|
IT Security News Blast – 10-12-2021
This is the IT Security News Blast.
A brief situational awareness summary for key sectors, threats and vulnerabilities, noteworthy events. Security, Privacy, Surveillance. Sign up for the blast here:
https://www.criticalinsight.com/resources/daily-news
Remote work exposing SMEs to increased cybersecurity risk
The cause behind this heightened risk is due to a lack of access to business infrastructure – the research discovered that 66% of SMEs now find it harder to monitor their infrastructure, while 25% have opted to leave infrastructure unmonitored altogether, posing a large risk if they should fall victim to a cyber-attack in future.
https://www.helpnetsecurity.com/2021/10/11/smes-remote-work-risk/
VMware ESXi Servers Encrypted by Lightning-Fast Python Script
Sophos said on Tuesday that the ransomware is being used to compromise and encrypt VMs hosted on an ESXi hypervisor in operations that, soup-to-nuts, are taking less than three hours to complete from initial breach to encryption. “This is one of the fastest ransomware attacks Sophos has ever investigated, and it appeared to precision-target the ESXi platform.”
https://threatpost.com/vmware-esxi-encrypted-python-script-ransomware/175374/
Most Americans 'very concerned' about cyberattacks' effect on hospitals: 3 study insights
- Sixty-seven percent of survey respondents said they were very concerned about how cyberattacks could affect national security and defense systems.
- Nearly three in four respondents view China (73 percent) and Russia (72 percent) as big threats to cybersecurity.
- Sixty-three percent of respondents said they were very concerned about how cyberattacks affect health systems.
https://www.beckershospitalreview.com/cybersecurity/most-americans-very-concerned-about-cyberattacks-affect-on-hospitals-3-study-insights.html
8 Ways to Create a Strong Security Culture and Strengthen Incident Response in Healthcare
“It should be second nature to lock the computer when you walk away and not to share passwords,” Riggi says. “We need to make that as routine as washing your hands before you see a patient and after you leave a patient’s room. For that routine to become muscle memory, that’s the state we’d like to achieve.”
https://healthtechmagazine.net/article/2021/10/8-ways-create-strong-security-culture-and-strengthen-incident-response-healthcare
No honor among thieves: One in five targets of FIN12 hacking group is in healthcare
"By all measures, FIN12 has been the most prolific ransomware actor that we track who is focused on high-value targets," Shilko said. "The average annual revenue for FIN12 victims was in the multi-billions. FIN12 is also our most frequently observed ransomware deployment actor."
https://www.zdnet.com/article/no-honor-among-thieves-one-in-five-targets-of-fin12-hacking-group-is-involved-in-healthcare/
REvil/Sodinokibi accounting for 73% of ransomware detections in Q2 2021
There was a 64% increase in publicly reported cyber incidents targeting the Public sector during the second quarter of 2021, followed by the Entertainment sector with a 60% increase. Notably, Information/Communication had a 50% decrease in Q2 2011, with Manufacturing down 26%.
https://www.helpnetsecurity.com/2021/10/11/ransomware-detections-q2-2021/
We may visit you at home, British financial watchdog warns bank staff
Firms must show they have a plan which has been reviewed before making any temporary arrangements permanent, and is reviewed periodically to identify new risks. There is a need to demonstrate that rules on recording calls, record keeping and mantaining protection from cyber attacks can be met from home, the FCA said.
https://www.reuters.com/business/finance/we-may-visit-you-home-british-financial-watchdog-warns-bank-staff-2021-10-11/
North American Orgs Hit With an Average of 497 Cyberattacks per Week
Education and research organizations, for instance, witnessed a 60% increase in attacks from 2020 and currently average 1,468 attacks per week. Government and military entities, with an average of 1,082 weekly attacks, were the next most highly attacked, while healthcare organizations are currently dealing with some 752 attacks per week on average — or a 55% increase from last year.
https://www.darkreading.com/attacks-breaches/north-american-orgs-experience-497-attacks-per-week-on-average-currently
Pacific City Bank discloses ransomware attack claimed by AvosLocker
PCB’s internal investigation on what happened was concluded on September 7, 2021, and it revealed that ransomware actors had unfortunately obtained the following information from its systems:
- Loan application forms
- Tax return documents
- W-2 information of client firms
- Payroll records of client firms
- Full names
- Addresses
- Social Security Numbers
- Wage and tax details
https://www.bleepingcomputer.com/news/security/pacific-city-bank-discloses-ransomware-attack-claimed-by-avoslocker/
The role of government in deterring cyberattacks
Therefore, to limit the frequency and scope of cyberattacks, governments need to pair defensive and resilience efforts with a focus on adversary decision-making. By coordinating major levers of national power to influence adversary decisions, governments can help reduce the number and size of attacks that their defenses must cope with.
