Resources
New Threats: BlackCat, Royal Among Most Worrisome Threats to Healthcare
Both Ransomware Groups Pose Serious Concerns to Sector, Warns HHS HC3 The U.S. government is warning that Healthcare entities should be on high alert for signs of the new BlackCat and Royal ransomware-as-a-service groups. On January 12th, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center issued a threat brief that warns that BlackCat conducts triple extortion, meaning it doesn’t just encrypt data and demand an extortion payment, but also threatens to leak the data and conduct distributed...
read moreAndroid Banking Trojan Steals Through Mimicry
Trojan Impersonates More Than 400 Financial and Crypto Exchange Apps The Godfather banking Trojan is causing serious issues in the financial sector due to its ability to mimic the appearance of more than 400 applications, including leading financial and crypto exchange applications. So far, it has targeted institutions in 16 countries. Research from security intelligence firm Group-IB says the Godfather Trojan reappeared in September with slightly modified WebSocket functionality after a brief three-month pause in circulation. A signature...
read moreThree Essential Defenses for Combating Ransomware
The number of successful ransomware attacks has doubled in the last 4 years. But there are concrete steps a healthcare organization can take to avoid costly — and potentially deadly — downtime and better protect themselves against an attack. 1. Move from on-premises servers and backups to the cloud. Doing so outsources availability, uptime, and security to the SaaS vendor and also facilitates better backup and recovery if something does happen. It’s just a question of resources. There’s no “easy button” to make it happen...
read moreBlack Basta Using QBot Banking Trojan Malware to Target US-Based Companies
QBot Backdoor Opens Systems to Loading Cobalt Strike, Ransomware and Other Malware Researchers say the Black Basta group is dropping QBot malware — also called QakBot — in a widespread ransomware campaign targeting mostly U.S.-based companies. QBot malware is a banking Trojan primarily designed to steal banking data, including browser information, keystrokes and credentials. Its previous targets include JPMorgan Chase, Citibank, Bank of America, Citizens, Capital One and Wells Fargo. In the group’s latest campaign, attackers are again...
read moreHealthcare Data Breaches Doubled in 3 Years
Targeting of Providers, Plans and Partners Since 2009, healthcare breaches have affected the personal information of 370 million people. Quick math says that’s more than the entire U.S. population, and that’s only counting the major breaches affecting 500 people or more. The situation is growing worse. In just the last three years, the volume and frequency of breaches have nearly doubled, from 368 in 2018 to 715 in 2021. And the nation is on track for more than 700 major health data security incidents this year. As of November 10, the...
read moreFeds Warn Healthcare Over Cobalt Strike Infections
Red-Teaming Tool Poses Ongoing Risks When Used by Hackers, HHS Warns The Department of Health and Human Services’ Office of Information Security’s HC3 unit says attackers are weaponizing legitimate security tools. Russian hackers deployed Cobalt Strike’s command-and-control function during their attack against SolarWinds’ network management software. Hackers who earlier this year got into Cisco corporate IT infrastructure used the tool. The first thing the threat actor behind the Emotet malware does after an initial...
read moreHackers Adopt APT-Like Capabilities
Cyberweapon-Grade Hacking Tools Pose Danger for Financial Sector Cyberthieves traditionally on the lower rung of hacking abilities now have access to nation-state-class malicious software, warn close observers of the criminal dark web. The appearance on criminal forums of tools capable of infecting a computer’s boot firmware or malware that evades antivirus detection is a consequence of years of state-sponsored development of cyber weapons. Cybercriminals learned from Advanced Persistent Threats and exposed information to the public on...
read moreFBI Warns Healthcare Sector of Payment Scam Surge
Use of Social Engineering, Phishing to Divert Payments Cybercriminals are stealing multimillion-dollar payouts from healthcare payment processors by compromising user login credentials, the FBI warns the healthcare industry. In a recent alert, federal agents say they’ve received multiple reports of cybercriminals redirecting healthcare payments into their pockets. According to the FBI, cybercriminals used employees’ publicly available PII and used social engineering techniques to impersonate care providers and gain access to...
read moreMorgan Stanley’s Hard Drive Destruction Investment Failure
$155 Million in fines and settlements. While physical data breaches have declined substantially in the last 10 years, they still can happen without proper diligence. That lack of diligence and vendor oversight has led to a $35M fine for Morgan Stanley from the SEC and a class-action settlement of $60M over the same breach. This is in addition to a $60M fine from the Comptroller of the Currency in 2020. All for improperly decommissioning server hard drives. SEC investigators found that Morgan Stanley regularly relied on a moving and storage...
read moreLatest US Health Data Breaches Continue Ransomware Trend
Some 60 breaches affecting about 2.5 million individuals were added in July to the federal tally of major health data breaches. Those incidents continued a trend playing out in 2022: Large hacking incidents predominately involving ransomware attacks against providers, vendors, or both are responsible for an overwhelming amount of data theft. About 80% of the major breaches reported were related to hacking/IT incidents, and these breaches accounted for 97% of all affected individuals. “These trends indicate that this industry continues...
read more