Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Private Information. Show all posts
Ransomware
Cyberattacks Data Privacy Private Information quiet ransomware Ransomware

The Growing Danger of Hidden Ransomware Attacks

 


Cyberattacks are changing. In the past, hackers would lock your files and show a big message asking for money. Now, a new type of attack is becoming more common. It’s called “quiet ransomware,” and it can steal your private information without you even knowing.

Last year, a small bakery in the United States noticed that their billing machine was charging customers a penny less. It seemed like a tiny error. But weeks later, they got a strange message. Hackers claimed they had copied the bakery’s private recipes, financial documents, and even camera footage. The criminals demanded a large payment or they would share everything online. The bakery was shocked— they had no idea their systems had been hacked.


What Is Quiet Ransomware?

This kind of attack is sneaky. Instead of locking your data, the hackers quietly watch your system. They take important information and wait. Then, they ask for money and threaten to release the stolen data if you don’t pay.


How These Attacks Happen

1. The hackers find a weak point, usually in an internet-connected device like a smart camera or printer.

2. They get inside your system and look through your files— emails, client details, company plans, etc.

3. They make secret copies of this information.

4. Later, they contact you, demanding money to keep the data private.


Why Criminals Use This Method

1. It’s harder to detect, since your system keeps working normally.

2. Many companies prefer to quietly pay, instead of risking their reputation.

3. Devices like smart TVs, security cameras, or smartwatches are rarely updated or checked, making them easy to break into.


Real Incidents

One hospital had its smart air conditioning system hacked. Through it, criminals stole ten years of patient records. The hospital paid a huge amount to avoid legal trouble.

In another case, a smart fitness watch used by a company leader was hacked. This gave the attackers access to emails that contained sensitive information about the business.


How You Can Stay Safe

1. Keep smart devices on a different network than your main systems.

2. Turn off features like remote access or cloud backups if they are not needed.

3. Use security tools that limit what each device can do or connect to.

Today, hackers don’t always make noise. Sometimes they hide, watch, and strike later. Anyone using smart devices should be careful. A simple gadget like a smart light or thermostat could be the reason your private data gets stolen. Staying alert and securing all devices is more important than ever.


Read more »
Stolen Database
Data Breach data security Doxxed Information Leak Personal Data Breach Private Information Stolen Database

Exposing the Business of Doxing and Its Perils

 

Doxing, a once obscure practice of publishing someone’s private information online without their consent, has evolved into a dangerous and profitable underground industry. The dark world of doxing has grown increasingly sophisticated, with malicious actors exploiting the vast amounts of personal data available online to harass, extort, and even physically harm their victims. 

In its early days, doxing was often driven by personal vendettas or ideological disagreements. The perpetrators would scour social media profiles, public records, and other online sources to piece together a victim’s sensitive information, such as home addresses, phone numbers, and even social security numbers. This information would then be posted online, typically on forums or social media, where it could be used to intimidate or threaten the victim. However, the doxing ecosystem has since transformed into something far more nefarious and organized. 

Today, doxers can trick companies and institutions into handing over personal information, using social engineering tactics and other sophisticated methods. By impersonating a legitimate entity or individual, they are able to bypass security measures and obtain sensitive data, which is then sold on the dark web or used to further exploit the victim. One alarming trend within this ecosystem is the rise of “doxing for hire” services. For a fee, individuals can hire professional doxers to target specific people, providing them with a detailed dossier of the victim’s personal information. This information can include everything from private email addresses to detailed records of their online activities. 

In some cases, these services even offer “violence as a service,” where the hired doxers don’t just publish the information, but also coordinate physical attacks on the victim. The consequences of doxing can be devastating. Victims may experience a range of harms, including harassment, identity theft, financial loss, and emotional distress. In extreme cases, doxing has led to physical violence and even death. Despite these dangers, the practice remains alarmingly common and continues to evolve in ways that make it more difficult for authorities to combat. 

As the doxing industry grows, so too does the need for more robust protections for personal data and stronger legal measures to deter and punish perpetrators. The dark world of doxing for profit is a sobering reminder of the perils of our increasingly connected and data-driven world.
Read more »
Senior Tories
Cinservative Party Cyber Attacks CyberCrime CyberThreat Data Leak data threat Private Information Senior Tories

Campaign Oversight Results in Leak of Senior Tories' Private Info

 


Although local party anger has been expressed over the selection of Conservative Chairman Richard Holden as the party's candidate for Basildon and Billericay, he has been appointed at the very last minute as the party's candidate. The BBC contacted two local Tory officials and they said Mr Holden was the only candidate offered by the National Party to represent Essex. 