https://www.fastcompany.com/90681049/the-role-of-government-in-deterring-cyberattacks
Netherlands Says Armed Forces May Combat Ransomware Attacks
"An example of the latter is taking IT infrastructure offline (or having it taken offline) that is part of the attack infrastructure or that is misused for digital espionage or sabotage. In addition to action by the Intelligence and Security Service (I&V) services, the Netherlands can also respond with the armed forces."
https://www.govinfosecurity.com/netherlands-says-armed-forces-may-combat-ransomware-attacks-a-17703
Russia and neighbours are source of most ransomware, says UK cyber chief
Her remarks represent one of the firmest attempts yet by a British intelligence chief to pin the epidemic of internet extortion on Russia, which is accused of sheltering criminal hackers who seek to extract millions by seizing corporate data.
https://www.theguardian.com/technology/2021/oct/11/russia-and-nearby-states-are-origin-of-most-ransomware-says-uk-cyber-chief
A Pentagon official said he resigned because US cybersecurity is no match for China, calling it 'kindergarten level’
A senior cybersecurity official at the Pentagon said he quit because he thought it was impossible for the US to compete with China on AI. [...] "We have no competing fighting chance against China in fifteen to twenty years. Right now, it's already a done deal; it is already over in my opinion." […] In China, Chaillan said, private cyber and AI companies were at Beijing's beck and call.
https://www.businessinsider.com/pentagon-official-quit-saying-us-cybersecurity-no-match-china-2021-10
Hacktivists aim fury at corporations, right-wing groups and authoritarian governments
Hacktivists are back in the public spotlight, nearly a decade after groups like Anonymous and LulzSec tore through the Internet and wreaked havoc on everyone from Sony to the U.S. Senate. In places including the United States, Iran and Belarus, hackers aiming to further political goals have gone after companies and organizations perceived as right-wing, the surveillance industry and even authoritarian governments.
https://www.washingtonpost.com/politics/2021/10/11/hacktivists-are-back/
TangleBot Android malware hijacks phone to steal login credentials
The malware also steals sensitive data stored on the device and monitors just about every user activity such as camera usage, audio conversations, and location, etc. Furthermore, the malware takes full control of the targeted device, including accessing banking data and can penetrate the deepest corners of Android OS.
https://www.hackread.com/tanglebot-android-malware-steal-login-credentials/
Twitch Leak Included Emails, Passwords in Clear Text: Researcher
Twitch users, if you haven’t changed your password yet, go. Now. Do it. [...] Namely, this wasn’t just a direct attack on Twitch, in spite of the attacker calling the service a “disgusting toxic cesspool.” Rather, it was also an attack on Twitch users, whose personal information was breached. An independent security researcher who requested anonymity found streamers’ email addresses and passwords in plain text in one exposed datastore.
https://threatpost.com/twitch-leak-emails-passwords/175390/
Experts Say Cyber Attacks Are Getting Worse
And while ransomware attacks are top of mind, they’re not the only attacks that are happening today. According to the Verizon Data Breach Incident Report for 2021, when hackers attack in a data breach 90% of the time, the vector used to breach is through web applications.
https://securityboulevard.com/2021/10/experts-say-cyber-attacks-are-getting-worse/
To the moon and hack: Fake SafeMoon app drops malware to spy on you
Cybercriminals are trying to capitalize on “the next big thing” in the turbulent cryptocurrency space in an attempt to take remote control of people’s computers and then steal their passwords and money. A campaign spotted recently impersonates the SafeMoon cryptocurrency app and uses a fake update to lure Discord users to a website that distributes a well-known remote access tool (RAT).
https://www.welivesecurity.com/2021/10/06/moon-hack-fake-safemoon-cryptocurrency-app-drops-malware-spy/
Brewdog might make an OK pint but its security sucks: Flaw opened door to free beers for anyone
"Shareholders get a free beer on the three days before or after their birthday under the terms of the Equity for Punks scheme," the code-testing operation warned. "One would simply access an account with the required date of birth, generate the QR code and the beers are on BrewDog!"
https://www.theregister.com/2021/10/11/in_brief_security/
|
