Weekly Threat News: 13th June, 2019

  • 13 June 2019
  • 0 replies
  • 367 views
Weekly Threat News: 13th June, 2019
Userlevel 7
Badge +47
  • Community and Advocacy Manager
  • 1347 replies
Kelvin (aka @FredFunk) took a little time off but is back on the community sharing his thoughts on some of the latest cybersecurity news this week. I really like his perspective on some of the biggest stories you might have seen on your feed and hope you find these updates valuable as well.

If you think he missed something or if you have any comments at all, let us know below.

Oh, and if you missed the #LifeatWebroot feature about Kelvin, be sure to check it out.

Apologies for the lack of updates but I was at Caro and then Infosec over the last two weeks with a couple of holidays thrown in.


Kelvin at Infosec

Pretty Data (Breaches)

The folks over at Information is Beautiful have compiled an interactive graphic displaying all of the major breaches from the last ten years. Each breach includes a story and like all graphics from IiB it is easy on the eye. Scrolling down through the various years it’s sad to note that the huge record busting breaches of the past have been dwarfed by recent headlines such as the Twitter and Marriott breaches of last year. As I’ve mentioned before Information Theft is the current criminal trend and is being seen across-the-board on “non-headline” or SME companies too.



Ransomware Halts Production for Days at Major Airplane Parts Manufacturer ASCO

A few weeks back I talked about the “soft” targets of cyberattack. Namely health, transport, government, education and SMB. There is another target that is seeing increasing prominence in cybersecurity news and that is big industry.
Big industrial targets might spend more than say, a school or SME on cybersecurity but downtime is absolutely catastrophic when huge industrial processes are a factor. Ransomware is particularly nasty when hitting targets with a lot of time sensitive and knock-on processes such as an airport or a large manufacturer.

ASCO

ASCO is one of the worlds largest suppliers of airplane parts and things got so bad on Monday that production was ceased in four of it’s international plants and over 1000 of its workers were sent home.

Other Attacks

Other recent ransomware attacks against big similar targets recently included those on Japanese mega-manufacturer Hoya Corporation and also the manufacturing giant Aebi Schmidt as well as the colossal shutdown of aluminium company Norsk Hydro.


Healthcare Orgs Hit with Destructive Attacks

Healthcare organizations are also the target of ruthless ransomware attacks. Some criminals are even willing to put cancer and palliative care at risk to try and elicit a ransom. Hospitals (especially in Ireland) are sprawling and messy places and keeping track of the users and devices must be a nightmare for an admin, never-mind securing them.
A recent report shows that it’s not just ransomware that healthcare has to worry about and data-theft and breaches are also a big risk too.
This particular report “Healthcare Cyber Heist in 2019” survived industry CISOs and painted a bleak (but unsurprising) picture.
  • 83% of surveyed healthcare organizations said they’ve seen an increase in cyberattacks over the past year
  • Two thirds (66%) of surveyed healthcare organizations said cyberattacks have become more sophisticated over the past year
  • With increased adoption of medical and IoT devices, the surface area for healthcare attacks is becoming even larger. The problem has been further compounded by limited cybersecurity staffing and stagnant cybersecurity budgets in the industry.

Quest Diagnostics Customers Affected by Third-Party Breach

The medical testing organization Quest Diagnostics has fallen victim to a third-party data breach that could affect nearly 12 million of their patients. AMCA, a collections agency that works with Quest Diagnostics, noticed unauthorized access to their systems over an eight-month period from August of last year through March 2019. The majority of data targeted were Social Security Numbers and other financial documents, rather than patient’s health records. The market offers a premium for such data”

University of Chicago Medicine Server Found Online

“Researchers have found a server belonging to University of Chicago Medicine with personal information belonging to more than 1.6 million current and past donors. The data includes names, addresses, and even marital and financial information for each donor. Fortunately, the researcher was quick to inform the university of the unsecured ElasticSearch server and it was taken down within 48 hours.”


Telegram says 'whopper' DDoS attack launched mostly from China

“The company's CEO has confirmed the timing coincided with the Hong Kong extradition law protests organized on his platform.”



"IP addresses coming mostly from China. Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram). This case was not an exception," [Telgram CEO and founder Pavel Durov]


FBI Issues Warning on ‘Secure’ Websites Used For Phishing

It wasn’t long ago when infosec insiders were lecturing users to “look for the padlock!” when visiting websites.


Said padlock seen when visiting the Webroot.com site from my Chrome browser

This padlock to the left of a site’s URL signifies that is has been verified by a third party certificate and is definitely a good sign that a site is secure when browsing or conducting business online. However a lot of users have taken our lectures as gospel and are now assuming that this is a guarantee that a site is genuine. Criminals are now exploiting this trust and certainty in the TLS certificate system and are getting better are spoofing their own certificates. This has gotten so bad the FBI have issued a warning recommending that honest web surfers also use common sense (such as checking domain spelling) when judging if a site is good or bad..



Webroot Warning

This warning is nothing new. Webroot’s Hal Lonas has given talks about this at RSA this year and has also appeared on Webroot’s own Youtube channel speaking on the matter.

0 replies

Be the first to reply!

Reply