The former Tory official said the move was a "slap in the face" for local Conservatives. The cabinet minister told the BBC that the decision had 'gone down like a bucket of cold sick'. He did not respond to requests for comment. A Conservative Party spokesperson said he had been "unanimously chosen". A Conservative Party spokesperson stated that he had been elected unanimously. Despite serving North West Durham, nearly 300 miles further north, since 2019, the party chairman will be expelled from the seat for this year's election as part of a review of UK seat boundaries, which means that he will have to find another seat. 

A small number of senior association members attended Mr Holden's address on Wednesday evening in the constituency where he represented the senior political association. It was reported that the entire local executive committee was quite dissatisfied with the way the central party handled the issue, but Mr Holden ultimately did "align" with the views and values of locals. In the opinion of another activist - who was not present in the room - the choice of Mr Holden was a "very poor decision" since several cabinet ministers are fighting marginal seats and are aware that they will lose their seats. In addition to making himself a safe seat, Richard has also used a process that is completely insane. 

As the Conservative Party scrambles to put together a full slate of candidates before the registration deadline on Friday, the Conservative Party is putting together a full slate of candidates. The Tory MP for Basildon and Billericay has been in the House of Commons since 2001. Last October, he announced that he would be leaving the House of Commons. As a result of his last election victory, the seat was attractive to the Tories as it yielded a 20,412 majority, which made it an ideal location for candidates of the party to run this time around. 

Earlier this year, the local association chairman, Richard Moore, told the BBC that the group would be given the option to pick their candidate at a meeting scheduled for a choice of three candidates from the national party. He added that local members were "extremely put out" that the party had waited until two days before the close of nominations to put forward a candidate. "This could have all been done in March or April," he said, adding that the central party had "sat on this for seven months". Andrew Baggot, a local Conservative councillor, also criticised the process, calling it a "slap in the face to local councillors, volunteers and the membership". 

Basildon Conservative Association's executive council is expected to meet next week to discuss the next steps for fighting the decision. According to him, members of the association are exploring options to fight the decision. There have been numerous selection disputes in the Labour Party involving left-wing candidates, including Diane Abbott, a close ally of Jeremy Corbyn. In addition, the Conservatives have been triggering discontent within local party branches for a while, following the same process as the opposition. The Conservatives are expected to fill dozens of seats before Friday, but they have also been following a systematic approach. 

While the party is scrambling to fill places, several Tory advisers have been selected to run for relatively safe seats for the party during the selection process. As it turns out, Will Tanner, an adviser to Prime Minister Rishi Sunak, has been chosen to run for Bury St Edmunds & Stowmarket. He is reportedly one of three candidates on the list drawn up by the party's headquarters. In Wellingborough and Rushden, Mr Sunak's deputy political secretary, David Goss, has been selected, while in Great Yarmouth, James Clark, a former adviser to the Defence Secretary, has been chosen. 

The Conservative Party usually shortlists and approves candidates through local Conservative associations, along with national officials who approve selections. The Labour Party normally offers local branches the opportunity to select candidates based on the longlists that have been approved by the central party. In the closing days of the campaign, local members have been reduced to less than their usual role, as the national party is focusing on filling target seats or seats where MPs are stepping down or suspensions are taking place. As a result, Alex Harrison has been selected as the Labour candidate for Basildon and Billericay, while Stephen Conlay has been selected as the Reform UK candidate and Stewart Goshawk has been selected as the Green candidate.
Read more »
Private Information
CISA Citrix Bleed Bug Cyber Security Finance Healthcare Malicious actor Private Information

Ransomware Surge: 2023 Cyber Threats

In the constantly changing field of cybersecurity, 2023 has seen an increase in ransomware assaults, with important industries like healthcare, finance, and even mortgage services falling prey to sophisticated cyber threats.

According to recent reports, a ransomware outbreak is aimed against critical services like schools, hospitals, and mortgage lenders. These attacks have far-reaching consequences that go well beyond the digital sphere, producing anxiety and disturbances in the real world. The state of affairs has sparked worries about the weaknesses in our networked digital infrastructure.

A concerning event occurred at Fidelity National Financial when a ransomware debacle shocked homeowners and prospective purchasers. In addition to compromising private financial information, the hack caused fear in those who deal in real estate. This incident highlights the extensive effects of ransomware and the necessity of strong cybersecurity protocols in the financial industry.

