Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Spams
Cyber Security GitHub Google RETVec Spams

Google Introduces RETVec: Gmail’s New Defense to Identify Spams


Google has recently introduced a new multilingual text vectorizer called RETVec (an acronym for Resilient and Efficient Text Vectorizer), to aid identification of potentially malicious content like spam and fraudulent emails in Gmail. 

While massive platforms like YouTube and Gmail use text classification models to identify frauds, offensive remarks, and phishing attempts, threat actors are known to create counter-strategies to get around these security mechanisms. 

The project description on GitHub reads, "RETVec is trained to be resilient against character-level manipulations including insertion, deletion, typos, homoglyphs, LEET substitution, and more."

"The RETVec model is trained on top of a novel character encoder which can encode all UTF-8 characters and words efficiently."

The Google-sponsored platforms reveal that they have been using Adversarial text manipulations, such as the usage of homoglyphs, keyword stuffing, and invisible characters. 

With its out-of-the-box support for over 100 languages, RETVec seeks to contribute to developing more robust and computationally affordable server-side and on-device text classifiers that are more durable and effective. 

In natural language processing (NLP), vectorization is a technique that maps words or phrases from a lexicon to a matching numerical representation for use in sentiment analysis, text classification, and named entity recognition, among other analyses. 

Google’s anti-abuse researchers Elie Bursztein and Marina Zhang note in the Google Security blog that, “due to its novel architecture, RETVec works out-of-the-box on every language and all UTF-8 characters without the need for text preprocessing, making it the ideal candidate for on-device, web, and large-scale text classification deployments." 

Google further notes that incorporating vectorizer into Gmail has really helped in detecting spam, with the detection rate escalating over the baseline by 38%. Also, the false positive rate has declined by 19.4%. 

Moreover, vectorization has also reduced the model's Tensor Processing Unit (TPU) usage by 83%. 

"Models trained with RETVec exhibit faster inference speed due to its compact representation. Having smaller models reduces computational costs and decreases latency, which is critical for large-scale applications and on-device models," Bursztein and Zhang added. 

Spams are the most popular attack vector in the virtual space, used by almost every cybercriminal. The popularity comes with its convenience of being omnipresent, cheap, and efficient, enabling cybercriminals to transfer malware and access sensitive data from targeted systems.  

Read more »
Technology
AI Chatbot ChatGPT Generative AI Tech Giant Technology

Amazon Introduces Q, a Business Chatbot Powered by Generative AI

 

Amazon has finally identified a solution to counter ChatGPT. Earlier this week, the technology giant announced the launch of Q, a business chatbot powered by generative artificial intelligence. 

The announcement, made in Las Vegas at the company's annual conference for its AWS cloud computing service, represents Amazon's response to competitors who have released chatbots that have captured the public's attention.

The introduction of ChatGPT by San Francisco startup OpenAI a year ago sparked a wave of interest in generative AI tools among the general public and industry, as these systems are capable of generating text passages that mimic human writing, such as essays, marketing pitches, and emails.

The primary financial backer and partner of OpenAI, Microsoft, benefited initially from this attention. Microsoft owns the rights to the underlying technology of ChatGPT and has used it to develop its own generative AI tools, called Copilot. However, competitors such as Google were also prompted to release their own versions. 

These chatbots are the next wave of AI systems that can interact, generate readable text on demand, and even generate unique images and videos based on what they've learned from a massive database of digital books, online writings, and other media. 

According to tech giant, Q can perform tasks like content synthesis, daily communication streamlining, and employee assistance with blog post creation. Businesses can get a customised experience that is more relevant to their business by connecting Q to their own data and systems, according to the statement. 

Although Amazon is the industry leader in cloud computing, surpassing competitors Google and Microsoft, it is not thought to be at the forefront of AI research that is leading to advances in generative AI. 

Amazon was ranked lowest in a recent Stanford University index that evaluated the transparency of the top 10 foundational AI models, including Titan from Amazon. Less transparency, according to Stanford researchers, can lead to a number of issues, including making it more difficult for users to determine whether they can trust the technology safely. 

In the meantime, the business has continued to grow. In September, Anthropic, a San Francisco-based AI startup founded by former OpenAI employees, announced that Amazon would invest up to $4 billion in the business. 

