IT Security News Blast – 7-28-2021
When Software Updates Get Hacked
Without good mechanisms in place to limit unauthorized access or detect anomalous behavior, targeted companies had to get lucky to not spread the attack to their clients, says Mike Hamilton, founder and chief information security officer at Critical Insight, a managed security service provider.
Kaseya denies paying hackers for decryption key after ransomware attack
Kaseya stressed Monday that its initial silence on whether it paid the hackers for the decryption key was not intended to “encourage additional ransomware attacks,” and that the company is focused on customers impacted, many of which were small businesses.
Jefferson Health hacked as cyber criminals seize info on cancer patients. Temple hospital hacked, too.
In early June, the database shows, Temple University Hospital reported a hacking incident that affected 16,356 people — without also making any general public announcement. The health-care system declined on Monday to provide more information. “We are no longer doing business with the third-party vendor that was breached.
How Are You Controlling Access To Your ePHI?
In addition to the multi-million dollar hacking schemes that we see all too often, are stories of staff impermissibly accessing ePHI or leaving sensitive data unattended. So if you’re wondering how you can best protect your practice, the answer is to have the proper authorization policies, procedures, and controls in place.
Don't Panic-Buy Your Cyber Policy: Evaluating New Approaches to Cyber Risk
Simultaneously, the looming threat of ransomware attacks also heightens demand for cyber insurance across all industries. In the Cyber Insurance Report published by the Government Accountability Office (GAO), more than 60% of brokers surveyed reported that “the top two drivers of new or increased sales of cyber insurance were clients experiencing a cyber-attack or hearing that others suffered from an attack.”
Average ransom payments take a dip, even as attacks remain steady
The findings come even as the researchers report that the volume and severity of attacks have remained relatively stable for the last 18 months. In fact, evidence shows threat actors as increasingly bold, leveraging massive budgets and sophisticated tools to compromise networks. Prior to REvil going dark, the group collected close to $100 million in ransom payments during just the first six months of 2021.
No More Ransom saves almost €1 billion in ransomware payments in 5 years
"The decryptors available in the No More Ransom repository have helped more than six million people to recover their files for free," the Europol said. "This prevented criminals from earning almost a billion euros through ransomware attacks. Currently offering 121 free tools able to decrypt 151 ransomware families, it unites 170 partners from the public and private sector."
DHS Chief: $2.1 Billion of Cyber Funding ‘Critical’ to Mission
Mayorkas defended CISA’s $2.1 billion cybersecurity budget request, saying the funding will help the agency “respond to governmentwide breaches, increase cyber defense, hire qualified experts, and obtain support services to protect and defend critical infrastructure and Federal IT systems.”
The Cyber Apocalypse Never Came. Here’s What We Got Instead.
What we got was neither the unbridled promise of digital cooperation nor a fiery cyber apocalypse. Instead, today’s cyber reality seems simultaneously less scary and more of a hot mess—a series of more frequent, less consequential attacks that add up not to a massive Hollywood disaster but rather to a vaguer sense of vulnerability.
National Guard units across the nation complete Cyber Shield
"Our goal was to leverage all of our training, experience and partnerships with private and public sector experts to test our capabilities and make our team stronger," said Maj. Sameer Puri, Cyber Team chief and director of Information Management for the Washington Army National Guard. "The partnerships are critical to what we are doing here in Washington," Puri said. "We can train and exercise all we want, but we have to develop and maintain the relationships."
Biden wants Putin to behave. So why not go after his money?
But to the chagrin of Kasparov, his fellow Russian dissidents and even some former U.S. officials, President Joe Biden is resisting such appeals for now. “We’re not really trying hard enough,” said Evelyn Farkas, a former top Pentagon official under then-President Barack Obama. “[Putin] is not taking the message from the new United States president seriously enough.”
Biden says Russia spreading misinformation ahead of 2022 elections
A report made public earlier this year said Russia acted to boost former President Trump and damage Biden’s candidacy. Russia has denied interfering in U.S. elections. During his remarks Tuesday, Biden reflected on the evolving and growing threats in the cyber realm. The president revealed that he believes that if the U.S. becomes involved in a war in the future, it will have been triggered by a cyberattack.
Hotels and Free Wi-Fi Are Sitting Ducks for North Korean Cybercriminals
A main distinction is that while Chinese and Russian cybercriminals have greater access to advanced technologies and the global web, North Korean cybercriminals must venture outside of their country to jurisdictions with lax sanctions enforcement and cybersecurity protocols to conduct cyberattacks. And this includes hotels and commercial establishments.
Leaked secret Iran docs expose plans for civilian cyber strikes
The documents, which are actually five different reports allegedly compiled by the IRGC’s cyber unit "Shahid Kavid", contain worrying information, including on how cyber attacks could be used against civilian infrastructure and systems, such as cargo ships and up gas stations.
Threat actor offers Clubhouse secret database containing 3.8B phone numbers
The seller claims the secret database contains 3.8 billion phone numbers (cellphones + fixed + private + professionals numbers.) and each number is ranked by a score (Number of Clubhouse users who have this phone number in their phonebook).
'Praying Mantis' threat actor targeting Windows internet-facing servers with malware
"TG1021 uses a custom-made malware framework, built around a common core, tailor-made for IIS servers. The toolset is completely volatile, reflectively loaded into an affected machine's memory and leaves little-to-no trace on infected targets," the researchers wrote.
Malware Makers Using ‘Exotic’ Programming Languages
Specifically, researchers are tracking more loaders and droppers being written in rarer languages. “These new first-stage pieces of malware are designed to decode, load, and deploy commodity malware such as the Remcos and NanoCore Remote Access Trojans (RATs), as well as Cobalt Strike,” according to the report. “They have been commonly used to help threat actors evade detection on the endpoint.”
VPN servers seized by Ukrainian authorities weren’t encrypted
The servers, which ran the OpenVPN virtual private network software, were also configured to use a setting that was deprecated in 2018 after security research revealed vulnerabilities that could allow adversaries to decrypt data.
Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn
The attacker told Babuk they wanted $5,000. Babuk told them to pound sand, refused to pay and deleted the original post. But even after wiping the forum several times, Recorded Future said the attacker was still able to bombard the forum with pornographic GIFs. Malware source code detector vx-underground also picked up on the feud, calling it “Ransomware group drama.”