Widespread technology vulnerabilities have also been exposed, with the Citrix Bleed Bug garnering media attention. The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings due to the growing damage caused by this cybersecurity vulnerability. The growing dependence of businesses and organizations on digital platforms presents a significant risk to data security and integrity due to the potential for exploiting vulnerabilities.

On the legislative front, the National Defense Authoration Act (NDAA) looms large in the cybersecurity discourse. As the specter of cyber threats continues to grow, policymakers are grappling with the need to bolster the nation's defenses against such attacks. The imminent NDAA is expected to address key issues related to cybersecurity, aiming to enhance the country's ability to thwart and respond to cyber threats effectively.

The healthcare sector has not been immune to these cyber onslaughts, as evidenced by the Ardent Hospital cyberattack. This incident exposed vulnerabilities in the healthcare system, raising questions about the sector's preparedness to safeguard sensitive patient information. With the increasing digitization of medical records and critical healthcare infrastructure, the need for stringent cybersecurity measures in the healthcare industry has never been more pressing.

The ransomware landscape in 2023 is characterized by a concerning surge in attacks across various critical sectors. From financial institutions to healthcare providers, the vulnerabilities in our digital infrastructure are being ruthlessly exploited. As the world grapples with the fallout of these cyber threats, the importance of proactive cybersecurity measures and robust legislative frameworks cannot be overstated. The events of 2023 serve as a stark reminder that the battle against ransomware is an ongoing and evolving challenge that requires collective and decisive action.



Read more »
Unauthorized access
Android Applications API Bug Data Breach Private Information T-Mobile Technical Glitch Unauthorized access

T-Mobile App Glitch Exposes Users to Data Breach

A recent T-Mobile app bug has exposed consumers to a severe data breach, which is a disturbing revelation. This security hole gave users access to sensitive information like credit card numbers and addresses as well as personal account information for other users. Concerns regarding the company's dedication to protecting user data have been raised in light of the event.

On September 20, 2023, the problem reportedly appeared, according to reports. Unauthorized people were able to examine a variety of individual T-Mobile customer's data. Along with names and contact information, this also included extremely private information like credit card numbers, putting consumers at risk of loss of money. 

T-Mobile was quick to respond to the incident. A company spokesperson stated, "We take the security and privacy of our customers very seriously. As soon as we were made aware of the issue, our technical team worked diligently to address and rectify the glitch." They assured users that immediate steps were taken to mitigate the impact of the breach.

Security experts have highlighted the urgency of the situation. Brian Thompson, a cybersecurity analyst, emphasized, "This incident underscores the critical importance of robust security protocols, particularly for companies handling sensitive user data. It's imperative that organizations like T-Mobile maintain vigilant oversight of their systems to prevent such breaches."

The breach not only puts user information at risk but also raises questions about T-Mobile's data protection measures. Subscribers trust their service providers with a wealth of personal information, and incidents like these can erode that trust.

T-Mobile has advised its users to update their app to the latest version, which contains the necessary patches to fix the glitch. Additionally, they are encouraged to monitor their accounts for any unusual activities and report them promptly.

This incident serves as a stark reminder of the ever-present threat of data breaches in our digital age. It reinforces the need for companies to invest in robust cybersecurity measures and for users to remain vigilant about their personal information. In an era where data is more valuable than ever, safeguarding it should be of paramount importance for all.
Read more »
Social Media
Cyber Attacks Facebook GDPR Health Information Meta NHS Trusts Private Information Social Media

Facebook Shares Private Information With NHS Trusts

 


In a report published by The Observer, NHS trusts have been revealed to share private information with Facebook. As a result of a newspaper investigation, it was discovered that all of the websites of 20 NHS trusts were using a covert tracking tool to collect browsing data that was shared with the tech giant, it is a major breach of privacy that violated patient privacy. 

The trust has assured people that it will not collect personal information about them. It has not obtained the consent of the people involved in the process. Data were collected showing the pages people visited, the buttons they clicked, and the keywords they searched for.

As part of the system, the user's IP address was matched with the data and often the data was associated with their Facebook account details. 

A person's medical condition, the doctor's appointment, and the treatments they have received may be known once this information is matched with their medical information. 

Facebook might use it for advertising campaigns related to its business objectives as part of its business strategy. 

The news of this weekend's breach of Meta Pixel has caused panic across the NHS trust community. This is due to 17 of the 20 trusts using the tracking tool taking drastic measures, even apologizing for the incident. 

How does a Meta Pixel tracker work? What is it all about? 

