SSL.com

Cybersecurity Roundup June 2024

Maxicare Healthcare Corporation Suffers Data Breach, Alerts Members 

Maxicare Healthcare Corporation has alerted its members of a potential data breach compromising personal and medical information discovered on June 13, 2024. The breach involved data submitted to Lab@Home, a third-party service. Maxicare reassured members that no immediate action is needed and is actively minimizing further risk with ongoing investigations. The company has informed the National Privacy Commission and is urging vigilance while enhancing cybersecurity measures.
SSL.com Insights: In the wake of the data breach affecting Maxicare Healthcare Corporation, it is crucial for organizations to enhance their cybersecurity posture by implementing stringent access controls and employing multi-factor authentication to safeguard sensitive information systems. Companies should ensure that third-party services, like Lab@Home in the Maxicare case, adhere to strict security standards and that data sharing practices are secured through robust encryption protocols. Additionally, continuous monitoring and auditing of system access can help detect unauthorized activities early, preventing potential data compromises. It is also advisable to enforce comprehensive incident response strategies to quickly address and mitigate the effects of a breach, ensuring that the organization can recover with minimal disruption. 

SSL.com’s Client Authentication certificates can significantly fortify these protective measures by verifying the identities of all users accessing sensitive systems, ensuring that only authorized personnel can view or manipulate critical data. The deployment of SSL.com’s Client Authentication certificates across an organization’s network also helps in establishing a more secure and resilient infrastructure, making it harder for unauthorized actors to gain access through stolen credentials or other common attack vectors.

 

Secure Access, Protect Integrity  

Get Certified

Cyber Espionage Escalates: Ukraine’s Defense Forces Under Attack

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber espionage campaign called “SickSync” targeting Ukrainian defense forces, attributed to the threat actor UAC-0020 (Vermin). This campaign uses spear-phishing emails with a trojanized SyncThing application to deliver the SPECTR information-stealing malware.   SPECTR’s capabilities include screenshot capture, file harvesting, USB data collection, and credential theft, using SyncThing’s synchronization functionality for data exfiltration. CERT-UA also reported social engineering attacks using the Signal app and malicious Excel documents targeting the Ukrainian Ministry of Defense, emphasizing the need for up-to-date security protocols against such threats. 
SSL.com Insights: To defend against sophisticated cyber-espionage campaigns like SickSync, which utilizes spear-phishing to deploy malware, organizations should enhance their email security protocols and conduct regular security awareness training for all employees, focusing on the identification of suspicious email attachments and links. Given the malware’s capability to steal data from applications and browsers, it is vital to secure end-point interactions with strong encryption and constant monitoring of anomalous behavior that could indicate a breach. Implementing a reliable system to encrypt and digitally sign communications, especially those containing sensitive information, can mitigate the risk of data interception and tampering. SSL.com’s S/MIME certificates ensure the authenticity and integrity of email communications, making it significantly more challenging for attackers to exploit email as a vector for malware distribution. 

SSL.com’s S/MIME certificates provide an essential layer of security by offering end-to-end encryption for emails, thereby protecting sensitive data from unauthorized access during transmission. Additionally, the digital signing of emails certifies the sender’s identity to the recipient, which is crucial in preventing impersonation attacks often seen in spear-phishing campaigns.

Encrypt Emails, Verify Senders  

Secure Now

North Korean Hackers Deploy New Dora RAT in South Korean Cyberattacks

Andariel, a North Korea-linked threat actor, has launched cyberattacks against South Korean educational institutes, manufacturing firms, and construction businesses using a new Golang-based backdoor called Dora RAT, reported by AhnLab Security Intelligence Center (ASEC). The attacks exploited vulnerable Apache Tomcat servers to distribute malware, including a variant of Nestdoor, with Dora RAT providing reverse shell and file transfer functionalities, some samples signed with a valid UK certificate to evade detection.   Andariel’s toolkit also included a keylogger, information stealer, and SOCKS5 proxy, with a recent shift towards financially motivated attacks. These incidents highlight the persistent cyber threats from state-sponsored North Korean groups, emphasizing the need for enhanced cybersecurity measures in targeted sectors.
SSL.com Insights: To fortify defenses against advanced persistent threat groups like Andariel, which exploit outdated software and use sophisticated malware like Dora RAT, organizations should ensure they are not only regularly updating their systems but also rigorously scanning all software and updates before deployment. Incorporating an automated tool that can integrate with continuous integration/continuous deployment pipelines to sign code and verify its integrity before it is released can prevent tampered software from reaching production environments. This includes scanning for vulnerabilities and malware as part of the pre-deployment checks. Educating employees about the tactics used in spear-phishing and watering hole attacks, and training them to recognize and report suspicious activities, can also diminish the risk of initial compromises. 

