Expert Insights Cybersecurity News Recap: December 3 – 10 2024

Last updated on Jun 6, 2025 1 Minute To Read
Caitlin Harris Written by Caitlin Harris
Laura Iannini Technical Review by Laura Iannini
Expert Insights Cybersecurity News Recap: December 3 – 10 2024

1. Over 300k Patients Affected By Hospital Ransomware Attack

A non-profit community hospital has notified over 316,000 patients that their personal data was compromised in a breach last year, reports Security Week and Infosecurity Magazine.

Anna Jacques Hospital in Newburyport, Massachusetts, was targeted by a ransomware attack on Christmas Day 2023. The attack forced the hospital to shut down their health record systems and divert patients from its emergency rooms.

Initial response: On January 19th, ransomware group “Money Message” began publicly extorting the hospital, claiming to have stolen 600 Gb of data. The group leaked allegedly stolen data samples on their site.

The hospital didn’t engage with the threat actors; instead, on January 24th, it disclosed the breach, noting that Personally Identifiable Information (PII) as well as medical and insurance information had likely been compromised. Days later, Money Message released all the stolen data for download.

Post-investigation: The hospital completed its forensic investigation of the breach in November this year and later announced that financial information may also have been stolen.

Last week, the hospital notified the Maine Attorney General’s Office that 316,342 individuals may have been affected by the breach. It is providing these individuals with two years of free identity theft and credit monitoring services through Experian IdentityWorks.

Staying vigilant: In addition to these services, Anna Jacques recommends that its employees and patients “remain vigilant” in reviewing their financial account statements and health insurance benefits statements for unexpected or fraudulent activity.

2. Ransomware Group “Termite” Takes Credit For Blue Yonder Breach

The “Termite” ransomware group has officially claimed responsibility for the November attack against supply chain vendor, Blue Yonder, reports Security Week.

The attack disrupted Blue Yonder’s managed services and impacted several firms using those services, including Starbucks and two major UK grocery stores, Morrisons and Sainsbury’s.

On Friday, Termite claimed responsibility for the attack via its Tor-based website.

​”Our team got 680gb of data such as DB dumps Email lists for future attacks (over 16,000) Documents (over 200,000) Reports Insurance documents,” the threat actors claim, and they have threatened to make some of that data available “soon”.

New kids on the block: Termite is a new ransomware group that emerged in mid-October, according to threat intelligence company Cyjax. The group’s website only lists seven victims in total, all added around the same time as the Blue Yonder breach.

Cybersecurity providers Cyble, and Broadcom Symantec both report that the file-encrypting malware used by Termite is a version of the Babuk ransomware that was leaked in September 2021.

Blue Yonder’s response: Blue Yonder is aware of the claims made by the threat actor and continues its investigation.

“We are aware that an unauthorized third party claims to have taken certain information from our systems,” the company said. “We are working diligently with external cybersecurity experts to address these claims.”

Staying protected: A strong threat detection and response solution is key to protecting your business against ransomware attacks, Martin Zugec, Technical Solutions Director at Bitdefender told Expert Insights.

“One thing I always recommend, especially for smaller and mid-market companies, is make sure you have detection and response capabilities. Doesn’t matter if it’s EDR, XDR, MDR. Threat actors generate a lot of noise, but in our investigations, we always see clues that could reveal these malware attacks,” Zugec says.

3. New Cyber Rules Proposed For US Telecom Following Salt Typhoon Breach

In response to the infiltration of either US telecom companies by Chinese cybercriminal group Salt Typhoon, the Federal Communication Commission (FCC) has proposed new requirements for carriers to secure their networks, reports SC Media.

On December 5th, FCC Chairwoman Jessica Rosenworcel proposed a Declaratory Ruling that would clarify that Section 105 of the Communications Assistance for Law Enforcement Act (CALEA) legally requires telecoms carriers to secure their networks against unlawful access and interception.

“As technology continues to advance, so does the capabilities of adversaries, which means the US must adapt and reinforce our defenses,” said Rosenworcel. “While the Commission’s counterparts in the intelligence community are determining the scope and impact of the Salt Typhoon attack, we need to put in place a modern framework to help companies secure their networks and better prevent and respond to cyberattacks in the future.”