Meta's advertising tracking tool allows companies to track visitor activity on their web pages and gain a deeper understanding of their actions. 

A meta-pixel has been identified as an element of 33 hospital websites where, whenever someone clicks on an appointment button to make an appointment, Facebook receives “a packet of data” from the Meta Pixel. Data about an individual household may be associated with an IP address, which in turn can be linked to its specific IP address. 

It has been reported that eight doctors have apologized to their patients. Furthermore, multiple trusts were unaware they sent patient data to Facebook. This was when they installed tracking pixels to monitor recruitment and charity campaigns. They thought they monitored recruitment specifically. The Information Commissioner's Office (ICO) has proceeded with its investigation despite this and privacy experts have verbally expressed their concerns in concert as well.

As a result of the research findings, the Meta Pixel has been removed from the Friedrich Hospital website. 

Piedmont Healthcare used Meta Pixels to collect data about patients' upcoming doctor appointments through Piedmont Healthcare's patient portal. These data included patients' names, dates, and times of appointments. 

Privacy experts have expressed concern over these findings, who are concerned that they indicate widespread potential breaches of patient confidentiality and data protection that are in their view “completely unacceptable ”. 

There is a possibility that the company will receive health information of a special category, which is legally protected in certain situations. As defined by the law, health information consists of information that relates to an individual's health status, such as medical conditions, tests, treatments, or any other information that relates to health. 

It is impossible to determine the exact usage of the data once it is accessed by Facebook's servers. The company states that the submission of sensitive medical data to the company is prohibited. It has filters in place to weed out such information if it is received accidentally. 

As several of the trusts involved explained, they originally implemented the tracking pixel to monitor recruitment or charity campaigns. They had no idea that patient information is sent to Facebook as part of that process. 

BHNHST, a healthcare trust in the town of Buckinghamshire, has removed the tracking tool from its website. It has been commented that the appearance of Meta Pixel on this site was an unintentional error on the part of the organization. 

When BHNHST users accessed a patient handbook about HIV medications, it appears that BHNHST shared some information with Facebook as a result of the access. According to the report, this data included details such as the name of the drug, the trust's name, the user's IP address, and the details of their Instagram account. 

In its privacy policy, the trust has made it explicitly clear that any consumer health information collected by it will not be used for marketing purposes without the consumer's explicit consent. 

When Alder Hey Children's Trust in Liverpool was linked to Facebook each time a user accessed a webpage related to a sexual development issue, a crisis mental health service, or an eating disorder, the organization also shared information with Facebook. 

Professor David Leslie, director of ethics at the Alan Turing Institute, warned that the transfer of patient information to third parties by the National Health Service would erode the "delicate relationship of trust" between the NHS and its patients. When accessing an NHS website, we have a reasonable expectation that our personal information will not be extracted and shared with third-party advertising companies or companies that might use it to target ads or link our personal information to health conditions."

According to Wolfie Christl, a data privacy expert who has been researching the ad tech industry to find out what is happening, "This should have been stopped long ago by regulators, rather than what is happening now. This is unacceptable in any way, and it must stop immediately as it is irresponsible and negligent." 

20 NHS trusts in England use the tracking tool to find their locations. Together the 20 trusts cover a 22 million population in England, reaching from Devon to the Pennines. Several people had used it for many years before it was discontinued. 

Moreover, Meta is facing litigation over allegations that it intentionally received sensitive health information - including information taken from health portals - and did not take any steps to prevent it. Several plaintiffs have filed lawsuits against Meta, alleging it violated their medical privacy by intercepting and selling their individually identifiable health information from its partner websites. T

Meta stated that the trusts had been contacted to remind them of the privacy policies in place, essentially to prohibit the sharing of health information between the organization and Meta. 

"Our corporate communication department educates advertisers on the proper use of business tools to avoid this kind of situation," the spokesperson added. The group added that it was the owner's responsibility to make sure that the website complied with all applicable data protection laws and that consent was obtained before sending any personal information. 

Several questions have been raised concerning the effectiveness of its filters designed to weed out potentially sensitive, or what types of information would be blocked from hospital websites by the company. They also refused to explain why NHS trusts could send the data in the first place. 

According to the company, advertisers can use its business software tools to grow their business by using health-based advertising to help them achieve their business goals. There are several guides available on its website on how it can display ads to its users that "might be of interest" by leveraging data collected by its business tools. If you look at travel websites, for instance, you might see ads for hotel deals appearing on the website. 

Meta was accused of not complying with part of GDPR (General Data Protection Regulation), in the sense that it moved Facebook users' data from one country to another without permission, according to the DPC. 

