Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 1-22-2021

Hackers hijacked cloud accounts of high-tech and aviation firms, hid in systems for years
“The three-year dwell time is much longer than what we typically see during incident response investigations, which is often weeks or months,” said Christo Butcher, global lead of threat intelligence at Fox-IT, and head of the Fox-IT Research and Intelligence Fusion Team (RIFT), in an interview with SC Media. This is significant, he added, “because it indicates the actor was intent on securing long-term access to their victim.
This phishing scam left thousands of stolen passwords exposed through Google search
Attackers behind the phishing scam included an attached HTML file containing embedded JavaScript code that had one function: covert background checks of password use. When credential input was detected, they would be harvested and users would be sent to legitimate login pages. [...] The attackers' infrastructure includes a web of websites, backed by the WordPress content management system (CMS), that were hijacked.
Einstein Healthcare Network Announces August Breach
Einstein said its email system was compromised by an “unauthorized person” on Aug. 5, according to the statement, and persisted through Aug. 17. Einstein added it wasn’t able to figure out whether the contents of patient-related emails were stolen but is taking steps to alert patients who might have had everything from their name, date of birth and even diagnoses and prescriptions exposed to criminals.
Healthcare Web Application Attacks Increased by 51% Since the Introduction of COVID-19 Vaccines
Contrarily, the research notes that, while the volume of attacks increased, the number of breaches decreased. The researcher posited that as healthcare organizations spent more time in supporting remote work, other areas such as threat research, incident response, and incident analysis were negatively affected. The researchers warned of more cyber attacks targeting the healthcare industry in 2021.
Truckers' Medical Records Leaked
While TMD has not verified the alleged attack, FreightWaves reported that among the more than 3,000 TMD files leaked on January 8 were multiple health records for employees at both UPS and Norfolk Southern dated as recently as December 2020. In addition, the trucking news source spotted records belonging to employees of US government agencies, defense contractors, and multiple smaller trucking companies.
Asset management and wealth security threats in 2021
Ransomware prices will increase as more large organizations are targeted, while small and medium sized businesses will suffer the majority of attacks. Digital Shadows continues to observe more ransomware attacks targeting small and medium-sized organizations such as AWM companies in the financial services sector. This is likely owing to the fact that they have fewer resources dedicated to cyber-security practices, such as patch management, user awareness, and tools intended for intrusion detections/prevention (IDS and IPS).
Collaboration needed to better tackle cyber-security risks
Already, some financial regulators have started to implement such collaborative action to counter cyber security and general financial fraud risks. For example, in Thailand, under the country’s National Digital ID (NDID), retail banking customers can be onboarded easily as the NDID system shares information to help banks to verify a person’s identity.
The Cyber Risks Of Non-Compliance
While security is of course a main driver to ensure IT systems are compliant, out-of-date and poorly configured systems can also have an impact in terms of business best practice by negatively impacting on employee productivity through slow and inefficient systems. To help combat these potential negative consequences, there are some key resources and tools that businesses can rely on.
How COVID-19 Has Changed Cybersecurity for Government Departments
Our research indicates that at least 30 to 40 percent of work-from-home government employees do not have access to these kinds of bare security essentials from their remote workspace. Indeed, our past research indicates that as many as 56 percent of at-home workers use their non-hardened personal computers for work-related purposes. These figures are worrying because, even before the pandemic, cyberattacks on government agencies and departments had been steadily increasing.
New cybersecurity coordinators will 'bridge' feds to states, senator says
A new federal program placing cybersecurity advisers employed by the Department of Homeland Security in every state will help close gaps between federal authorities and state and local entities when it comes to responding to information security threats, one of the lawmakers who sponsored the new program said Thursday.
Cyber Incident Response Capability established in the Republic of Moldova with NATO support
Since 1995, the SPS Programme has supported many activities in cooperation with the Republic of Moldova primarily in the fields of cyber defence, defence against biological agents, advanced technologies and the Women, Peace and Security agenda. Through the training of young scientists and other specialized experts, these projects have boosted the capacity, knowledge and skills of researchers in Moldova by fostering scientific networks with their NATO counterparts.
Want to Stop the Next Crisis? Teaching Cyber Citizenship Must Become a National Priority
o be a responsible member of today’s increasingly digital society requires a new set of “cyber citizenship” skills. This goes far beyond the need to protect oneself from on-line scams or the theft of Personally Identifiable Information (PII). Such skills should go to the very heart of what it means to be a U.S. citizen.
Biden Orders Sweeping Assessment of Russian Hacking, Even While Renewing Nuclear Treaty
President Biden ordered a sweeping review on Thursday of American intelligence about Russia’s role in a highly sophisticated hacking of government and corporate computer networks, along with what his spokeswoman called Moscow’s “reckless and adversarial actions” globally and against dissidents inside the country.
MrbMiner crypto-mining operation linked to Iranian software firm
Sophos said that multiple MbrMiner domains used to host the cryptominer payloads were hosted on the same server used to host, the website of a legitimate Iranian-based software development firm. Furthermore, the domain was also used as the command and control (C&C) server for the MbrMiner operation and was also seen hosting malicious payloads that were downloaded and deployed on hacked databases.
Compliance should view cyber-security through prism of risk
Cyber-security discussions can sound like a foreign language to those who don’t understand the terms. It can be intimidating. But let’s not forget that discussions on compliance issues, with their seemingly endless array of acronyms, can also sound like a foreign language to the uninitiated.
DreamBus, FreakOut Botnets Pose New Threat to Linux Systems
The DreamBus botnet that has been assembled from systems the malware has compromised is currently being used to deploy the XMRig CPU miner to mine Monero cryptocurrency. But the same malware can be easily repurposed to deliver other more dangerous payloads, such as ransomware and malware, for stealing and holding data at ransom, says Brett Stone-Gross, director of threat intelligence at Zscaler.
Parler’s attempt to get back on Amazon Web Services rejected by judge
"[Parler] has fallen far short... of demonstrating, as it must, that it has raised serious questions going to the merits of its claims," and it has failed to prove "that the balance of equities tips in its favor, let alone strongly so; or that the public interests lie in granting the injunction," said the ruling by Judge Barbara Jacobs Rothstein in US District Court for the Western District of Washington.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book