The tech giant has also been releasing new services, such as an update for its well-liked assistant Alexa that enables users to have conversations with it that are more human-like and AI-generated summaries of customer product reviews.
Read more »
Ukraine Organization
Cyber Security Data Extortion Encryption EU EU Regulators European Union Europol Geopolitical Malicious actor Ransomware Attacks. Ransomware Gang Ukraine Organization

Europol Dismantles Ukrainian Ransomware Gang

A well-known ransomware organization operating in Ukraine has been successfully taken down by an international team under the direction of Europol, marking a major win against cybercrime. In this operation, the criminal group behind several high-profile attacks was the target of multiple raids.

The joint effort, which included law enforcement agencies from various countries, highlights the growing need for global cooperation in combating cyber threats. The dismantled group had been a prominent player in the world of ransomware, utilizing sophisticated techniques to extort individuals and organizations.

The operation comes at a crucial time, with Ukraine already facing challenges due to ongoing geopolitical tensions. Europol's involvement underscores the commitment of the international community to address cyber threats regardless of the geopolitical landscape.

One of the key events leading to the takedown was a series of coordinated raids across Ukraine. These actions, supported by Europol, aimed at disrupting the ransomware gang's infrastructure and apprehending key individuals involved in the criminal activities. The raids not only targeted the group's operational base but also sought to gather crucial evidence for further investigations.

Europol, in a statement, emphasized the significance of international collaboration in combating cybercrime. "This successful operation demonstrates the power of coordinated efforts in tackling transnational threats. Cybercriminals operate globally, and law enforcement must respond with a united front," stated the Europol representative.

The dismantled ransomware gang was reportedly using the Lockergoga ransomware variant, known for its sophisticated encryption methods and targeted attacks on high-profile victims. The group's activities had raised concerns globally, making its takedown a priority for law enforcement agencies.

In the aftermath of the operation, cybersecurity experts are optimistic about the potential impact on reducing ransomware threats. However, they also stress the importance of continued vigilance and collaboration to stay ahead of evolving cyber threats.

As the international community celebrates this successful operation, it serves as a reminder of the ongoing battle against cybercrime. The events leading to the dismantlement of the Ukrainian-based ransomware gang underscore the necessity for countries to pool their resources and expertise to protect individuals, businesses, and critical infrastructure from the ever-evolving landscape of cyber threats.

Read more »
Technology
Artifcial Intelligence Biomedial Informatics ChatGPT Cyber Threat Intelligence CyberCrime Doctors OpenAI Technology

Next-Level AI: Unbelievable Precision in Replicating Doctors' Notes Leaves Experts in Awe

 


In an in-depth study, scientists found that a new artificial intelligence (AI) computer program can generate doctors' notes with such precision that two physicians could not tell the difference. This indicates AI may soon provide healthcare workers with groundbreaking efficiencies when it comes to providing their work notes. Across the globe, artificial intelligence has emerged as one of the most popular topics with tools like the DALL E 2, ChatGPT, as well as other solutions that are assisting users in various ways. 

A new study has found that a new automated tool for creating doctor's notes can be so reliable that two doctors were unable to distinguish between the two versions, thus opening the door for Al to provide breakthrough efficiencies to healthcare personnel. 

An evaluation of the proof-of-concept study conducted by the authors involved doctors examining patient notes that were authored by real medical professionals as well as by the new Al system. There was a 49% accuracy rate for determining the author of the article only 49% of the time. There have been 19 research studies conducted by a group of University of Florida and NVIDIA researchers, who trained supercomputers to create medical records using a new model known as GatorTronGPT, which works similarly to ChatGPT. 

There are more than 430,000 downloads of the free versions of GatorTron models from Hugging Face, an open-source AI website that provides free AI models to the public. Based on Yonghui Wu's post from the Department of Health Outcomes and Biomedical Informatics at the University of Florida, GatorTron models are the only models on the site that can be used for clinical research, said lead author. Among more than 430,000 people who have downloaded the free version of GatorTron models from the Hugging Face website, there has been an increase of more than 20,000 since it went live. 

There is no doubt that these GatorTron models are the only ones on the site that would be suitable for clinical research, according to lead author Yonghui Wu of the University of Florida's Department of health outcomes and Biomedical Informatics. According to the study, published in the journal npj Digital Medicine, a comprehensive language model was developed to enable computers to mimic natural human language using the database. 