Meta Ireland was fined a record fine on Meta Ireland from the European Commission. This order orders it to suspend any future transfers of personal data to the US within five months. They have also ordered the company to stop any future data transfer to the US within the same period. Meta imposed an unjustified fine, according to the company.
Read more »
Salesforce severe
Brian Krebs Cyber Security Data Leak KrebsonSecurity Private Information Salesforce severe

Data Leak: Critical Data Being Exposed From Salesforce Servers


According to a post by KrebsOnSecurity published on Friday, servers running Salesforce software are leaking private data controlled by governmental bodies, financial institutions, and other businesses.

According to Brian Krebs, Vermont had at least five websites that gave anyone access to critical information. One of the programs impacted was the state's Pandemic Unemployment Assistance program. It revealed the applicants' full names, Social Security numbers, residences, contact information (phone, email, and address), and bank account details. Vermont adopted Salesforce Community, a cloud-based software solution created to make it simple for businesses to quickly construct websites, just like the other organizations giving the general public access to sensitive data.

Among the other victims was Columbus, an Ohio-based Huntington Bank. It recently bought TCF Bank, which processed commercial loans using Salesforce Community. Names, residences, Social Security numbers, titles, federal IDs, IP addresses, average monthly payrolls, and loan amounts were among the data components that were revealed.

Apparently, both Vermont and Huntington discovered the data leak after Krebs reached them for a comment on the matter. Following this, both the customers withdrew public access to the critical data.. Salesforce Community websites can be set up to require authentication, limiting access to internal resources and sensitive information to a select group of authorized users. The websites can also be configured to let anyone read public information without requiring authentication. In certain instances, administrators unintentionally permit unauthorized users to view website sections that are meant to be accessible only to authorized personnel.

Salesforce tells Krebs that it provides users with clear guidance on how to set up Salesforce Community so that only certain data is accessible to unauthorized guests, according to Krebs.

Doug Merret, who raised awareness in regards to the issue eight months ago, further elaborated his concerns on the ease of misconfiguring Salesforce in a post headlined ‘The Salesforce Communities Security Issue.’

“The issue was that you are able to ‘hack’ the URL to see standard Salesforce pages - Account, Contact, User, etc.[…]This would not really be an issue, except that the admin has not expected you to see the standard pages as they had not added the objects associated to the Aura community navigation and therefore had not created appropriate page layouts to hide fields that they did not want the user to see,” he wrote.

Krebs noted that it came to know about the leaks from security researcher Charan Akiri, who apparently identified hundreds of organizations with misconfigured Salesforce sites. He claimed only five of the many companies and governmental agencies that Akiri informed had the issues resolved, among which none were in the government sector.

Read more »
Video Conferencing
AWS S3 Data Breach Data Theft Exposed records Hacking Event Private Information Video Conferencing

Civicom Data Breach Disclosed 8TB of Files

 

Civicom, a New York City-based company that provides audio, online videoconferencing, and market analysis services, has been discovered to be giving its customers access to a goldmine of personal and sensitive data. 

Civicom excels in virtual meetings over the internet, and the files contain audio and video recordings of private customer sessions. Unfortunately, the S3 bucket was left open to the public with no password or security verification, allowing everyone with knowledge on how to discover damaged databases to access the data.

"The greatest audio and web conferencing services on the world, webinar services, global marketing research services, top transcription/CRM entry provider, general transcription service and more online jury trials." according to the company's Homepage. 

It was caused by a misconfigured AWS S3 bucket, rather than attackers intentionally hacking into the system, as is usual of this type of data breach. There were four different datasets exposed as listed below:

  • Conferences on video.
  • Highlights that have been clipped. 
  • Recordings on audio.
  • Transcripts of Audio. 

Countless hours of video and audio recordings, as well as hundreds of written transcripts, reveal Civicom's clients' private chats. Several businesses are likely to have discussed the following topics during these discussions: 
  • Sensitive business information (perhaps includes market research calls). 
  • Confidential information. 
  • Properties of the mind. 
It is worth noting that a number of client companies have employees whose personal information is visible on the bucket. Employees of Civicom clients' PII which have been exposed include complete names and photos of the faces and bodies of staff. At the time of the event, the bucket was active and being updated, and it had been active since February 2018. The management of Civicom's bucket is not Amazon's responsibility, therefore this data leak is not Amazon's fault. 

