MSP cybersecurity news digest, October 10, 2024

Cyberattack hits French media giant Agence France-Presse, impacting content delivery services

AFP (Agence France-Presse) reported a cyberattack affecting its IT systems and client content delivery services.

The attack did not impact news coverage, but some client services were disrupted. AFP is working with France's cybersecurity agency, ANSSI, to address the issue. The attack's nature and perpetrators remain unknown, and AFP advised partners to change FTP passwords as they may have been compromised.

AFP is a major news agency with global operations, providing real-time news feeds and content services. France has faced multiple cyberattacks this year, targeting healthcare, government, and cultural institutions. No group has claimed responsibility for the AFP attack so far.

Kuwait Health Ministry recovering after cyberattack affecting hospitals and Sahel health care app

Kuwait's Health Ministry is recovering from a cyberattack that affected hospitals and the Sahel healthcare app. Kuwait, with a population of over four million served by 36 hospitals (including 20 public ones), is known for having one of the best health care systems in the Gulf region.

While the ministry’s website remains down, systems at the Kuwait Cancer Control Center and health insurance offices have been restored using backups. Officials confirmed that basic health care services were maintained and that essential databases were not breached. They worked with government security agencies to contain the attack and prevent further damage, though certain systems had to be shut down for updates.

No group has claimed responsibility, and the timeline for full restoration is unclear. This attack follows a history of cyber incidents targeting Kuwait's government systems.

More_eggs backdoor malware tricks recruiters into downloading fake resumés

A spear-phishing campaign targeting recruiters has been observed delivering the More_eggs backdoor malware disguised as job applications.

The attackers trick victims into downloading malicious files by using fake resumes, often in ZIP archives containing Windows shortcut (LNK) files. Once executed, the More_eggs malware siphons credentials and performs reconnaissance on the compromised host.

The malware is linked to the Golden Chickens group and used by several e-crime groups like FIN6 and Evilnum. A recent variation uses PowerShell and Visual Basic scripts to carry out the infection. Attribution is challenging due to More_eggs being sold as malware as a service.

Kansas water treatment plant switches to manual operations following a cyberattack

Arkansas City, Kansas switched its water treatment plant to manual operations following a cyberattack. The cyberattack took out the water treatment’s control systems and included a ransom demand.

Homeland Security and the FBI are investigating the incident, but city officials confirmed that the water supply remains safe, and no disruption to water treatment occurred. The city manager assured residents that their drinking water is secure and the facility is fully operational under manual control.

Authorities and cybersecurity experts are working to resolve the situation and restore normal operations. Enhanced security measures have been implemented, and no changes to water quality or service are expected. Some residents may experience low water pressure due to pump issues while the system is being addressed.

India podcast platform exposes 38 million users’ data through via security flaw; massive French data leak reveals 95 million records

KukuFM, one of India’s most popular podcast and audiobook platforms, exposed the data of over 38 million users by leaving an open Kibana instance accessible to the public.

Despite being notified about the security flaw, KukuFM failed to take prompt action, leaving user email addresses, phone numbers, and profile pictures vulnerable to misuse. Similarly, in a separate case, a massive leak in France revealed 95 million records from various breaches, including phone numbers, emails, and partial payment information, all accessible through an unsecured Elasticsearch server, a tool for data analytics and search in near real-time.

This database, dubbed “vip-v3,” is believed to be the result of a threat actor compiling data from at least 17 different breaches, raising severe privacy concerns for affected individuals.