Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 10-12-2020

Recent Spike in Healthcare Breach Reports Due To Blackbaud Ransomware Attack

In an interview with Modern Healthcare, Drex DeFord, healthcare executive strategist at cybersecurity CI Security and former health system chief information officer said, "It's a particularly bad time for a breach of fundraising systems, he said, since hospitals have lost revenue amid COVID-19. "Healthcare organizations (and) not-for-profits rely on donors now more than ever," DeFord said. "This is exactly the wrong time to see a donor database compromised and those donors then starting to second guess whether or not they should give money."


Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election

U.S. Cyber Command’s campaign against the Trickbot botnet, an army of at least 1 million hijacked computers run by Russian-speaking criminals, is not expected to permanently dismantle the network, said four U.S. officials, who spoke on the condition of anonymity because of the matter’s sensitivity. But it is one way to distract them at least for a while as they seek to restore operations.


DHS: Unknown hackers targeted the US Census Bureau network

This is not the first time the US Census has been targeted by threat actors as highlighted by a Reuters report on hacks and DDoS attacks during a 2018 test of census systems, with Russian IP addresses involved in at least one of the incidents. "He got into the network," a source told Reuters. "He got into where the public is not supposed to go." Luckily, none of the incidents led to data getting stolen or systems getting damaged according to security sources


The most common malicious email attachments infecting Windows

Before Word or Excel executes macros in a document, though, Office requires you to click on the 'Enable Editing' or 'Enable Content' buttons, which you should never do. To trick users into clicking these buttons, the malware distributors create Word and Excel documents that contain text and images stating that there is an issue displaying the document. It then prompts recipients to click 'Enable Content' or 'Enable Editing' to see the contents correctly.


Senate Democrat raises concerns around Universal Health Services breach

In a letter to UHS Chairman and CEO Alan Miller, Warner, who serves as vice chairman of the Senate Intelligence Committee, asked a series of questions in relation to a ransomware attack on UHS last month that crashed systems at hospital facilities across the nation. UHS has more than 400 facilities in the U.S. and United Kingdom, with more than 90,000 employees, and it has previously stressed that there is no evidence any data was stolen or accessed.


2020 COVID-19 Case Study - A Look at Increased Cybersecurity Risk Across the Healthcare Industry

Smaller organizations or those that have not invested in cybersecurity could be particularly vulnerable to attacks. These vulnerabilities will only be heightened further with increased use of virtual care and connected devices during the pandemic, such as telemedicine and remote patient monitoring. Healthcare providers need to ensure that basic measures are in place to minimize risk and disruption from cyber attacks.


Corporate cyber risks heightened by Covid, warns ex-NSA head"

Remote access is being executed on a level that is nowhere near the historic norms of the past, and that’s pretty much across all business sectors,” he said, adding that the use of the same infrastructure for work and personal purposes was increasing the risk. He also warned that people searching for coronavirus-related information could inadvertently let hackers into their data and systems.


US Department of Justice issues Cryptocurrency Enforcement Framework

“As this Enforcement Framework describes, we see criminals using cryptocurrency to try to prevent us from 'following the money’ across a wide range of investigations, as well as to trade in illicit goods like criminal tools on the dark web. For example, the cyber criminals behind ransomware attacks often use cryptocurrency to try to hide their true identities when acquiring malware and infrastructure, and receiving ransom payments.


Safe manufacturing is smart manufacturing

Today’s attackers can traverse from IT to OT, meaning there are a multitude of potential attack vectors. For example, if a third party unwittingly brings a laptop with malware and connects to OT, it can compromise business operations. For organizations leveraging IT devices in OT neworks, it is critical that devices in both environments are kept secure.


Report: U.S. Cyber Command Behind Trickbot Tricks

On October 2, KrebsOnSecurity reported that twice in the preceding ten days, an unknown entity that had inside access to the Trickbot botnet sent all infected systems a command telling them to disconnect themselves from the Internet servers the Trickbot overlords used to control compromised Microsoft Windows computers. [...] In a story published Oct. 9, The Washington Post reported that four U.S. officials who spoke on condition of anonymity said the Trickbot disruption was the work of U.S. Cyber Command, a branch of the Department of Defense headed by the director of the National Security Agency (NSA).