Civicom exposed 8 gigabytes of records containing more than 100,000 files, according to the Website Planet Security Team, which discovered the database. This was due to one of Civicom's unencrypted Amazon S3 buckets. The AWS S3 bucket has been active since 2018, according to the Website Planet Security Team. 

On October 28th, 2021, the researchers discovered the vulnerability and notified Civicom of the situation on October 30th, 2021.  After three months, Civicom replied to Website Planet and retrieved the bucket on January 26th, 2022. Nonetheless, the good news is, the bucket is not accessible to the general public.
Read more »
User Security
Cyber Security Cyber Security awareness pirated software Private Information User Security

Think Twice Before Downloading Pirated Software, Your Private Details Might Be at Risk

 

Purchasing software can be expensive, especially for those who have tight pockets. Many students and researchers find themselves in tough situations due to those costs. Some then turn to pirated software. However, it takes a heavy toll on software designers as their work is stolen from them. 

The issue with carrying out a pirated software download is that it consists of any titles used outside the permission parameters provided by the developer or distributor. That could mean using a cheaply made and illegally copied version. The cracked version is often embedded with malware as it allows the threat actors to compromise large numbers of personal computers and access the number of stolen credentials with ease. Here are some of the risks of downloading and using illegal software. 

Malicious content

Downloading pirated software can pose serious security risks, especially for those who use their computers for activities like banking, shopping, and submitting health insurance. Recently, cybersecurity experts uncovered evidence of illegitimate software key generators and cracked platforms containing ransomware that stole users’ passwords. 

According to a report by security firm Cybereason, one cracked software can affect more than 500,000 machines. Additionally, a study from the Digital Citizens Alliance discovered that one-third of pirated software contained malware. It also identified that software downloaded from illegal sources was 28 times more likely to contain malware than software downloaded from legitimate sources. 

Legitimacy issues 

Downloading pirated software is a punishable offense in almost every country around the globe. It is considered a violation of software copyright law and the punishment for violating the local copyright laws depends on the country in which the people concerned are being charged. 

Another major consequence is that you may be blocked by the software provider temporarily or permanently. For instance, if you pirate a copy of Adobe Photoshop, then Adobe could block you from using any of their software in the future. Particularly, if you rely on this software for your work, this could cause a serious problem.

Lack of updates 

The biggest ramification of using pirated software is the lack of updates. For legitimate software, manufacturers roll out timely updates not only to add new features but also to patch existing vulnerabilities in the software code. However, this is not feasible in the case of pirated software. Downloading a cracked version deprives you of new features and functionalities and also leaves you vulnerable to attackers due to issues in existing codes.
Read more »
Private Information
000 50 Cyber Crime French Healthcare Workers Private Information

Private Information of 50,000 French Healthcare Workers Stolen

 


French authorities unearthed a glut of stolen credentials on the dark web, apparently belonging to the healthcare workers. The authorities have alerted the healthcare department and advised them to remain vigilant. In recent weeks, threat actors have attacked several French hospitals – including hospitals in Dax and Villefranche-sur-Saone.

The French Ministry of Social Affairs and Health issued an alert this week stating, France Computer Emergency Response Team notified our department regarding the sale of a list of 50,000 user accounts on a cybercriminal platform which includes login/password credentials apparently belonging to French healthcare workers. 

The alert notes that “it is difficult to accurately describe the origin of this leak, but the impact that the use of login/agent password couples can have on the security of institutions’ information systems is more easily valuable. That includes attempts to connect to remote means of access, such as Outlook web access and VPN. Once the connection is successful, attackers can use all the resources allocated to the compromised account to break into the information system.”

The French health ministry also admitted that several healthcare facilities in the nation have been attacked by malware involving Emotet, TrickBot, and Ryuk and while explaining the same, it said that “particular attention should be paid to this because these three malwares are used in complex chains of attacks that have a strong impact on the activity of victims. Scan campaigns from the infrastructure of the TA505 (Clop ransomware activity cluster) and UNC1878 (Ryuk ransomware activity cluster) targeting health facilities were also reported.”

Mutuelle Nationale des Hospitaliers (MNH), the latest victim of a ransomware attack stated, “we spotted an intrusion into our data system on February 5 and our cybersecurity team quickly determined the potency of the cyber-attack. The computer systems were taken offline to negate the spread of the virus and to shield the personal information of our members, staff, and our partners.”

Threat actors are using the same tactics of attacking the healthcare department in France and other nations as well. For instance, last week in South Korea threat actors attempted to steal Covid-19 vaccine and treatment data from pharmaceutical maker Pfizer.
Read more »
Subscribe to: Posts (Atom)