The impact: Rosenworcel’s proposal would require carriers to submit an annual certification to the FCC proving that they have created, updated, and implemented a cybersecurity risk management plan.

If adopted, the Declaratory Ruling will take effect immediately.

4. Web3 Workers Targeted By Fake Video-Conferencing Apps

Hackers are targeting Web3 professionals with malware disguised as a video-conferencing app, reports TechRadar.

The app, called “Meeten”, installs an infostealer malware called Realst to exfiltrate sensitive information such as login credentials, bank card details, Keychain credentials, and browser cookies.

In some cases, victims were first contacted via Telegram, where they were offered a job opportunity and invited to a video call using Meeten. Researchers from Cado Security Labs found that the “Meeten” app had been rebranded numerous times, having previously used names including Meetio, Meetone, and others.

Once downloaded, the app would display a message saying that the victim needed to reinstall it or use a VPN. Meanwhile, the infostealer works in the background and a malicious JavaScript attempts to drain wallets connected to the app.

The big picture: Fake job ads have been around for years. One of the biggest thefts in the crypto world was caused by a fake job attack against Web3 developers, in which threat actors stole around USD 600 million in various tokens. And just this year, cybersecurity providers Jamf Threat Labs and Recorded Future have both uncovered attacks that used fake virtual meeting software to steal information and money from victims.

Staying safe: To protect themselves against these attacks, users should consider implementing a strong antivirus or anti-malware solution that can block malicious software, as well as an effective phishing protectiontool that covers multiple messaging channels.

5. Manson Market Fraud Marketplace Shut Down By Europol

Last week, Europol shut down a Clearnet marketplace that facilitated large-scale online fraud, reports The Hacker News and Help Net Security.

Led by the Hanover Police Department and the Verden Public Prosecutor’s Office in Germany, the operation enables authorities to seize over 50 servers, collect over 200 Tb of digital evidence, and arrest two suspects. Over 80 data storage devices as well as cash and crypto assets worth over USD 66,500 were also confiscated.

The background: Launched in 2022, the marketplace was used by cybercriminals to sell and trade data that had been stolen in phishing attacks. Users could filter stolen data by region and account balance, allowing them to carry out targeted fraud with accuracy and efficiency, says Europol.

Investigators also unearthed several phishing websites used to steal payment information, as well as a Manson Market channel on Telegram, the app involved in recent attacks against Web3 workers. Set up on October 14th 2024, the channel would share credit card details for free every day.

The impact: According to Hanover Police Department, around 57 victims have suffered over USD264,000 in losses due to the sale of stolen financial information on the marketplace.

That’s all for this week. 👋

We’re back on Thursday for our weekly cybersecurity vendor news roundup.

Expert Insights Cybersecurity Resources:

Written By Written By
Caitlin Harris
Caitlin Harris Deputy Head Of Content

Caitlin Harris is the Deputy Head of Content at Expert Insights. As an experienced content writer and editor, Caitlin helps cybersecurity leaders to cut through the noise in the cybersecurity space with expert analysis and insightful recommendations.

Prior to Expert Insights, Caitlin worked at QA Ltd, where she produced award-winning technical training materials, and she has also produced journalistic content over the course of her career.

Caitlin has 8 years of experience in the cybersecurity and technology space, helping technical teams, CISOs, and security professionals find clarity on complex, mission critical topics like security awareness training, backup and recovery, and endpoint protection.

Caitlin also hosts the Expert Insights Podcast and co-writes the weekly newsletter, Decrypted.

Technical Review Technical Review
Laura Iannini
Laura Iannini Cybersecurity Analyst

Laura Iannini is a Cybersecurity Analyst at Expert Insights. With deep cybersecurity knowledge and strong research skills, she leads Expert Insights’ product testing team, conducting thorough tests of product features and in-depth industry analysis to ensure that Expert Insights’ product reviews are definitive and insightful.

Laura also carries out wider analysis of vendor landscapes and industry trends to inform Expert Insights’ enterprise cybersecurity buyers’ guides, covering topics such as security awareness training, cloud backup and recovery, email security, and network monitoring. Prior to working at Expert Insights, Laura worked as a Senior Information Security Engineer at Constant Edge, where she tested cybersecurity solutions, carried out product demos, and provided high-quality ongoing technical support.

Laura holds a Bachelor’s degree in Cybersecurity from the University of West Florida.