FBI Issues Alert on Growing Egregor Ransomware Threat

Posted by on January 27, 2021 in Banking, Blog, Healthcare | 0 comments

  Bureau and Security Experts Warn About Gang’s Effective Extortion Model   The FBI issued a warning this week over the growing threat from the operators behind the Egregor ransomware variant and other cybercriminal gangs affiliated with the group. Since September, the Egregor gang and its affiliates claim to have compromised approximately 150 corporate networks in the U.S. and other countries. In some cases, the extortion demands have reached $4 million. Egregor appears to have a network of affiliated cybercriminals that...

read more

New Ransomware Variant Could be the Next Big Malware Threat to Business

Posted by on December 23, 2020 in Banking, Blog, Healthcare | 0 comments

New Egregor ransomware has been gaining traction since emerging in September. A new form of ransomware is becoming increasingly prolific as cybercriminals turn to it as a preferred means of encrypting vulnerable networks in an effort to exploit bitcoin from victims. Egregor ransomware first emerged in September but has already become notorious following several high-profile incidents, including attacks against Barnes & Noble and video game companies Ubisoft and Crytek. According to cybersecurity researchers at Digital Shadows, Egregor...

read more

Cybercrime: 10 Top Tactics and Trends

Posted by on December 1, 2020 in Banking, Blog, Healthcare | 0 comments

From Ransomware and DDoS to Malware and SIM Swapping: Europol Describes Latest Threats According to the seventh annual Internet Organized Crime Threat Assessment, produced by Europol ransomware attacks remain the top cyber-enabled threat. But phishing, business email compromises and other types of fraud – many now using a COVID-19 theme – also loom large. Here are 10 of the top threats from the Europol report in alphabetical order. 1. Business Email Compromise BEC attacks continue to rise, Europol warns. “As criminals are...

read more

Microsoft Warns of Office 365 Phishing Attacks

Posted by on December 1, 2020 in Banking, Blog | 0 comments

Microsoft’s Security Intelligence team is warning users of the Office 365 suite about an ongoing phishing campaign that appears to be harvesting victims’ credentials. The phishing emails, which are currently circulating, use several techniques to bypass and evade secure email gateways. The criminals use social engineering techniques and timely subject lines relevant to remote work, like password updates, conferencing info, and helpdesk tickets, as a way to lure victims into clicking the emails and inputting their credentials,...

read more

Automated Cyber Attack Payment Card Skimming Hits 2,000 E-Commerce Sites

Posted by on October 2, 2020 in Banking, Blog | 0 comments

Researchers: Hackers May Have Used Magento Zero-Day Exploit In the largest automated hacking campaign since at least 2015, from September 11-14, malicious JavaScript skimming code was injected into nearly 2,000 e-commerce sites that were running an older version of Adobe’s Magento software, possibly resulting in the theft of payment card data. It was the largest automated campaign on record, surpassing a breach in July 2019 that hacked 962 stores in a single day. From September 11th through the 14th, security researchers spotted 10...

read more

Hefty HIPAA Fine After Breach Involving ‘The Dark Overlord’

Posted by on October 2, 2020 in Blog, Healthcare | 0 comments

Regulator: Georgia Clinic Showed ‘Systemic Noncompliance’ Federal regulators have announced a $1.5 million HIPAA settlement with Athens Orthopedic Clinic in Georgia, stemming from a 2016 breach involving The Dark Overlord hacking group that exposed the records of nearly 209,000 individuals. The exposed PHI included name, date of birth, SSN, patient demographic information, clinical information, and financial/billing information. The case serves to indicate the potentially hefty cost of failure to implement a comprehensive HIPAA...

read more

Phishing Campaign Spoofs SBA Loan Offer

Posted by on August 25, 2020 in Banking, Blog | 0 comments

A newly discovered phishing campaign is spoofing a U.S. Small Business Administration loan offer in an attempt to steal banking credentials and other personal data. This campaign appears to have started in early August. This follows a different phishing attack in April that also used spoofed SBA messages, but unlike the current scam, that one was created to distribute malware. Fake Loan Applications In the phishing campaign, the victims are asked to fill out an attached “disaster loan assistance” form that asks for personal and...

read more

Emerging Risk Management Issue: Vendors Hit by Ransomware

Posted by on August 25, 2020 in Blog, Healthcare | 0 comments

Two recent ransomware incidents targeted companies serving healthcare organizations, highlighting an emerging challenge for vendor risk management in the sector. Blackbaud, which sells cloud-based marketing, fundraising, and customer relationship management software, was recently hit by ransomware. Some of its affected clients are now being revealed. Meanwhile, medical debt collector firm R1 RCM, formerly known as Accretive Health, also has been hit by ransomware. The Chicago-based R1 RCM security incident is just the latest in a string of...

read more

Billing Vendor Breach Affects 275,000. Phishing Suspected. Not Yet Clear How Many of Firm’s Healthcare Clients Were Affected

Posted by on August 13, 2020 in Blog, Healthcare | 0 comments

At least 275,000 individuals served by a variety of healthcare providers and health plans had data exposed as a result of a breach at Houston-based billing and debt collection vendor Benefit Recovery Specialists Inc. The company says that on April 30, it discovered a malware incident affecting certain company systems. BRSI customer files containing personal information may have been accessed and/or acquired between April 20 and April 30, 2020. Information that may have been exposed includes name, date of birth, date of service, provider name,...

read more

Many Mobile Banking Apps Have Exploitable ‘Coding Errors’

Posted by on August 13, 2020 in Banking, Blog | 0 comments

Popular Apps Too Susceptible to Hacking, Positive Technologies Warns. Given the number of banks that utilize white-labeled banking apps to provide online banking services to their clients, a recent report is extremely concerning. Researchers at Positive Technologies recently investigated 14 mobile banking apps that run on Android or iOS and found that 13 failed to prevent unauthorized access to user data. Although the specific apps were not identified, each one had been downloaded from app stores more than 500,000 times. The analysis shows...

read more