Resources
Kaseya Breach Points to Risks in VSA/MSP Systems
Over the last week, more than a thousand companies, many of them small businesses, were dealing with the fallout from the Kaseya mass ransomware incident. In the wake of the devastating compromise of Kaseya’s popular IT management tool, researchers and security professionals are warning that the debacle isn’t a one-off event but part of a larger trend. Hackers are increasingly targeting the entire class of tools that administrators use to remotely manage IT systems because they give them the ability to access everything in a...
read moreNebraska Medicine Data Breach Lawsuit Has Proposed Settlement
Complaint Alleged Multiple Security ‘Failures’ Leading to 2020 Cyberattack A federal court has approved a proposed settlement in a class-action lawsuit filed in February against Nebraska Medicine. This is in the wake of a 2020 malware attack and exfiltration of sensitive personal data and medical records of tens of thousands of individuals. The costs of the proposed settlement could exceed $37 million in patient reimbursements. Out of the nearly 216,500 individuals affected by the breach, roughly 126,000 are eligible for...
read moreHow ‘SEO Poisoning’ Is Used to Deploy Malware
Criminals targeting business people with malware-laden documents SolarMarker backdoor malware operators are using “SEO poisoning” techniques to deploy the remote access Trojan to steal sensitive information, Microsoft reports. SEO poisoning attacks use PDFs stuffed with links to malware that is used to steal data and credentials from browsers. Attack Analysis In April, cybersecurity firm eSentire found that hackers had flooded the web with 100,000 malicious pages that promised professionals free business forms but were actually...
read moreRansomware Continues to Cause Disruptions
Oil pipelines and Apple among most recent targets Seemingly every week, there’s a new disruption caused by ransomware. Some of them are more noteworthy than others, with the recent pipeline disruption getting the most coverage followed by a $50M ransom demanded from Apple a few weeks ago. It’s all part of a trend of escalating criminal activity centered around ransomware. Trends While the high-profile demands and disruptions are generating headlines, the fact is ransomware attacks have been proliferating with increasingly large demands....
read morePhishing Threats Continue
Phishing continues to be one of the most prominent, and damaging, ways that cybercriminals gain access to healthcare networks. It is also one of the most straightforward threats for an organization to deal with. Unlike a number of more technical cybercrimes, phishing can be prevented with simple training. Employees who have received training in spotting and reporting phishing emails dramatically reduce the risk that malware and ransomware will infiltrate your organization’s networks. The threat of phishing has been a constant for decades now....
read more70 Breaches Added to Wall of Shame in Last Month
159 Major Breaches in 2021 About 70 major health data breaches have been added to the federal tally in the last four weeks as ransomware attacks have persisted and breaches at vendors have affected clients. As of Monday, the Department of Health and Human Services’ HIPAA Breach Reporting Tool website showed 159 breaches affecting a combined total of 12.5 million individuals have been added to the tally so far this year. That’s up substantially from the 89 breaches affecting 7.3 million individuals that had been added as of March...
read moreProposed Rule Changes Would Dramatically Increase Reporting Requirements for Banks
The Treasury Department’s OCC, Federal Reserve Board and the FDIC are proposing rule changes that would dramatically increase the reporting requirements for banks that experience a “computer security incident”. While the time for public comment has passed and the rule changes are not final yet, here is the sum-mary of what is being proposed. “The OCC, Board, and FDIC (together, the agencies) invite comment on a notice of proposed rule-making (proposed rule or proposal) that would require a banking organization to provide its primary federal...
read moreZero Trust
With people working from home and many companies planning on making some level of remote work permanent, it’s important for banks and other data-heavy industries to reconsider how their network security is implemented. That’s where Zero Trust comes in. Zero Trust has become one of cybersecurity’s latest buzzwords. But it’s not just a buzzword. For industries where security is of paramount importance, it’s imperative to understand what Zero Trust is, as well as what Zero Trust isn’t. Zero Trust is a strategic initiative that helps prevent...
read more‘Cuba’ Ransomware Gang Hits Payment Processor, Steals Data
A ransomware gang has hit a Seattle-based billing and payment processing provider. This highlights how criminals are both attacking businesses and also stealing and selling valuable personal information, regardless of whether or not the ransom is paid. Gangs are increasingly targeting service businesses with access to customers’ financial information. The ‘Cuba’ ransomware gang has taken credit for the hit against Automatic Funds Transfer Services, saying on its dedicated leaks site—reachable only via the anonymizing Tor...
read moreHealth Data Breach Tally Crowded with Vendor Incidents
Business Associate Breaches Affect Millions Nearly 1/3 of the major health data breaches added to the federal tally so far this year involve business associates, continuing a trend in recent years. A recent analysis by CI Security found that in the second half of 2020, nearly 75% of all records breached were tied to security incidents involving business associates. Currently, the HHS OCR website shows that 37 major breaches, affecting more than 4.5 million individuals, have been reported in 2021 and added to the tally so far this year. Of...
read more