Summary:
- Data was successfully encrypted in 75% of ransomware attacks on healthcare organizations in 2023, a significant increase from the previous year.
- The frequency of attacks decreased, with 60% of healthcare entities surveyed hit in 2023 compared to 66% in 2022.
- Only 24% of healthcare organizations were able to disrupt a ransomware attack before their data was encrypted, a decline from 34% in 2022.
- Ransomware attacks have a damaging impact on patient care and healthcare organizations are taking longer to recover.
- The average cost of a ransomware incident for healthcare organizations has grown to $2.2 million.
- There was a decrease in the proportion of organizations paying a ransom to recover data, from 62% to 42%.
- Best practices for healthcare organizations to combat ransomware attacks include using security tools, implementing zero trust architecture, investing in adaptive technologies, and maintaining basic security hygiene.
Hashtags: #Ransomware #HealthcareAttacks #DataEncryption #Cybersecurity
https://www.infosecurity-magazine.com/news/data-encrypted-ransomware/
Summary:
1. The Mozi IoT botnet, known for exploiting vulnerabilities in IoT devices, experienced a sudden decline in activity in August 2023.
2. ESET security researchers discovered a hidden kill switch responsible for disabling the botnet's functionality.
3. The kill switch was found in a UDP message and had various functions, including disabling processes and services.
4. The takedown of the Mozi botnet could have been executed by its creators or Chinese law enforcement.
5. Further investigation is ongoing to determine the true origin of the botnet's takedown.
Hashtags: #Mozi #IoT #botnet #security #cyberforensics #takedown
https://www.infosecurity-magazine.com/news/kill-switch-shuts-down-mozi-iot/
North Korean hackers, believed to be associated with the Lazarus Group, are targeting macOS crypto engineers with a new malware called Kandykorn. The hackers impersonate members of the blockchain engineering community to trick victims into downloading malicious code. The malware, named Kandykorn, provides various capabilities for data access and exfiltration. The malware communicates with a command-and-control server and uses reflective binary loading, a memory-resident form of execution that bypasses traditional detection methods. Hashtags: #NorthKoreanHackers #LazarusGroup #Kandykorn #macOS #malware
https://www.infosecurity-magazine.com/news/north-korea-crypto-engineers/
A Kubernetes security flaw allows attackers to escalate admin privileges. The vulnerability has been assigned CVE-2023-3676 with a severity rating of 8.8. Kubernetes has addressed the issue in their latest version of Kubelet. Mitigation and detection can be done through the application of Kubernetes patches and monitoring of audit logs. Upgrade to the latest version of Kubernetes to prevent exploitation. #cybersecurity #news #vulnerability
https://cybersecuritynews.com/kubernetes-security-flaw-escalate/
Iranian APT group (Scarred Manticore) linked to MOIS conducts cyberespionage campaigns in the Middle East targeting government, military, financial, and telecommunication sectors. They utilize the LIONTAIL malware framework to compromise Windows servers and execute remote commands. The threat actor has been active since 2019 and has evolved their toolset. #cybersecurity #malware #Windowsservers #IranianAPTgroup #cyberespionage
VMware Workspace Flaw lets attacker redirect to malicious source. Open redirect vulnerability in VMware Workspace ONE UEM console identified as CVE-2023-20886. Attacker can redirect victim to steal SAML response and access victim's Workspace ONE UEM console. VMware issued updates to fix vulnerability. Affected products include Workspace ONE UEM versions 2302, 2212, 2209, 2206, and 2203. Patches released for affected versions. Important to update to patched version to protect against potential data breaches. #VMware #vulnerability
Countries at a UK Summit Pledge to Tackle AI’s Potentially ‘Catastrophic’ Risks. Delegates from 28 nations agreed to work together to contain the potentially “catastrophic” risks posed by galloping advances in artificial intelligence. #AI #risks #summit #globalconversation #accountability.