SSL.com’s eSigner service enhances this protective framework by providing a cloud-based code signing solution that ensures all software releases are authenticated and untampered, adding an essential layer of trust and security. Moreover, SSL.com’s pre-signing malware scan service can be integrated with eSigner in order to detect and stop any compromised code before it becomes part of the software supply chain. This aligns seamlessly with the need for heightened vigilance and security measures highlighted by the ongoing threats faced by South Korean institutions.

Authenticate Code, Ensure Integrity  

Sign Securely

BlackSuit Ransomware Behind CDK Global’s Massive IT Outage

CDK Global, a major SaaS provider for car dealerships, is experiencing a significant IT outage due to an attack by the BlackSuit ransomware gang, disrupting operations across North America and forcing dealerships to revert to manual processes. The company shut down its IT systems and data centers to contain the attack, including its car dealership platform, and is negotiating with the ransomware gang to obtain a decryptor and prevent data leaks.   BlackSuit, suspected to be a rebranded version of the Royal ransomware operation, has caused additional cybersecurity incidents during restoration attempts. CDK Global has warned dealerships of potential social engineering attempts by threat actors posing as CDK agents, emphasizing the ongoing threat of ransomware attacks and their impact on business ecosystems. 
SSL.com Insights: To counter sophisticated ransomware attacks like the one experienced by CDK Global, organizations must implement advanced measures that go beyond standard security practices. Companies should adopt systems that enable the isolation and strict control of access to sensitive data, ensuring that only authenticated and authorized devices can connect to critical segments of their network. This includes enforcing policies that verify the identity of all devices and users before granting access, coupled with real-time monitoring for any unauthorized attempts to access the network. Furthermore, routine security assessments and updates are essential to identify vulnerabilities and apply necessary patches to prevent exploitation by malware. 

SSL.com’s Client Authentication certificates can provide a robust layer of security by ensuring that only devices with verified certificates can access network resources, thus helping to mitigate the risk of unauthorized access. By integrating SSL.com’s digital certificates, organizations can enhance their security posture and protect sensitive data from being compromised during such cybersecurity incidents.

Authenticate Access, Enhance Security  

Verify Now

New SSL.com article: Streamlining Digital Signature Workflows with eSigner Integration

We are delighted to share our new article that discusses how our eSigner digital signing service represents a significant development in cybersecurity, particularly for enhancing digital transaction security and efficiency. The article explains how eSigner offers a robust, cloud-based solution that integrates seamlessly into existing workflows, ensuring that digital signatures are not only legally binding but also embedded with a user’s identity. This advancement provides businesses with a flexible and secure method to handle digital signatures, underpinned by the assurance of SSL.com’s trusted Certificate Authority status.  Furthermore, eSigner’s variety of integration options, including direct API access and a simplified Java command-line tool, reflects SSL.com’s commitment to accessibility and customization in digital security solutions. The introduction of the Document Signing Gateway, an on-premises solution, highlights a pivotal shift towards more controlled and secure data handling practices, essential for sensitive environments. These innovations not only bolster the security posture of businesses but also align with stringent compliance requirements, making SSL.com’s eSigner an indispensable tool in the modern digital landscape.

Read the article here

SSL.com Announcements

SSL.com’s S/MIME Certificates can now be integrated with an LDAP-enabled network

LDAP (Lightweight Directory Access Protocol) is an industry-standard protocol for accessing and managing directory information services. It is commonly used for storing and retrieving information about users, groups, organizational structures, and other resources in a network environment.

Integrating LDAP with S/MIME certificates involves utilizing LDAP as a directory service to store and manage user certificates. 

By integrating LDAP with S/MIME certificates, organizations can centralize certificate management, enhance security, and streamline the process of certificate retrieval and authentication in various applications and services that leverage LDAP as a directory service.

Contact sales@ssl.com for more information on LDAP integration. 

Single Sign On (SSO) can now be enabled for SSL.com accounts 

SSL.com users can now activate Single Sign On (SSO) for their accounts. This feature allows users to link their Google, Microsoft, GitHub, and Facebook accounts to their SSL.com accounts. Once linked and logged in to any of the four service providers mentioned, there is no need for users to repeatedly login to their SSL.com accounts with their username and password.  The adoption of SSO by SSL.com represents a commitment to maintaining high security standards while providing a user-friendly environment, ultimately fostering a safer and more secure online experience for its users. 

Automate Validation and Issuance of Email Signing and Encryption Certificates for Employees 

< p align=”justify”>Bulk enrollment is now available for Personal ID+Organization S/MIME Certificates (also known as IV+OV S/MIME), and NAESB Certificates through the SSL.com Bulk Order Tool. Bulk enrollment of Personal ID+Organization S/MIME and NAESB Certificates has the additional requirement of an Enterprise PKI (EPKI)  Agreement. An EPKI Agreement allows a single authorized representative of an organization to order, validate, issue, and revoke a high volume of these two types of certificates for other members, thereby enabling a faster turnaround in securing an organization’s data and communication systems.
Exit mobile version