Global Cyber Pulse: 2nd December 2024

December 2, 2024 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

Cybersecurity experts have exposed Rockstar 2FA, a sophisticated phishing-as-a-service toolkit targeting Microsoft 365 credentials through adversary-in-the-middle attacks, bypassing even multi-factor authentication (MFA).

Meanwhile, the ransomware attack on Bologna FC compromised 200GB of sensitive data, escalating concerns about cyber threats to sports organizations. Similarly, a breach at Alder Hey Children’s NHS Foundation Trust in the UK highlights vulnerabilities in healthcare, with attackers claiming to have stolen patient and donor records spanning years.

Election cybersecurity has also come under scrutiny, with Romania’s presidential election allegedly targeted by cyber influence campaigns linked to Russia. In Uganda, the central bank suffered a cyberattack resulting in potential multimillion-dollar losses, raising alarm about insider vulnerabilities. Lastly, Niva Bupa Health Insurance faced threats of data exposure, prompting immediate investigations and enhanced security measures.

Phishing Campaigns Exploit 2FA Vulnerabilities

Cybersecurity experts have flagged a new wave of malicious email campaigns leveraging “Rockstar 2FA,” a phishing-as-a-service (PhaaS) toolkit aimed at compromising Microsoft 365 credentials. Researchers Diana Solomon and John Kevin Adriano from Trustwave warn that the campaign employs adversary-in-the-middle (AitM) techniques, allowing attackers to intercept credentials and session cookies—even bypassing multi-factor authentication (MFA).

Rockstar 2FA, an evolution of the DadSec (Phoenix) phishing kit, is sold via platforms like Telegram and ICQ, costing $200 for two weeks or $350 for a month. Its features include MFA bypass, cookie harvesting, anti-bot measures, and customizable phishing templates. Its user-friendly admin panel enables criminals, even those with minimal technical skills, to launch large-scale phishing campaigns.

Ransomware Hits Italian Football Club Bologna FC

Italian football club Bologna FC has confirmed a ransomware attack compromising 200GB of sensitive data, including financial records, player medical information, and business plans. The RansomHub gang, which claimed responsibility, threatened to expose violations of European data protection laws and football regulations.

This incident highlights the rising trend of cyberattacks on sports organizations, following cases like the Dutch soccer federation’s breach last year. Bologna FC has warned against accessing or sharing the stolen data, labeling it a serious criminal offense.

Children’s Hospital Data Breach in the UK

The Alder Hey Children’s NHS Foundation Trust in Liverpool has acknowledged claims by the INC Ransom group about stealing patient records, donor data, and procurement files. The breach, allegedly spanning 2018-2024, is under investigation by the UK’s National Crime Agency.

Despite the breach, hospital operations remain unaffected. Authorities are working to assess the data’s impact and secure systems to protect sensitive patient information, reiterating their commitment to adhering to legal responsibilities.

Cyber Influence on Romania’s Presidential Election

Romania’s national security council has raised alarms over cyberattacks targeting the presidential election’s integrity. Although specifics remain undisclosed, Russia is suspected of orchestrating these influence campaigns, continuing its pattern of meddling in NATO member states’ electoral processes.

The warning coincides with a vote recount in Romania’s first-round presidential elections, where a nationalist candidate with Moscow-leaning views emerged victorious. The incidents underline the growing risks to democratic processes globally.

Uganda’s Central Bank Cyberattack

Ugandan officials have confirmed a cyberattack on the Bank of Uganda, with reports suggesting a $17 million theft by a Southeast Asian hacker group. While authorities have frozen some funds in Japan and the UK, concerns linger about insider involvement.

The incident has prompted calls for greater transparency and accountability, with opposition leaders emphasizing the need to address vulnerabilities in the financial system.

Niva Bupa Health Insurance Data Threat

Niva Bupa Health Insurance reported receiving a threat from an unidentified source claiming access to customer data.

Although the attackers shared limited customer data fields, the company has initiated a detailed security and impact assessment involving external cybersecurity experts to mitigate risks.