Former British Cyberespionage Agency Employee Sentenced to Life in Prison for Stabbing American Spy. #Cybersecurity #Crime #Stabbing #GCHQ #NSA
Summary: A former British cyberespionage agency employee, Joshua Bowles, was sentenced to life in prison for attempting to murder an American intelligence worker. Bowles stabbed her repeatedly in a politically motivated attack as she left a gym in Cheltenham, UK. The attack was pre-meditated and targeted the woman solely because of her role with the NSA. Bowles will serve at least 13 years before any chance at early release. #AttemptedMurder #Sentencing
Summary: Forty countries have agreed to never pay digital extortionists, recognizing the impact of ransomware on national security and economies. This pledge aims to force organizations to adopt industry best practices and find high-quality backup solutions. Attendee nations at a White House meeting also pledged to disrupt the mechanisms by which threat actors receive payment, including better information-sharing platforms and AI analysis of blockchain payment flows.
Hashtags: #cybercrime #ransomware #nationalsecurity #economy #industrybestpractices #backup #informationsharing #blockchainanalysis
https://www.infosecurity-magazine.com/news/forty-countries-not-pay-cybercrime/
Summary: Hackers were able to obtain AWS credentials from GitHub within 5 minutes, using automated scanners to clone and retrieve exposed credentials. They targeted the mining of Monero and used Amazon EC2 instances for cryptojacking activities. The threat actors also exploited loopholes in GitHub's secret scanning feature and AWS Compromised Key Quarantine Policy.
Hashtags: #AWScredentials #GitHub #cryptojacking #Monero #cybersecurity
Palo Alto Networks acquires cloud security start-up Dig, specializing in advanced security solutions. #PaloAltoNetworks #cloudsecurity
Dig's DSPM solution allows businesses to efficiently manage multi-cloud data environments, protecting sensitive data. #DigSecurity #cloudsecurity
Integration with Prisma Cloud enhances security and minimizes the risk of data breaches. #PrismaCloud #datasecurity
The migration to cloud infrastructure brings new security threats, requiring a fresh approach to safeguarding cloud data. #cloudsecurity #datasecurity
https://cybersecuritynews.com/palo-alto-networks-to-acquire-dig/
Atlassian urges quick action to protect Confluence instances from critical vulnerability. Confluence Data Center and Server customers should patch their instances against CVE-2023-22518. Exploitation can lead to significant data loss. No reports of active exploitation at this time. The vulnerability does not impact confidentiality. Patched versions have been released. Public internet access should be restricted until patches can be applied. Atlassian Cloud sites are not affected. #Atlassian #Confluence #Vulnerability
Palo Alto Networks to acquire cloud security start-up Dig Security. Hashtags: #PaloAltoNetworks #Acquisition #CloudSecurity #DigSecurity
Dig Security provides Data Security Posture Management (DSPM) technology. Hashtags: #DataSecurity #Cybersecurity #Technology
Dig Security's DSPM solution helps organizations discover, classify, monitor, and protect sensitive data across all cloud data stores. Hashtags: #DataProtection #CloudSecurity
The acquisition will enhance Palo Alto Networks' Prisma Cloud platform. Hashtags: #PrismaCloud #Cybersecurity
Financial details of the transaction were not disclosed. Hashtags: #MergersAndAcquisitions #Deal
Dig Security was founded by entrepreneurs Dan Benjamin, Ido Azran, and Gad Akuka. Hashtags: #Entrepreneurs #StartUp
The acquisition is expected to close in the coming months. Hashtags: #Business #Closing
https://www.securityweek.com/palo-alto-networks-to-acquire-cloud-security-start-up-dig-security/