Adapting these models to handle medical records offers additional challenges, such as safeguarding the privacy of patients as well as the requirement for highly technical precision, as compared to how they handle conventional writing or conversation. Using a search engine such as Google or a platform such as Wikipedia these days makes it impossible for users to access medical records within the digital domain. 

Researchers at the University of Pittsburgh utilized a cohort of two million patients' medical records, which contained 82 billion relevant medical terms that provided the dataset necessary to overcome these challenges. They also trained the GatorTronGPT model using an additional collection of 195 billion words to make use of GPT-3 architecture, a variant of neural network architecture, to analyze medical data by using GPT-3 architecture, based on a dataset combined with 195 billion words. 

Consequently, GatorTronGPT was able to produce clinical text that resembled doctors' notes as part of its capability to create clinical text. A medical GPT has many potential uses, but among those is the option of replacing the tedious process of documenting with a process of capturing and transcribing notes by AI instead. 

As a result of billions upon billions of words of clinical vocabulary and language usage accumulated over weeks, it is not surprising that AI has reached the point where it is similar to human writing. The GatorTronGPT model is the result of recent technological advances in AI, which have demonstrated that they have considerable potential for producing doctors' notes that appear almost indistinguishable from those created by professionals who have a high level of training. 

There is substantial potential for enhancing the efficiency of healthcare documentation due to the development of this technology, which was described in a study published in the NPJ Digital Medicine journal. Developed through a successful collaboration between the prestigious University of Florida and NVIDIA, this groundbreaking automated tool signifies a pivotal step towards revolutionizing the way medical note-taking is conducted. 

The widespread adoption and utilization of the highly advanced GatorTron models, especially in the realm of clinical research, further emphasizes the practicality and strong demand for such remarkable innovations within the medical field. 

Despite the existence of certain challenges, including privacy considerations and the requirement for utmost technical precision, this remarkable research showcases the remarkable adaptability of advanced language models when it comes to effectively managing and organizing complex medical records. This significant achievement offers a promising glimpse into a future where AI seamlessly integrates into various healthcare systems, thereby providing a highly efficient and remarkably accurate alternative to the traditional and often labour-intensive documentation processes.

Consequently, this remarkable development represents a significant milestone in the realm of medical technology, effectively paving the way for improved workflows, enhanced efficiency, and elevated standards of patient care, which are all paramount in the ever-evolving healthcare landscape.
Read more »
Technology
ChatGPT Data protection Generative AI South Korea Technology

South Korea Aims to be the Global Leader in Regulating Generative AI

Generative AI

South Korea and Generative AI

The emergence of generative artificial intelligence (AI) technologies, such as ChatGPT, has caused regulators all around the world to establish rules and regulations governing their use. South Korea is rising to the occasion by trying to create normative frameworks for emerging AI technologies, to set a precedent for other countries in data protection and industry regulation. 

Ko Hak-soo, chairman of Korea's Personal Information Protection Commission (PIPC), talked about South Korea's goal to develop AI rules and data protection on a worldwide scale in an exclusive interview with The Korea Herald.

Korea's PIPC Chairman aspires to lead the world

Ko Hak-soo, who took over as PIPC head in October of the year prior, has been actively involved in discussions over data privacy and AI policies. Particularly, he has been selected for the United Nations' high-level advisory group on artificial intelligence, highlighting Korea's significance in worldwide AI governance.

Ko stressed South Korea's determination to be a global leader in establishing AI rules. While recognizing that the European Union and the United States have taken a leading role in regulating AI, he emphasized the importance of Korea forging its path, given its unique AI ecosystem, which offers one of the world's greatest AI scaleup conditions and is home to IT behemoths such as Naver and Kakao.

"We need to come up with more balanced normative systems while stepping up global cooperation in effectively responding to the technology," Ko went on to say.

Korea's one-of-a-kind AI ecosystem

Korea's AI landscape differs from other countries. With a strong AI scaleup environment and big tech businesses situated within its borders, Korea is well-positioned to make important contributions to the advancement of AI rules that balance industrial growth and personal data protection.

Ko stated that the nation's AI sector has been under discussion for over five years, illustrating Korea's proactive approach to addressing AI-related concerns. When it comes to coordinating national AI data strategy, the PIPC, as a central administrative agency, stands in an unparalleled position in Asia.