Wisepay: School Payments Service Hit By Cyber-Attack

Wisepay said a hack of its website meant an attacker was able to harvest payment details between 2 and 5 October via a spoof page. Attempted payments to about 300 schools have been affected by the scam. The hacker had managed to find a “backdoor” into the system’s database and had modified one page. As a result, when users clicked to make a payment, they were redirected to an external page controlled by the attacker.


Rise in mercenary hacking groups and cyber espionage

"The current administration's increasing isolationism and cutting of international bonds, sets the U.S. up to be able to do little more than issue accusations of guilt with no teeth. Now that the walls are crumbling, an increase in mercenary hacking groups and cyber espionage is unsurprising. Without geopolitical agreements creating infrastructure, the U.S. is degrading its ability to enforce its own interests in cyberspace.”


US seizes Iranian government domains masked as legitimate news outlets

Four of the domains were used to create news outlets that appeared legitimate but the flow of 'news' articles and contents hosted by the websites were controlled by the IRGC. In particular, US audiences were targeted with Iranian propaganda "to influence United States domestic and foreign policy in violation of the Foreign Agents Registration Act (FARA)," the DoJ claims. Google tipped off US law enforcement to the global campaign, and then with the help of the tech giant, Twitter, Facebook, and the FBI, 92 domains were confiscated on October 7.


Facebook and Twitter move against coordinated inauthenticity in nine countries that pursued domestic political goals.

Facebook also dismantled a network in Myanmar linked to members of the country's military whose line was critical of the National League for Democracy and political leader Aung San Suu Kyi; there was also some anti-Rohingya content. The social network also removed coordinated inauthenticity based in Azerbaijan. These were engaged in praise of President Ilham Aliev and the New Azerbaijani Party and criticism of the opposition (with accusations of treason).


Under China’s Shadow, Nepal is the Latest Destination for North Korean Cyber Crimes

This threat is assuming the shape of nothing less than an armed conflict without lethal weapons, highlighting the role of cyber capabilities in asymmetric military strategies of nations in the 21st century. Washington, Tokyo, and New Delhi should collaborate to track and protect national security network-dependent assets, including early warning systems, against cyberattacks. The espionage activities of North Korea, and its patron, China, in the cyber domain remain a sore reminder of the efficacy of international sanctions that are being successfully bypassed.


China Cybersecurity: No Place to Hide

Under the guidance of the Chinese Communist Party (CCP), the Chinese government is working to create a cybersecurity system with Chinese characteristics. This system is designed to make all networked information that crosses the Chinese border a) transparent to the Chinese government and b) closed to unauthorized access by foreign and domestic hackers and governments not affiliated with the CCP.


Election result delays mean “the system is working,” says cybersecurity chief

“Everything you hear on Election Day has always been unofficial results,” he adds. “The vote isn’t done until the election is certified by that state’s chief election official, which often comes several weeks after the election. Even the unofficial results might not be available on election night in some places, including in crucial swing states, so we may not have results on election night. We encourage people to not be concerned about that. That is normal.


Five Eyes governments, India, and Japan make new call for encryption backdoors

Officials said they are committed to working with tech companies on developing a solution that allows users to continue using secure, encrypted communications, but also allows law enforcement and tech companies to crack down on criminal activity. The seven governments called for encryption backdoors not only in encrypted instant messaging applications, but also for "device encryption, custom encrypted applications, and encryption across integrated platforms."


The Army Is Working on Augmented Reality Goggles for Military Dogs

“The military working dog community is very excited about the potential of this technology,” ARO senior scientist Dr. Stephen Lee said in an announcement published Tuesday. “[It] really cuts new ground and opens up possibilities that we haven’t considered yet.”


You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book