Newsletters

Apple has sent this week a new batch of notifications about possible infections with mercenary spyware to iPhone users across 98 countries.

This was the company's second wave of notifications it sent this year after a first round back in April.

The new "mercenary spyware" notifications are Apple's older "state-sponsored attacks" alerts the company was sending in previous years.

The US Department of Justice has taken down a Twitter botnet operated by Russian news organization RT that was used to spread Kremlin propaganda on a large scale across Europe and the US.

According to court documents, the botnet consisted of at least 968 accounts and was operated by an editor-in-chief from RT's Moscow headquarters.

The botnet was established in early 2022, shortly after Russia's invasion of Ukraine, and its main role was to spread disinformation and favorable Russian narratives about the war.

For the past two weeks, a ransomware attack has been wreaking havoc among healthcare services and putting lives at risk across South Africa.

The incident took place on June 22 and hit the National Health Laboratory Service (NHLS), a South African government organization that does lab work for the country's hospitals.

The attack and subsequent IT outage crippled 265 NHLS laboratories and their ability to process blood work. According to a report from the Cape Independent, the labs are behind on over 6.3 million blood tests. The lack of proper blood work is delaying accurate diagnostics and has postponed operations, putting countless patient lives at risk.

A whitepaper published last year by academics from the University of Minnesota's medical school has looked at the aftermath of ransomware attacks on US hospitals and found evidence to suggest that mortality rates typically increase by around 20%.

The study looked at hospital admissions before, during, and after a ransomware attack, at the hospital's profits, and reported patient deaths.

Researchers said the most affected category were patients who were already hospitalized at the time of the ransomware attack, compared to patients who were admitted after, where hospital staff could adjust procedures to take into account for unavailable IT systems.

KT, formerly Korea Telecom, has been accused of deliberately infecting 600,000 of its own customers with malware to reduce peer-to-peer file sharing traffic. This is a bizarre hack and a great case study of how government regulation has distorted the South Korean internet.  

South Korean media outlet JTBC reported last month that KT had infected customers who were using Korean cloud data storage services known as 'webhards' (web hard drives). The malware disabled the webhard software, resulted in files disappearing and sometimes caused computers to crash.  

JTBC news says the  team involved "consisted of a 'malware development' section, a 'distribution and operation' section, and a 'wiretapping' section that looked at data sent and received by KT users in real time". Thirteen KT employees and contractors have been referred by the police for prosecution. 

There's an unauthenticated remote code execution vulnerability in OpenSSH. We're all gonna d... Nah, I'm kidding! It's actually not as bad as that combination of words makes it seem.

The vulnerability was discovered and disclosed on Monday by security firm Qualys. It is tracked as CVE-2024-6387 and is also known under the name of regreSSHion.

It impacts all OpenSSH versions released since October 2020.

The Risky Business News team has been on a break for the past two weeks, and as such, we're a little bit behind.

Below are the major headlines from the past week as we play catch-up with the infosec news cycle. We'll see you back on Wednesday with our usual super-detailed coverage of the infosec field!

TeamViewer hacked: TeamViewer says Russian hackers have breached its internal network in a security breach last week. The company says the hackers obtained an employee's credentials and accessed its corporate network on Wednesday, June 26. TeamViewer says there is no evidence that the hackers accessed customer data or its main product environment. The company has attributed the hack to APT29 (Midnight Blizzard), a cyber-espionage unit inside Russia's SVR intelligence agency.

The US Government has decided to evict Russian cyber security company Kaspersky from the US market, announcing a ban on sales to US customers and applying financial sanctions to Kaspersky's senior leadership.

Last Thursday, the Commerce Department announced Kaspersky will be prohibited from selling to US customers from late July and that its operations in the country must stop by 29 September. 

This means no more codebase and anti-virus signature updates, so  current customers have just a short period to find alternatives.  

The Russian government is holding private talks on establishing a dedicated cybersecurity agency, similar to the role CISA plays in the US.

Talks are in early stages but a RIA Novosti report suggests the initiative has support from Russia's private sector.

The Russian government has recently passed or started working on several cybersecurity-related initiatives.

A new report explores how effectively the Chinese state leverages civilian talent for state-sponsored cyber operations. 

From Vegas to Chengdu, by Eugenio Benincasa from the Center for Security Studies at ETH Zurich, focuses on the links between Chinese hacking contests and bug bounties and the country's cyber espionage programs. Interestingly, it finds that PRC vulnerability discovery efforts in recent years depend highly on just 'a handful' of Chinese researchers

The report pulls together information made public over the past several years to comprehensively summarise evidence the PRC funnels vulnerability research into state-sponsored espionage efforts.