Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 10-29-2020

Join Jake and Mike for LinkedIn Live at 8:30 PDT, now also on YouTube. We'll talk about what's going on with our hospitals getting hit hard right now.


What to do as Ryuk ransomware hits healthcare & manufacturing

Breaking news: multiple sources that CI Security works with have confirmed that several hospitals have been hit by ransomware in what is sounding like a coordinated attack. We are hearing on DHS/FBI industry outreach channels that the number may be in the dozens. Read on for the security alert we sent to Critical Insight customers late yesterday with the 9 steps they need to take now in order to get ahead of this urgent, looming risk. Then - join us for a webinar next Monday to an in-depth discussion on the latest events and how the 9 steps can help healthcare orgs can manage the risk. Details to register are listed at the end of this article.


UPDATE: Three St. Lawrence County hospitals hit by ransomware attack Tuesday

St. Lawrence Health System diverted ambulances and moved to offline documentation methods at three area hospitals after a cyberattack disabled some computer systems early Tuesday morning. The three hospitals hit include Canton-Potsdam Hospital, Gouverneur Hospital and Massena Hospital. [...] Hospital authorities notified and have been working with the FBI and U.S. Department of Homeland Security to exchange information on the virus, which is believed to be a previously unknown version of Ryuk ransomware.


Hospitals in New York and Oregon hit with ransomware, as new attacks mount

In Klamath Falls, Oregon, meanwhile, Sky Lakes Medical Center reported Tuesday that its IT systems were also brought down by a separate ransomware attack, complicating communication among staff and delaying some procedures. "Our computer systems have been compromised; as of right now we have no evidence that patient information has been compromised," the hospital said in a Facebook post, which noted that emergency and urgent care remain available, and that scheduled procedures would occur where possible.


'Unusual network activity' at Ridgeview Medical Center

The ordeal caused "disruption to certain Ridgeview operations," according to a statement from Steinbauer. "Our patients and staff are safe," she added, but said the system is not fully functioning. Staff are "working around the clock" with computer forensic specialists to see what caused the disruption and confirm impact on the center's system.


Several hospitals targeted in new wave of ransomware attacks

Allan Liska, an intelligence analyst for the firm Recorded Future, told CNN that his company knows of at least six attacks in the last 24 hours and "there are probably more." [...] It is "absolutely the biggest thing we've ever seen. In terms of ransomware it's the biggest attack we've ever seen," he said, adding that it's "crushing to see so many hospitals hit at the same time."


Cybercriminals seek to take advantage of rapid telehealth scale-up

"Mass adoption of this technology will lead to new cybercrime focus, with an emphasis on stealing patient data to enable fraud, target health data in ransomware attacks, trick patients in social engineering schemes, and target remote patient monitoring devices," wrote the report authors.


Why You Need Zero-Trust Cybersecurity, Especially Now

One solution is to split traffic between the critical data that must be accessed via the wealth management firm’s own networks and protected by its zero-trust defenses, and the less sensitive data flow to and from third-party applications, many of which are cloud-based and would be protected by those providers’ cybersecurity measures.


Cyberattacks Soar During the Pandemic – How Regulators Responded

The emergent threat is precisely why the U.S. Securities & Exchange Commission (“SEC”) and the Financial Industry Regulatory Authority (“FINRA”) regularly remind financial firms to strengthen and stress test their cybersecurity procedures to guard against cyberattacks. Further, the SEC Office of Investor Education and Advocacy published a 2020 “Investor Alert” warning the public of fraudulent online promotion of COVID-19 cures.


‘Everybody wants a unicorn’: As companies seek to align cyber with business, enter the BISO

There’s no denying it: A disconnect often exists between IT/security teams and business management, and bridging that gap is an important skill. That’s the crux of the BISO’s role, say experts, and we’re starting to see more of these officers as the industry realizes that technological know-how alone is not always enough.


Algorithmic Warfare: Air Force Meshes Info-War Capabilities

“Their mission is to defend and ensure electromagnetic spectrum access for the Air Force and DoD activities in support of our national policy objectives and global operations,” she said. “With this realignment, A2/6 continues along a multi-year path to support — from a headquarters Air Force perspective — the synchronization of information warfare functions.”


Why, and how, Turla spies keep returning to European government networks

The group maintains an “ecosystem of efficient” tools for breaking into and moving through computer networks, Accenture researchers said in response to questions from CyberScoop. “The use of defense evasion techniques and the tailoring of tools to a specific target allows the group to reuse old tools that have been updated for the campaign at hand,” they said.


FBI Director Christopher Wray’s Remarks at Press Conference Regarding China’s Operation Fox Hunt

China is violating laws and norms left and right, from sophisticated cyber attacks targeting our data and personal information, to economic espionage targeting our intellectual property and our trade secrets. And they’re using that information to gain influence on the world stage, to gain economic and political power.


California Attorney General Further Modifies the CCPA and California Privacy Rights Act Appears Likely to Pass this November

The Attorney General recently proposed a third set of modifications to the CCPA. These provide guidance on providing notice to consumers of their rights to opt-out of the sale of their personal information in offline settings, such as brick- and-mortar stores as well as for personal information collected over the phone. In addition, the modifications provide guidance on the submittal of consumer requests to opt-out.


Breaking the Glass Ceiling: Tough for Women, Tougher for Women of Color

"If you come in 'underleveled,' you're either doing the work at a level that's beyond you and you're not getting that authority agency … or you feel underutilized because you're having to operate at this more junior level, and the time for you getting to fully function and thrive in a leadership role is a lot longer and artificial than it had to be," she explains.


ICE, IRS Explored Using Hacking Tools, New Documents Show

"The documents show a growing perception among agencies that government hacking is not just acceptable, but an efficient and desirable solution for law enforcement activities. The fact that we’ve seen interest in acquiring hacking capabilities by organisations such as the U.S. Secret Service, the Drug Enforcement Agency, and even the Internal Revenue Service, reveals that there is a broader range of circumstances for which hacking is likely to be used[.]"


Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. [...] Earlier this week, Swedish news agency Dagens Nyheter confirmed that hackers recently published online at least 38,000 documents stolen from Gunnebo’s network. Linus Larsson, the journalist who broke the story, says the hacked material was uploaded to a public server during the second half of September, and it is not known how many people may have gained access to it.


In a first, researchers extract secret key used to encrypt Intel CPU code

The key makes it possible to decrypt the microcode updates Intel provides to fix security vulnerabilities and other types of bugs. Having a decrypted copy of an update may allow hackers to reverse engineer it and learn precisely how to exploit the hole it’s patching. The key may also allow parties other than Intel—say a malicious hacker or a hobbyist—to update chips with their own microcode, although that customized version wouldn’t survive a reboot.


Trump Campaign Website Defaced by Cryptocurrency Scam

The hackers appeared to advocate the ousting of President Trump in the upcoming Nov. 3 election. They claim that the information they obtained prove that Trump and his government are “involved” in the original of the coronavirus as well as engaged in “criminal involvement and cooperation with foreign actors” that “completely discredits” the president. “The US citizens have no choice,” the hackers wrote.


You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book