As generative AI technologies continue to revolutionize many sectors, South Korea has established itself as a leader in AI data regulation and protection. The actions of Ko Hak-soo and the PIPC highlight Korea's dedication to balancing business expansion with sensitive data protection, forging a path independent of that of the EU and the US. 

South Korea is on course to become an important player in determining the future of AI policy and data protection globally, with upcoming global events and active involvement in international forums.


Read more »
secure login
Biometric Authentication Cyber Security Digital Security encryption technology FIDO Alliance innovative authentication Passkeys password alternatives password-free future secure login

Passkeys & Passwords: Here's Everything You Need to Know

In a world tired of grappling with the complexities and vulnerabilities of traditional passwords, a transformative solution is emerging. Despite the advancements offered by the latest password managers, passwords remain a persistent pain and a significant security risk if compromised. However, a paradigm shift is underway, with innovative alternatives like passkeys gradually replacing the age-old password dilemma.

The passkeys, a cutting-edge form of encryption technology designed to streamline the login experience for devices, apps, and services. Developed by the collaborative efforts of major tech, finance, and security giants such as Apple, Google, Microsoft, and others, the FIDO Alliance aims to usher in a future where passwords become obsolete.

Diverging from conventional passwords, passkeys consist of private and public keys, intricate codes that enhance security. The private key, residing securely on the user's device, provides a foolproof means of access. On the other hand, the public key, stored on company servers, reveals minimal information, rendering it useless if stolen. The FIDO Alliance's ultimate goal is to alleviate the challenges associated with password protection and drive towards a more secure future.

Is a passkey more secure than a traditional password? 

In essence, yes. Passkeys eliminate the need for users to memorize passwords and mitigate the risk of weak passkeys being compromised. In the event of a data breach, the public keys alone are insufficient for unauthorized access. Moreover, passkeys often incorporate biometrics, such as facial recognition or fingerprints, to verify the user's identity, adding an extra layer of security.

The benefits of passkeys extend beyond security. Quick to set up and use, passkeys minimize the need for physical inputs, enabling convenient features like swipe-to-pay and secure digital wallets. Users are freed from the burden of remembering complex passwords or master passwords for password managers.

To obtain a passkey, users are prompted to set up a Personal Identification Number (PIN) or utilize biometric information, such as fingerprints or facial recognition. While passkeys offer significant benefits, they are not yet universal. Companies within the FIDO Alliance, such as PayPal, Google, and Microsoft, are more likely to adopt passkey technology, but widespread acceptance is still in its nascent stages.

Despite the advantages of passkeys, traditional passwords endure due to their simplicity, universality, and cost-effectiveness. Passwords do not require the intricate tech infrastructure needed by passkeys, making them a more affordable option for businesses. Moreover, passwords are universally understood and can be used across different devices and browsers.

While passkeys are revolutionizing cybersecurity, they are not replacing password managers. Notable password managers like LastPass and Dashlane, also part of the FIDO Alliance, leverage WebAuthn technology to secure passwords and other essential security information.

Overall, passkeys represent a promising future for enhanced cybersecurity, addressing the shortcomings of traditional passwords. As this groundbreaking technology gains wider acceptance, users are encouraged to embrace passkeys for heightened security and convenience in their digital interactions. The era of password-free security is on the horizon, and passkeys are leading the way.
Read more »
Vulnerabilities and Exploits
API Bug Black hat Code Execution Flaw PoC Exploit Code TrickBoot UEFI Bootkit UEFI Firmware Vulnerabilities and Exploits

LogoFAIL: UEFI Vulnerabilities Unveiled

The discovery of vulnerabilities is a sharp reminder of the ongoing conflict between innovation and malevolent intent in the ever-evolving field of cybersecurity. The tech community has been shaken by the recent discovery of LogoFAIL, a set of vulnerabilities hidden in the Unified Extensible Firmware Interface (UEFI) code that could allow malicious bootkit insertion through images during system boot.

Researchers have delved into the intricacies of LogoFAIL, shedding light on its implications and the far-reaching consequences of exploiting image parsing vulnerabilities in UEFI code. The vulnerability was aptly named 'LogoFAIL' due to its origin in the parsing of logos during the boot process. The severity of the issue is evident from the fact that it can be exploited to inject malicious code, potentially leading to the deployment of boot kits — a type of malware capable of persistently infecting the system at a fundamental level.

