australian Signals Directorate. A significant portion involved phishing, public-facing interface exploitation, and brute-force attacks.

Defence Minister Richard Marles expressed concern over the growing focus of cybercriminals and state-sponsored actors on critical infrastructure. He also highlighted evolving tactics by China, Russia, and Iran, with China’s activities pointing toward disruptive pre-positioning rather than conventional espionage.