Resources
Phishing Campaign Spoofs SBA Loan Offer
A newly discovered phishing campaign is spoofing a U.S. Small Business Administration loan offer in an attempt to steal banking credentials and other personal data. This campaign appears to have started in early August. This follows a different phishing attack in April that also used spoofed SBA messages, but unlike the current scam, that one was created to distribute malware. Fake Loan Applications In the phishing campaign, the victims are asked to fill out an attached “disaster loan assistance” form that asks for personal and...
read moreEmerging Risk Management Issue: Vendors Hit by Ransomware
Two recent ransomware incidents targeted companies serving healthcare organizations, highlighting an emerging challenge for vendor risk management in the sector. Blackbaud, which sells cloud-based marketing, fundraising, and customer relationship management software, was recently hit by ransomware. Some of its affected clients are now being revealed. Meanwhile, medical debt collector firm R1 RCM, formerly known as Accretive Health, also has been hit by ransomware. The Chicago-based R1 RCM security incident is just the latest in a string of...
read moreBilling Vendor Breach Affects 275,000. Phishing Suspected. Not Yet Clear How Many of Firm’s Healthcare Clients Were Affected
At least 275,000 individuals served by a variety of healthcare providers and health plans had data exposed as a result of a breach at Houston-based billing and debt collection vendor Benefit Recovery Specialists Inc. The company says that on April 30, it discovered a malware incident affecting certain company systems. BRSI customer files containing personal information may have been accessed and/or acquired between April 20 and April 30, 2020. Information that may have been exposed includes name, date of birth, date of service, provider name,...
read moreMany Mobile Banking Apps Have Exploitable ‘Coding Errors’
Popular Apps Too Susceptible to Hacking, Positive Technologies Warns. Given the number of banks that utilize white-labeled banking apps to provide online banking services to their clients, a recent report is extremely concerning. Researchers at Positive Technologies recently investigated 14 mobile banking apps that run on Android or iOS and found that 13 failed to prevent unauthorized access to user data. Although the specific apps were not identified, each one had been downloaded from app stores more than 500,000 times. The analysis shows...
read moreCOVID-19 Drives Spike in Mobile Phishing Attacks
The increase in working from home during the COVID-19 pandemic has led to an increase in mobile phishing campaigns. Attackers are targeting remote workers whose devices lack adequate security protections to steal users’ banking credentials. Mobile phishing attacks increased by 37% globally in the first quarter of 2020. According to research based on data collected from 200 million mobile devices worldwide, 22% of mobile enterprise users encountered a phishing attempt in the first quarter, compared to 16% in the previous quarter. This...
read moreRansomware Attacks Hit 2 More Healthcare Organizations
Risk Mitigation Tips Ransomeware Attacks continue to surge as two ransomware incidents recently reported to federal regulators as health data breaches illustrate. Recent ransomware-related data breaches reported to the DHHS OCR affected Woodlawn Dental Center based in Cambridge, Ohio, and Mat-Su Surgical Associates in Palmer, Alaska. Woodlawn Dental Incident The HHS “Wall of Shame” shows that Woodlawn Dental reported on May 18 that a breach affected more than 14,400 individuals. In a notification statement, Woodlawn says on March 18, it...
read moreFBI Unveils the Top-10 Most Exploited Cybersecurity Vulnerabilities
The FBI has been keeping tabs on the most exploited vulnerabilities for years. They also pay close attention when it appears that hacking is being perpetrated by other nations. On May 12th, they released their list of the top 10 most exploited vulnerabilities. The list is intended to help all organizations “place an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber actors,” they say. Typically, “sophisticated nation-state hackers” refers to China, Iran,...
read moreCriminals, Rogue Nations Using COVID-19 To Distribute Malware
Attackers are continuing to use concerns over COVID-19 to distribute ransomware and malware, including for smartphones. While the healthcare sector is perhaps at the greatest risk from these attacks, criminals are using the panic as a widespread opportunity. Attacks include the usual suspects: cybercrime operators looking to make a fast buck – for example, by demanding a ransom to unlock crypto-locked systems – as well as nation-states seeking to sow chaos. Recently the U.S. Department of Health and Human Services saw increased...
read moreCriminals Spoofing Bank Websites, Offering Attractive CD’s
The SEC’s Office of Investor Education and Advocacy has issued an Investor Alert to warn investors about phony Certificates of Deposit promoted through internet advertising and “spoofed” websites – websites that mimic the actual sites of legitimate financial institutions. Investors should be extremely cautious when purchasing CDs from sites found only through internet searches. “Spoofed” websites – often using URL addresses similar to those of bank websites, or using legitimate-sounding names and URLs – may be used to trick investors into...
read moreCybercrime Still Growing: Phishing and Business Email Compromise Lead The Way
Cybercrime led to $3.5 billion in losses in the U.S. last year, with a sharp uptick in business email compromise scams – which accounted for nearly half those losses, according to a newly released FBI Internet Crime Report, which is based on complaints the FBI received. Donna Gregory, the head of the FBI’s Internet Crime Complaint Center, emphasizes that the FBI isn’t seeing a ton of new types of fraud but rather criminals using new tactics and techniques to carry out existing scams. “Criminals are getting so...
read more