Blog Post
November 3, 2022
Australian Clinical Labs (ACL), an Australian healthcare company, has disclosed a February 2022 data breach that impacted one of its businesses, and exposed sensitive information of 223,000 individuals. The data includes medical information, credit card details, and other personal information. The breach, which was due to an attack by the Quantum ransomware group, was disclosed around 9 months after it occurred.
Kovrr’s Cyber Incidents Database has monitored several dozen Quantum attackers over the past 12 months. From monitored attacks it appears that Quantum mainly targets companies in the education industry, while the rest of the target industries are varied, and include government agencies and healthcare companies.
Thomson Reuters has been found to expose more than 3TB of customer data and other Thomson Reuters sensitive data on an unsecured ElasticSearch database. The data, which was discovered by researchers at Cybernews, contained among other things database connection logs, potentially allowing access of external actors to internal Thomson Reuters systems.
This shows the potential high impact of exposed data, which can lead to high financial damage to targeted organizations.
The threat group behind Ursnif, a popular and long-lived financial malware, are the latest to repurpose their financial malware as a backdoor. This trend has already been seen in the past with many successful financial malware groups, such as Trickbot and Emotet, repurposing their attack tool as a backdoor. The main reason behind this repurposing is the desire of attackers to possess more modular tools, which will allow attackers to customize their attack tool in order to achieve access to organizations, and then perform various malicious actions.
Through their partnerships with ransomware actors, these repurposed backdoors lead to high financial damages. For example, in the past the Emotet group has been associated with the Ryuk ransomware group. Ryuk ransomware was responsible for many high profile and high cost ransomware attacks, including an estimated €50M loss caused to the French IT company Sopra Steria.