The vulnerability was first brought to public attention through a detailed report by Bleeping Computer, outlining the specifics of the LogoFAIL bugs and their potential impact on system security. The report highlights the technical nuances of the vulnerabilities, emphasizing how attackers could exploit weaknesses in UEFI code to compromise the integrity of the boot process.

Further exploration of LogoFAIL is presented in a comprehensive set of slides from a Black Hat USA 2009 presentation by researcher Rafal Wojtczuk. The slides provide an in-depth analysis of the attack vectors associated with LogoFAIL, offering valuable insights into the technical aspects of the vulnerabilities.

In a more recent context, the Black Hat Europe 2023 schedule includes a briefing on LogoFAIL, promising to delve into the security implications of image parsing during system boot. This presentation will likely provide an updated perspective on the ongoing efforts to address and mitigate the risks that LogoFAIL poses.

The gravity of LogoFAIL is underscored by additional resources such as the analysis on binarly.io and the UEFI Forum's document on firmware security concerns and best practices. Collectively, these sources highlight the urgency for the industry to address and remediate the vulnerabilities in the UEFI code, emphasizing the need for robust security measures to safeguard systems from potential exploitation.

Working together to solve these vulnerabilities becomes critical as the cybersecurity community struggles with the consequences of LogoFAIL. The industry must collaborate to establish robust countermeasures for the UEFI code, guaranteeing system resilience against the constantly changing cyber threat environment.


Read more »
SMBs
Australian Businesses Australian Government Cyber Security cyber threat Small Businesses SMBs

Australian SMBs Faces Challenges in Cyber Security


The internet has turned into a challenge for small to midsize businesses based in Australia. In addition to the difficulty of implementing innovative technology quickly and with limited resources because of the rate of invention, they also face the same cyberthreats that affect other organizations. Then, as 60% of SMBs close following a breach, companies that are breached are likely to fail later.

This has raised concerns of the regulators. 

According to a recent report by ASIC, ‘medium to large’ business firms are recently been reporting severe cyber security capabilities in comparison to other organizations, including supply chain risk management, data security, and consequence management.

In response to the aforementioned threats, the Australian government has announced an AU $20 million package to boost small businesses. An optional cyber "health check" program is being established as part of this to assist small business owners in assessing the maturity of their cyber security. A Small Business Cyber Resilience Service, which will offer a one-on-one service to assist small firms in recovering from a cyber assault, will also receive $11 million of the package. 

This initiative will focus on areas where SMBs are the most vulnerable. However, small firms will also need to take it upon themselves to place a lot greater emphasis on resilience than they have been doing in the face of growing cyber threats. 

The Risk in Numbers 

The ASIC research analysis found that small businesses are only slightly more effective than half of their medium and big counterparts in several areas, such as identifying threats and overcoming them.

The significant percentages of small businesses are as follows:

  • Do not follow or benchmark against any cyber security standard (34%).
  • Do not perform risk assessments of third parties and vendors (44%).
  • Have no or limited capability in using multi-factor authentication (33%)./ Do not patch applications (41%).
  • Do not perform vulnerability scans (45%). Do not have backups in place (30%).

The Cost to Small Business

The Annual Cyber Threat Report 2022-23 published by the Australian Signals Directorate reveals that the average cost of cybercrime has increased by 14% over the past year. Small firms paid $46,000, medium-sized organizations paid $97,200, and bigger enterprises paid $71,600.

Of course, that is a financial burden for any business, but it seems to be especially harmful for SMBs. Approximately 60% of small firms that experience a breach ultimately go out of business as a direct result of it.

These organizations face a real existential threat from cyber security. Even those who manage to escape the breach's direct costs still have to deal with the harm to their reputation, which can cost them partners and customers as well as short-term cash flow. In the best-case scenario, a cyberattack "just" prevents the small business from expanding and growing.

What can Small Businesses do? 

After identifying the restrictions on resources available to small businesses, the ASD and Australian Cyber Security Centre have designed the Essential Eight, a set of best practices for security and small enterprises. These are as follows:

  • Creating, implementing and managing a whitelist of approved applications. 
  • Implementing a process to regularly update and patch systems, software and applications.
  • Disabling macros in Microsoft Office applications unless specifically required, and training employees not to deploy macros in unsolicited email attachments or documents. 
  • Securing the configuration of web browsers to prevent harmful content, hence hardening user applications. Keeping browser extensions up to date and only using those that are required.
  • Restricting administrative privileges to those who need them. 
  • Configuring operating system patching through automatic updates.
  • Using strong, unique passwords and enabling multi-factor authentication. 
  • Isolating backups from the network and performing daily backups of important data.  

