IT Security News Blast – 6-11-2021
Security Awareness Training - today 12PM PST8PDT
Join us for our bi-weekly security awareness presentation. Peppered with materials collected over many years, I'll present examples of all kinds of bait, explain how "they" get into your networks, and leave you with some good advice. Meets regulatory requirements for annual training, and we promise it won't be boring.
Slilpp Marketplace Disrupted in International Cyber Operation
“The Slilpp marketplace allegedly caused hundreds of millions of dollars in losses to victims worldwide, including by enabling buyers to steal the identities of American victims. The department will not tolerate an underground economy for stolen identities, and we will continue to collaborate with our law enforcement partners worldwide to disrupt criminal marketplaces wherever they are located.”
The Ruthless Hackers Behind Ransomware Attacks on U.S. Hospitals: ‘They Do Not Care’ [Subscription]
The Ryuk gang has hit at least 235 general hospitals and inpatient psychiatric facilities, plus dozens of other healthcare facilities in the U.S. since 2018, when security researchers first spotted them, according to a Journal review of the attacks through interviews with hospital officials and security analysts, public statements and court documents.
Groups Urge Biden, Congress to Bolster Health Sector Cyber
While HSCC writes that it was pleased to see the recently enacted American Rescue Plan direct $650 million to the Department of Homeland Security's Cybersecurity Infrastructure and Security Agency for cybersecurity risk mitigation programs, none of the funding is directly targeted to help the healthcare sector[.]
The Growing Business Cost Of Healthcare Cybercrime
Statistics confirm an increase in consumer concern. The 2021 Consumer Healthcare Cybersecurity Threat Index found that 27 percent of patients would switch providers if their healthcare provider fell victim to a cyberattack – that’s a nearly 30 percent increase from the same study the previous year.
Are the recent cyberattacks just the tip of the iceberg?
Cybercriminal objectives are both financial gains and disruptive chaos. Given that large corporations offer the greatest potential for large financial payoffs, and often have the most complex digital footprints to protect, they will continue to be targeted and, regrettably, be the next successful victims.
Infrastructure hacks pose large financial risks: Fitch
“Infrastructure that has been compromised can directly affect state and municipal government finances in the near term through ransom payments and/or the costs of remediation and restoration of data and service, as well as over the longer term, as a result of broad economic disruption that leads to loss of tax revenue,” Fitch said.
Hackers Force Iowa College to Cancel Classes for Four Days
The hack, which appears to be ransomware, has forced the Des Moines Area Community College (DMACC) to resort to posting updates on Facebook, Twitter, and a barebones version of its site. The school has also asked faculty, staff, and students to avoid using Microsoft Office 365, as well as the popular online learning platform Blackboard.
Biden's top cyber nominees face the Senate as the country reels from cyberattacks
"I don't have a sense across the board, but it seems to me that voluntary standards are probably not getting the job done," said Easterly. "There probably is some sort of role for making some of these standards mandatory, to include [breach] notification."
U.S. Senate to probe whether legislation needed to combat cyber attacks
"Today I am asking Chairman Gary Peters of our Homeland Security Committee and our other relevant committee chairs to begin a government-wide review of these attacks and determine what legislation may be needed to counter the threat of cyber crime and bring the fight to the cyber criminals."
US Cyber Command wants more money for network defense
A copy of the list obtained by C4ISRNET showed that Cyber Command noted the recent SolarWinds intrusion of various government networks in its request for money to help the DoD secure its own networks and respond to malicious cyber actions. The item topped a list of four unfunded priorities totaling $93.4 million.
Qatar's Al Jazeera network says it combated cyber attack
It said the peak of the attacks came on Sunday ahead of a documentary described on Al Jazeera's Arabic YouTube channel as detailing indirect negotiations between Israel and Palestinian militant group Hamas, which included a voice recording purportedly of an Israeli held prisoner in Gaza.
Amazon's Sidewalk, a neighborhood device network, is 'uncharted territory' for data privacy, watchdogs say
“This is uncharted territory for the privacy and security of devices like Alexa, Echo and Ring,” Connecticut Attorney General William Tong said in a statement, urging users to be cautious of the new technology. “Wireless networks are already notoriously vulnerable to hacks and breaches, and families need better information and more time before giving away a portion of their bandwidth to this new system.”
Trojan Shield: How the FBI Secretly Ran a Phone Network for Criminals
The news signals a major coup for law enforcement: ordinarily, agencies either shut down or crack messages on an already established service, such as Phantom Secure or Encrochat, two similar encrypted messaging networks. But in this case, the FBI took control of a communications company called Anom in its infancy and turned that into a wide-reaching honeypot, with the suspected criminal users instead coming to them.
Chrome Browser Bug Under Active Attack
EA source code stolen by hacker claiming to sell it online
In EA's case, the theft included 780GB of source code and tools for FIFA 21, according to a post published earlier this week on an underground crime forum. [...] The post didn’t say how the source code was obtained, but in a statement, EA officials said the company experienced a network compromise that allowed an intruder to make off with game source code and tools.
Ransomware-skewered meat producer JBS confesses to paying $11m for its freedom
A statement from the company says the decision to pay was made “In consultation with internal IT professionals and third-party cybersecurity experts … to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.”