|
At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software
Speaking on condition of anonymity, two cybersecurity experts who’ve briefed U.S. national security advisors on the attack told KrebsOnSecurity the Chinese hacking group thought to be responsible has seized control over “hundreds of thousands” of Microsoft Exchange Servers worldwide — with each victim system representing approximately one organization that uses Exchange to process email.
https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/
Microsoft Attack Blamed On China Morphs Into Global Crisis
The attack, which Microsoft has said started with a Chinese government-backed hacking group, has so far claimed at least 60,000 known victims globally, according to a former senior U.S. official with knowledge of the investigation. Many of them appear to be small or medium-sized businesses caught in a wide net the attackers cast as Microsoft worked to shut down the hack.
https://www.bloomberg.com/news/articles/2021-03-07/hackers-breach-thousands-of-microsoft-customers-around-the-world
Microsoft IOC Detection Tool for Exchange Server Vulnerabilities
Microsoft has released an updated script that scans Exchange log files for indicators of compromise (IOCs) associated with the vulnerabilities disclosed on March 2, 2021. CISA is aware of widespread domestic and international exploitation of these vulnerabilities and strongly recommends organizations run the Test-ProxyLogon.ps1 script—as soon as possible—to help determine whether their systems are compromised.
https://us-cert.cisa.gov/ncas/current-activity/2021/03/06/microsoft-ioc-detection-tool-exchange-server-vulnerabilities
Telehealth’s success created a cybersecurity nightmare [Registration]
[All] these virtual visits are generating a mountain of digital healthcare data, which has to be secured against increasingly aggressive cyber attacks. Now, healthcare providers have to worry about the security of their own IT systems as well as that of all the devices in their patients’ homes. Patients may not think about cybersecurity very much, but there’s a lot they can do to protect their data.
https://qz.com/1980365/telehealths-success-created-a-cybersecurity-nightmare/
Universal Health Services faces $67 million loss after cyberattack
According to a report released this past week, the health system attributes most of the unfavorable impact to lost operating income related to decreased patient activity. "Given the disruption to the standard operating procedures at our facilities ... certain patient activity, including ambulance traffic and elective/scheduled procedures at our acute care hospitals, were diverted to competitor facilities," noted UHS in the report.
https://www.healthcareitnews.com/news/universal-health-services-faces-67-million-loss-after-cyberattack
Casting a wide intrusion net: Dozens burned with single hack
Mike Hamilton, a former Seattle chief information security officer now with CI Security, said the trend of exploiting third-party service providers shows no signs of slowing because it gives criminals the highest return on their investment if they “want to compromise a broad swath of companies or government agencies.”
https://apnews.com/article/donald-trump-politics-europe-eastern-europe-new-zealand-f318ba1ffc971eb17371456b015206a5
Public companies may not grasp responsibility to investors in sharing info on cyber risk
In the legal realm, law firms who work on software supply chain breach cases are increasingly scrutinizing what a business knew or should have known about their software and hardware suppliers, as well as exposure to known risky vendors, when discussing issues like liability.
https://www.scmagazine.com/home/security-news/data-breach/public-companies-may-not-grasp-responsibility-to-investors-in-sharing-info-on-cyber-risk/
Why Cybersecurity is the Weak Link in US Digital Finance
America’s policy approach to state-sponsored or sanctioned cyber-attacks remains ineffective because it is underfunded and divided. The current state of cyber response remains entirely reactive and serves more to explain cyber hacking and theft after the fact than to help address or prevent it in real-time.
https://thefintechtimes.com/why-cybersecurity-is-the-weak-link-in-us-digital-finance/
SMB Cybersecurity Report: 75% Have Had At Least One Breach
The research also found that three quarters of critical infrastructure SMBs experienced at least one breach, which could take an average of five months to recover from, at an average cost of $170,000. Additionally, nearly six-in-10 (59%) said they suffered breaches that stopped daily productivity. Forty-six percent reported losing customers as a result of a breach.
https://www.telecompetitor.com/smb-cybersecurity-report-75-have-had-at-least-one-breach/
Kingman city government hit by cyberattack
The City of Kingman has been hacked and a massive investigation is underway. [...] “The city has no access to email. We can work with customers through phone calls and in person,” Haines said. “All of the operations are impacted. Some can be done manually; some cannot be done at all.... We cannot access systems internally or externally.”
https://mohavedailynews.com/news/130408/kingman-city-government-hit-by-cyberattack/
FBI renews attack on encryption ahead of another possible attack on the Capitol [Subscription]
The head of the FBI renewed calls for special law enforcement access to encrypted technologies in response to recent acts of domestic extremism. [...] Wray and other law enforcement leaders charged that “end-to-end” encryption limits their ability to access critical evidence and detect crimes. That risk has gotten worse as more and more tech companies adopt the technology, which protects data so only the sender can access it.
https://www.washingtonpost.com/politics/2021/03/04/cybersecurity-202-fbi-renews-attack-encryption-ahead-another-possible-attack-capitol/
U.S. DoD Weapons Programs Lack ‘Key’ Cybersecurity Measures
“Specifically, cybersecurity requirements should be defined in acquisition program contracts, and criteria should be established for accepting or rejecting the work and for how the government will verify that requirements have been met,” according to the GAO’s report, released Thursday [PDF]. “However, GAO found examples of program contracts omitting cybersecurity requirements, acceptance criteria or verification processes.”
https://threatpost.com/dod-weapons-programs-lack-cybersecurity/164545/
A Hack Like This Could Start the Next World War
Witness China: The speed at which Beijing denies an attack is often inverse to its likely culpability. Or the U.S., for that matter. As far back as 2005, it collaborated with Israel to unleash the Stuxnet worm which hobbled Iran’s uranium enrichment program. While neither has formally admitted to their role, they also haven’t been particularly vociferous in rebutting the charge.
https://www.bloomberg.com/opinion/articles/2021-03-08/one-wrong-hack-could-start-a-world-conflict-like-none-ever-seen-before
When Does a Cyber Attack Become an ‘Act of War’?
[There’s] no need to prove complete state control to attribute a cyber attack. Even if the state had an ‘operational control’ on the cyber-infrastructure used to target other states, the attack can be attributed to it. Once the issue of attribution is resolved, or largely agreed upon, the next step would be to assess what level of cyber counter operation would be permissible under the law of armed conflict.
https://www.thequint.com/news/law/is-cyber-attack-an-act-of-war#read-more
Preparing for Retaliation Against Russia, U.S. Confronts Hacking by China
The first major move is expected over the next three weeks, officials said, with a series of clandestine actions across Russian networks that are intended to be evident to President Vladimir V. Putin and his intelligence services and military but not to the wider world.
https://www.nytimes.com/2021/03/07/us/politics/microsoft-solarwinds-hack-russia-china.html
Protect your privacy - don't share vaccination card images!
Here’s one to share with your aunts, uncles, nieces, and nephews. Don’t share your Covid vaccination cards on social media. There are lots of reasons why, enumerated here by CI’s Jake Milstein
https://www.nbcbayarea.com/news/coronavirus/why-you-shouldnt-share-your-covid-19-vaccine-card-on-social-media/2485144/
Massive Supply-Chain Cyberattack Breaches Several Airlines
A communications and IT vendor for 90 percent of the world’s airlines, SITA, has been breached, compromising passenger data stored on the company’s U.S. servers in what the company is calling a “highly sophisticated attack.” The affected servers are in Atlanta, and belong to the SITA Passenger Service System (SITA PSS), company spokeswoman Edna Ayme-Yahil told Threatpost.
https://threatpost.com/supply-chain-cyberattack-airlines/164549/
Business Apps Spoofed in 45% of Impersonation Attacks
Enterprise applications are spoofed in 45% of impersonation phishing attacks, GreatHorn researchers say. Social media-related apps such as Facebook, LinkedIn, and Twitter are seen in 34% of these attacks, and consumer apps such as Amazon and PayPal are seen in 20%, they note.
https://www.darkreading.com/threat-intelligence/business-apps-spoofed-in-45--of-impersonation-attacks/d/d-id/1340329
WordPress Injection Anchors Widespread Malware Campaign
The downloader malware known as Gootloader is poisoning websites globally as part of an extensive drive-by and watering-hole cybercampaign that abuses WordPress sites by injecting them with hundreds of pages of fake content. [...] “The threat actors’ end game is to infect business professionals, speaking English, German and Korean,” according to a posting on the campaign, issued Thursday.
https://threatpost.com/wordpress-injection-malware-campaign/164555/
Maza Russian cybercriminal forum suffers data breach
Maza is a closed and heavily-restricted forum for Russian-speaking threat actors. The community has been connected to carding -- the trafficking of stolen financial data and payment card information -- and the discussion of topics including malware, exploits, spam, money laundering, and more. Once the forum was compromised, the attackers who took the forum over posted a warning message claiming "Your data has been leaked / This forum has been hacked."
https://www.zdnet.com/article/maza-russian-cybercriminal-forum-suffers-data-breach/
|
