Cyber News Rundown: Emotet rears its head again, already in 179 countries
The banking botnet Emotet has risen from its grave to start infecting devices again. Though they no longer control close to 2 million unique devices, they still control 100,000 of them. In other cybersecurity news, Romanian petrol company Rompetrol suffered a cyberattack that’s disrupting their internal systems.
After several years of inactivity, banking botnet Emotet seems to have started up its operations again. Once controlling upwards of 1.7 million unique devices, Emotet has been reduced to operating with just over 100,000 devices. They have spread across 179 countries around the world. With Emotet’s return to the marketplace, it also comes with enhanced info-stealing tactics that can obtain and send significantly more data back to the operators.
Following a security incident at the Duncan Regional Hospital in Oklahoma, upwards of 92,000 patients may have been affected and had their sensitive information accessed by an unauthorized party. Officials first discovered the incident after being inexplicably unable to access several systems within their network. They quickly worked to take them offline to prevent further intrusion, though the damage was already done. It’s unclear how the malicious actors entered the network, or how much information they were able to upload before being detected.
Over the past year, researchers have been monitoring a new Linux vulnerability that allows attackers with read-only access to make arbitrary changes to files on Linux distros that result in file corruption. The vulnerability works by following a few simple rules to avoid making noticeable changes to the file, and it was found to even work on read-only mountable drives. Fortunately, the vulnerability only worked on a few older versions of Linux but was quickly patched once the Linux kernel security team were made aware of the exploit.
Petrol company Rompetrol, one of the largest manufacturers in Romania, have been responding to a cyberattack that disrupted their internal network and forced their websites offline. Following the attack, the leak site for the Hive ransomware group posted regarding the main domain for Rompetrol with a ransom demand of $2 million. In exchange for the ransom, Hive will hand over the file decryptor and not release any stolen data. The Hive group are known for being highly active, often responsible for attacks on three companies per day.
PressReader’s website, the largest digital publication distributor in the world, was taken offline by a cyberattack. It is believed the attack itself is linked to the organization’s recent removal of Russian titles from their sites and posted in support of Ukraine, with the offer of free access to Ukrainian citizens. Fortunately, staff are already working on restoring affected publications and returning their service back to normal operation.