1. SEC lawsuit against SolarWinds CISO sparks concern and evaluation in the cybersecurity industry
2. Lawsuit alleges that former CISO failed to disclose critical information on cyberattack
3. Mixed opinions on the lawsuit's impact on holding CISOs accountable
4. Concerns that lawsuit may discourage information sharing and hinder response to cyberattacks
5. CISOs reevaluating roles and seeking legal guidance on potential risks and liabilities
6. Evolving responsibilities of CISOs in managing cybersecurity and communication
7. Lawsuit serves as a reminder of the complex legal and regulatory challenges in the industry
8. Outcome of the lawsuit and implications for the cybersecurity industry remain uncertain.
#cybersecurity #SEClawsuit #SolarWinds #CISO #informationsecurity #cyberthreats #regulatorychallenges #responsibilities #cyberattacks
https://www.securityweek.com/cisos-spooked-by-sec-lawsuit-against-solarwinds-ciso/
Cybersecurity awareness month focuses on social engineering attacks, particularly phishing attacks that aim to deceive people into giving up sensitive information. Companies need to invest in training and resources to help employees identify and report these attacks. AI is being used by cybercriminals to create more sophisticated attacks, making it harder to discern fraudulent messages. Organizations should take collective responsibility for cybersecurity and adopt a zero-trust model. Human intelligence remains crucial in recognizing and responding to threats, as experienced cybersecurity teams can interpret the subtleties of an attack. Investing in AI-literate humans is essential in the ongoing battle against phishing attacks.
https://www.infosecurity-magazine.com/opinions/strengthening-cyber-resilience/
Scarred Manticore, an Iranian actor associated with the Ministry of Intelligence and Security, has been targeting high-profile organizations in the Middle East, including government, military, and telecommunications sectors. The campaign has been ongoing for at least a year and utilizes various backdoors to infiltrate Windows servers for espionage purposes. Scarred Manticore's recent campaign employs the unique LIONTAIL framework, indicating the advancement of Iranian threat actors. The campaign is expected to continue and possibly expand into other regions. The attack on Albanian government networks serves as a reminder of the collaborative nature of nation-state actors. #ScarredManticore #cybersecurity #espionage #Iran
https://www.infosecurity-magazine.com/news/scarred-manticore-targets-middle/
Arid Viper campaign targets Arabic-speaking Android users, deploying customized mobile malware in the APK format. No concrete evidence connects the threat actor to the Israel-Hamas conflict. The malware resembles a legitimate dating application called Skipped, raising questions about affiliations or unlawful access. Links masquerading as app updates distribute the malware. The malware can disable security notifications, steal information, and inject more malicious apps. Cisco Talos investigation reveals a network of dating-themed apps tied to Skipped, potentially generating revenue for APT operators.
#AridViper #Androidmalware #APKformat #datingapp #mobilesecurity
https://www.infosecurity-magazine.com/news/arid-viper-targets-arabic-speaking/
1. Boeing is assessing claims made by the LockBit ransomware group about the theft of confidential information.
2. The LockBit ransomware group has imposed a deadline for data leak and is threatening to publish sensitive data if Boeing does not pay a ransom.
3. Boeing has started an inquiry into the incident but has not confirmed any compromise or released information.
4. LockBit is the most active ransomware gang globally and has targeted various industries, including finance, energy, healthcare, and transportation.
5. LockBit has made an estimated $91 million from victims in the US alone since January 2020.
6. Researchers suggest that companies affected by ransomware contact their nation's cybersecurity agencies for assistance.
7. Boeing has been removed from the list of victims by the LockBit ransomware group.
Hashtags:
#Boeing #LockBit #ransomware #cybersecurity #dataleak #investigation
https://cybersecuritynews.com/boeing-investigating-cyberattack/
Russian Hacking Tool Creates Fake Social Media Profiles in Seconds.
Kopeechka service generates hundreds of fake social media accounts.
Kopeechka allows access to minors' chat site registrations.
Kopeechka displays the number of valid emails it has.
Kopeechka buys email addresses for illicit use.
Users can create accounts using purchased email addresses.
Kopeechka provides access to 16 online SMS services.
Consumers are kept informed about any service changes.
Kopeechka recommends using ZennoPoster for automated registration.
Email service providers need to improve registration procedures.
Artificial intelligence can help identify automated account registrations.
Hashtags: #cybersecurity #cybersecuritynews #HackingTool #malware
https://cybersecuritynews.com/russian-hacking-tool-social-media/
Exploit Released for Cisco IOS XE Zero-day Vulnerability. Cisco reports critical vulnerability CVE-2023-20198. Vulnerability affects Cisco IOS XE software in routers, switches, and networking devices. Cisco has patched the vulnerability and released a security advisory. Exploit allows unauthenticated threat actor to elevate privileges and create an account with complete control over the device. Cisco has implemented a fix with a Proxy-Uri-Source header. Users should upgrade their Cisco devices to prevent exploitation. #cybersecurity #vulnerability