Cyber Security Monthly Recap: March 2024

Hi there, lovers of security! Did you miss our Cyber Security Monthly Recap? We’re back with the third installment of our monthly series, which consists of brief but informative tidbits to keep you informed about the Security and Safety sector. For March, we summarized a selection of important topics that offer useful cybersecurity takeaways and compelling indications regarding the direction of cybersecurity. So, let’s get started!

Cyber Security Monthly Recap March 2024
Cyber Security Monthly Recap March 2024

CISA Hacked via Ivanti Vulnerabilities

For more than a month, the world has been responding to Ivanti VPN vulnerabilities, but new information keeps coming to light. How can businesses expect to perform any better if the U.S. Cybersecurity and Infrastructure Security Agency can be hacked using the same method they warned everyone else about?

The U.S. cybersecurity agency, CISA, confirmed that a threat actor had compromised two of its internal systems by taking advantage of vulnerabilities in Ivanti products. Two zero-day vulnerabilities that were being exploited by a Chinese nation-state threat actor were revealed by Ivanti on January 10. 

Robust Cybersecurity is still the most important advantage that businesses can have in any competitive market. You will attract more and better clients and increase your revenue if you can demonstrate to your clients that you are highly resistant to the Citrix Netscaler vulnerabilities, CISCO ASA vulnerabilities, and Ivanti VPN vulnerabilities. Businesses that are unable to accomplish this will either suffer from a cyberattack or from a loss of clients.

UnitedHealth Has Suffered a Cyberattack

Pharmacies around the US are finding it difficult to control the distribution of prescription drugs to patients as a result of a cyberattack on UnitedHealth. Hackers breached the network of Change Healthcare, a UnitedHealth subsidiary that handles prescription processing for tens of thousands of pharmacies across the country.

Prescriptions could not be sent by pharmacies to insurance companies for reimbursement due to a cyber incident. The continuous problem prevented Naval Hospital in Camp Pendleton, California, from processing any prescription claims, and Evans Army Community Hospital in Colorado reported delays in prescription orders that affected refills and dispensing. A small pharmacy in Norton, Kansas called Moffet Drug and the prescription discount service GoodRx both reported service interruptions. 

In a filing with the Securities and Exchange Commission (SEC), UnitedHealth revealed that there’s a chance that a group of hackers funded by a foreign country planned the cyberattack. The business quickly identified and contained the attack, alerted law enforcement, and started working to get its systems back online.

In response, the American Hospital Association recommended that hospitals cut off from UnitedHealth’s network until the problem was fixed in order to reduce their vulnerability to hackers. Change Healthcare thinks that because disruptions persisted during the attack, the attack was contained within its network.

“Mother of all Breaches” brings more security implications

Early in 2024, researchers from Security Discovery and Cybernews stumbled upon a dataset that included 26 billion compromised accounts from a variety of platforms, including Tencent, Adobe, Dropbox, LinkedIn, X (Twitter), Canva, and Telegram. This discovery was named as the “mother of all breaches” (MOAB).

The widespread hack has affected numerous international government agencies, including those in the US, Brazil, Germany, the Philippines, and Turkey. The recently released dataset contains some new information in addition to data that was stolen in earlier breaches. The disturbing thing is that businesses could face serious issues due to the continuous risk the 12-terabyte dataset poses to client information and business security. Thanks to the data that is available, threat actors can now launch more effective cyberattacks and easily carry out crimes like identity theft.

Therefore, it is advised that businesses adopt a proactive stance and monitor their infrastructure for signs of unusual activity, such as phishing attempts, unexpected network traffic, suspicious account activity, unknown access scenarios, and notable customer feedback. When everything is taken into account, the MOAB cyber incident emphasizes how important it is for businesses everywhere to drastically change their viewpoint on effective network security.

A $22 million scam was achieved by a ransomware group.

A significant section of the US healthcare sector was the target of a cyberattack conducted more than a month ago by a group of Russian hackers. The group planned a ransomware attack against a national Optum healthcare management system that manages patient accounts, including insurance claims, prescription orders, and payment processing.

Optum allegedly paid AlphV, a hacker group also going by the name Black Cat, to get rid of the ransomware and get back the stolen data. Blockchain’s ledger shows that on Friday, seven transfers totaling $3,348,114 were made from one account to seven different accounts. After fees, the total came to about $22 million. Later, an unidentified person on a dark web forum verified the$22 million payment but claimed AlphV took the money but kept lying and delaying the recovery of the stolen data.

This 4TB of “critical data” is sourced from multiple insurance and healthcare providers, including Medicare, Loomis, CVS-Caremark, and Metlife. A seizure notice appeared on AlphV’s website shortly after, most likely as a result of FBI and foreign agency action. However, the UK’s National Crime Agency—which was given particular credit on the notice—denied any involvement.

After more research, it was discovered that the seizure notice was a copy of one from another AlphV website, suggesting that the group is really defrauding its affiliates and creating the appearance of an FBI takedown. AlphVs may decide to go into hiding for the time being, reorganize, and then reappear on the dark web using a new identity. This is a typical strategy used by hacker groups under legal threat. This incident demonstrates that hackers will do whatever it takes to make quick profits.

Lockbit Has Made a Comeback

International law enforcement agencies severely disrupted the well-known ransomware group Lockbit in February. More than a thousand decryption keys were obtained by law enforcement as part of this operation, and several known Lockbit associates are currently being held.

These keys might aid in the recovery of affected data for group victims. Although this was good news, events changed a few days later. Lockbit seems to have already made a comeback with new encryptors and servers. In light of recent law enforcement actions, it is unclear if this group has been significantly impacted or if they have simply moved their operations elsewhere.


About the author

Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment