Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 5-18-2020

Law firm hackers double ransom demand, threaten Donald Trump

A source said, “His view is, if he paid, the hackers might release the documents anyway. Plus the FBI has stated this hack is considered an act of international terrorism, and we don’t negotiate with terrorists.” On Thursday, the hackers upped the ante by posting a chilling new message saying, “The ransom is now [doubled to] $42,000,000 … The next person we’ll be publishing is Donald Trump. There’s an election going on, and we found a ton of dirty laundry on time.”


Hackers Publish First 169 Trump ‘Dirty Laundry’ Emails After Being Branded Cyber-Terrorists

"We read the position of the authorities. Declare this an act of terrorism. Your position is your choice. This will not affect our work in any way. It’s just that it can completely erase certain frames that we still observed. But now is not about that. Mr. Lawyer says that Donald has never been their client. And he says that we are bluffing. Oh well. The first part, with the most harmless information, we will post here."


Hackers preparing to launch ransomware attacks against hospitals arrested in Romania

Three hackers were arrested and had their homes searched in Romania and a fourth in the Republic of Moldova. Romanian authorities said the four were members of a hacking group that went online as PentaGuard. Romania's Directorate for Investigating Organized Crime and Terrorism (DIICOT) said the group's members owned malware such as remote access trojans and ransomware, tools to perform website defacements, and tools to exploit SQL injection vulnerabilities to breach web servers and steal data.


HSCC Shares Guide to Protecting Healthcare Trade Secrets, Research

The white paper comes just days after the Department of Homeland Security and the FBI issued a warning to the healthcare sector that hackers tied to the People’s Republic of China are targeting and compromising the networks of medical research facilities working on the response to COVID-19. “Recent indications of attempts at industrial espionage to steal vaccine data and other medical research make the HIC-PIC guide a particularly timely resource for the health sector,” Russell Koste, Alexion Pharmaceuticals CISO, and a co-chair of the HSCC task force, said in a statement.


Cyber-attacks, COVID-19 test results, care homes and more briefs

Interserve and Bam Construct - construction companies that helped build the emergency Nightingale Hospitals in Birmingham and Yorkshire & Humber - both reported incidences of cyber-attacks this month. Bam Construct described the attack as “significant,” while Interserve have been working with the National Cyber Security Centre to “contain and remedy the situation” after some “some operational services may be affected.”


Now is the perfect time for a cyberattack. Here’s how to stop one. [Subscription]

Employees are fatigued, stressed and distracted as weeks turn into months of confinement. Any semblance of separation between work and home has collapsed. People can hardly remember the day of the week. Children roam in and out. Deliveries drop at the door. Dogs bark. We open the refrigerator door again (and again). All the while, our data sit on loosely protected networks, creating vastly expanded attack surfaces for threat actors.


Digital heists: Attacks on financial institutions rise 238% in 3 months

Attacks targeting the financial sector at large have swelled by 238% in the months from February through to the end of April this year, while 80% of surveyed financial institutions reported an increase in cyber attacks over the last 12 months, according to a report released today from VMware Carbon Black. A further 82% of surveyed institutions reported a rise in the sophistication of attacks – which can be attributed to attackers leveraging highly advanced social engineering tactics and advanced strategies for hiding malicious activity.


The Evolution of COVID-19 Related Cyber Threats

The cyber threats related to COVID-19 have changed and expanded since March and April. Malicious actors remain, looking to take advantage of system vulnerabilities among the populous who are working under different security environments than prior to the pandemic. But now the very people and entities that are leading the charge towards finding a vaccine and/or therapeutic that may resolve this crisis are the very ones being targeted by cyber actors and non-traditional collectors linked to an adversary, the PRC.


Inventory of hacked servers for sale on cybercrime forum exceeds 43,000

Recent cyber intelligence reporting has revealed that the MagBo portal, which sells cyberattackers access to previously compromised servers, is now listing an inventory of 43,000 hacked servers.  The portal provides access to hacked servers, with some belonging to local and state government, hospitals, and financial organizations and has firmly established its reliability over the past several years through detailed listings and steady growth.


Lights stay on despite cyber-attack on UK's electricity system

The electricity system’s administrator, Elexon, confirmed that it was affected by a cyber-attack on Thursday afternoon but that the key systems used to govern the electricity market were not affected. [...] Elexon is a vital part of the UK electricity market because it carefully monitors the electricity generated by energy companies to match this with what National Grid expects to receive, and to make sure that generators are paid the correct amount for the energy they generate.


Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report

A source told the paper that names, addresses, bank details, payroll information, next of kin details, personnel and disciplinary records had been swiped. The intrusion took place “earlier this month,” the tight-lipped firm said in a statement. A spokeswoman ignored questions from The Register about how many people were affected by the hack and whether MoD services would be impacted as the company responds.


It’s time to take off the gloves against Chinese cybercrime

The mere fact the Chinese government is attempting to steal coronavirus information should make clear that the blame for the lack of U.S.-China cooperation on the pandemic lies primarily on the Chinese side. China has restricted its own researchers from sharing coronavirus research and has refused to hand over early virus samples. Chinese research institutions have even tried to copy and patent leading U.S. drugs sent to China for trials.


Iran Is Increasing Its Military and Cyber Activity, Report Says

Babel Street’s analysis drew on commercial telemetry data, or CTD, gleaned from things like apps that collect users’ locations. They compared the data year-on-year in March, April, and May at facilities in Bushehr and the Strait-of-Hormuz port of Bandar Abbas, including air bases, naval bases, and the Bushehr nuclear facility. In a report released Thursday and obtained exclusively by Defense One, they found that civilian activity dropped more than 90% during parts of March and April, as measured from data collected at the Tehran Grand Bazaar and elsewhere. Military activity dropped 30% to 50% compared to last year.


Satellite Cybersecurity to Allow Greater Military Flexibility

Warfighters need faster tools – this was part of the thinking behind the new technology. [...] SmartSat is designed using a “zero-trust” or “threat-first” approach. To design and build such software-defined systems, it is important to understand the threats against them. Security is not static and evolves constantly. The new solution will ensure satellites are cyber-hardened, including software and hardware-based intrusion detection, secure coding, encryption and identity management.


California Police Used Military Surveillance Tech at Grad Student Strike

California National Guard, the state’s federally funded military force, provided so-called “friendly force trackers,” a military surveillance technology used to track U.S. troops in military combat, to monitor pickets, according to emails dated February 11 and 13. Police responding to the strike also had access to LEEP, a federal surveillance portal operated by the FBI. The emails show that law enforcement was monitoring student protest groups and social media to plan its response.


Cyber exploitation of kids surges under quarantine

The rise in Minnesota is only one piece of a pattern of opportunistic predators using quarantine conditions to exploit children around the country. The National Center of Missing and Exploited Children, which serves as a clearinghouse for these incidents reported in the United States, recorded more than 6 million tips in March and April — triple what it counted in the same period in 2019.


9/11 saw much of our privacy swept aside. Coronavirus could end it altogether

Technology is again claiming the mantle of the savior we need to fill the gap between where we are now, and the new, knowledgeable and capable place we need to be. Apple and Google are again offering solutions government cannot -- embedding into our phones anonymous methods of knowing who we may have infected and when. We are already seeing the extraordinary potential of these technologies in limiting the spread of the disease. But if they become ubiquitous, where does this new scrutiny end? When does it stop being helpful? Will we look back at 2020 as the moment privacy finally evaporated?


Microsoft Confirms Serious New Security Problem For Windows 10 Users

This new security threat has been dubbed “Thunderspy” by Björn Ruytenberg, the Eindhoven University of Technology researcher who discovered and disclosed it. Ruytenberg warns that despite locking or suspending a PC, setting up a Secure Boot and strong system passwords, and enabling disk encryption, “all an attacker needs is five minutes alone with the computer” to compromise a machine.


Paying Ransomware Crooks Doubles Clean-up Costs, Report

Research conducted by Vanson Bourne and commissioned by security firm Sophos shows that ransomware victims that refused to pay a ransom reported, on average, $730,000 in recovery costs. However, organizations that did pay a ransom reported an average total cost, including the ransom, of $1.4 million, according to the report, The State of Ransomware 2020.


Someone is trying to catfish women by pretending to be Paul Nakasone

So when, Susan, a woman from the New York City area, started receiving correspondence from a “Paul Nakasone” this week, she wondered why the self-proclaimed “head of U.S. Army Cyber Command” was trying to flirt with her. “I Googled this guy and I’m like, ‘Are you kidding me?’” Susan, who asked to be identified by only her first name, told CyberScoop. “And it was very flirtatious, but I’m a married woman.”

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book