Weekly Cyber Reports

This Week in Cyber 11th November 2022

Latest news & views from our Cyber Analysts

Written by

Team Nucleus

Written on

11th November, 2022


Citrix Issues Patches for Critical Flaw

Citrix have released patches for a critical flaw that affected the application delivery controller (ADC) and Gateway products. The flaw was a critical authentication bypass vulnerability that could allow attackers to gain full control of affected systems. The flaw required a prerequisite that the appliances are either configured as a VPN or an authentication, authorization, and accounting (AAA) virtual server. Citrix have stated ‘that affected customers should install the relevant updated versions of Citrix ADC and Gateway as soon as possible’.


New Malicious Campaign Targeting Indian Banks Customers

Researchers have issued a warning due to a massive phishing campaign targeting Indian banking customers. Trend Micro have reported that “The bank customers targeted include account subscribers of seven banks, including some of the most well known banks located in the country and potentially affecting millions of customers”. The phishing campaign has a common method of delivery which is via SMS and contains a malicious link alongside an urgent message stating that they are due a tax refund. Once the link is clicked, it downloads malware named ‘Elibomi’ which is a sophisticated information stealer that has been seen in the wild since 2021. Trend Micro have also observed that there has been a significant increase of phishing campaigns in the Indian region and that there is an uptick in threat actors working in that area.


Medibank Refuses to Pay Ransom After Exposure of 9.7 Million Customers in Cyber Attack

Medibank, Australia's largest health insurer confirmed on Monday the 7th of November that 9.7 million customers personal data was accessed and stolen during a breach. Alongside this, they also confirmed that they will not be paying the ransom as it could 'encourage the criminal to directly extort our customers' and make Australia a bigger target. The attack itself was detected on October the 12th and was consistent with that of a ransomware attack. The affected servers were isolated from the rest of the network, but not before the attackers were able to exfiltrate the data. The stolen data includes customer names, dates of birth, addresses and phone numbers. The numbers of affected customers are comprised of 5.1 million Medibank, 2.8 million AHM (Australian Health Management) in which among the stolen data, included Medicare numbers and 1.8 million international customers, whose passport details were among the data. A further 480,000 records relating to health claims were also stolen. 300,000 AHM, 160,000 Medibank and 20,000 international. Medibank are working closely with the Australian Government / Cyber Security Centre and Australian Federal Police in their investigation.


Continental are Being Ransomed $50Million

Back in August this year, the large motor company ‘Continental’ were victims of a cyber breach where confidential files were stolen/encrypted. LockBit have claimed to be the group behind the attack and have posted screenshots of failed communications between them and Continental. Continental have stated that the hackers did not manage to steal data whereas LockBit have stated that they stole 40GB worth of files. The price of the ransom suggests that the hackers have stumbled upon incredibly valuable documents relating to new technology, source code or company secrets. The CEO of Continental has not commented on the claim from LockBit and states that ‘Investigations are still ongoing’.


Recommended Posts

Subscribe to Nucleus blog updates.

Subscribe to our newsletter and stay updated.

Subscribe to Nucleus