Read more »
Russian Gang
Cyber Attacks Extortion Group Ransom Payment Ransomware Russian Gang

Black Basta's Ransom Money Surpasses $100 million in Less Than Two Years

 

Researchers have discovered that since the Black Basta ransomware gang first surfaced early last year, victims of its double-extortion attacks have paid the gang more than $100 million. With the haul, which included taking over $1 million from at least 17 victims and $9 million from one victim, the Russian-affiliated gang is now among the highest-ranking ransomware operators. 

Blockchain analytics startup Elliptic and cyber insurance provider Corvus claimed in a joint research post published on November 29 that Black Basta had targeted at least 329 organisations and had received payments totaling at least $107 million from over 90 victims. The researchers said that based on the number of victims in the 2022–2023 period, the gang was the fourth most active strain of ransomware. 

“It should be noted that these figures are a lower bound – there are likely to be other ransom payments made to Black Basta that our analysis is yet to identify – particularly relating to recent victims,” the researchers explained. 

In June, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory stating that LockBit, a "prolific" rival gang, had received $91 million from victims in the United States between early 2020 and mid-2023, which puts the group's earnings into perspective. This year, Black Basta has taken down major victims such as ABB, a Swiss technology company, Capita, a British outsourcing company, and Dish Network. 

The gang is thought to have split off from the Conti Group, a notorious ransomware operator that disbanded last year. It employs double-extortion techniques, stealing confidential information from victims, encrypting their networks, and threatening to release the data if a ransom isn't paid. Qakbot malware was frequently used to spread the Black Basta ransomware. 

According to the Elliptic and Corvus report, Qakbot's botnet was taken down by authorities in August, which could account for the notable decline in Black Basta attacks in the second half of the year. Elliptic researchers discovered links between Black Basta and Qakbot on the Bitcoin blockchain, with parts of ransoms paid to Black Basta being transferred to Qakbot wallets. 

“These transactions indicate that approximately 10% of the ransom amount was forwarded on to Qakbot, in cases where they were involved in providing access to the victim,” the researchers added. “Our analysis of Black Basta’s crypto transactions also provides new evidence of their links to Conti Group. In particular, we have traced Bitcoin worth several million dollars from Conti-linked wallets to those associated with the Black Basta operator.”
Read more »
Hospitals
Ardent Health Service Cyber Attacks Cyber Hackers Cyber Siege. Ransomaware Cyber Threats CyberCrime Cybersecurity Emergency Hospital Health Operator Hospitals

Emergency Rooms Hit by Cyber Siege: Patient Diversions Spread Across Three States

 


During the recent ransomware attack on one of the hospitals in the chain of 30 that operates in six states, patients from some of its ERs will be diverted to other hospitals over the coming weeks, while some elective surgeries will be postponed. 

Ardent Health Services owns or partially owns all of the hospitals affected by this scandal, as well as other hospitals in at least five states. The company is based in Tennessee and owns more than twenty dozen hospitals in at least that number of states. 

As of now, several hospitals in East Texas are unable to accept ambulances from other hospitals, along with an Albuquerque hospital that has 263 beds; one hospital in Montclair, New Jersey that has 365 beds; and another hospital network in East Texas that serves thousands of patients each year. 

There is no doubt that the Coronavirus pandemic has been marked by disruptions to healthcare services that are caused by ransomware, which secures computers for hackers to demand a fee in return for unlocking them.

Cybercrime firm Recorded Future, which specialises in cyber security, reports that hospitals are now being targeted - and demands for extortion payments are being made. There have been at least 300 documented ransomware attacks on healthcare facilities every year since 2020, according to an NBC report based on an interview with Ransomware analyst Allan Liska in June. 

An attack that occurred at St Margaret's Health in Spring Valley, Illinois, in June forced the facility to close, in part due to its poorly planned security measures. The Ardent health operator has been identified as the largest health operator to have been hit by this strike so far. NBC reports that although there has not been any case of patients dying as a result of an attack, studies have confirmed that ransomware attack on hospitals is linked to an increase in mortality rates, despite the lack of cases of patients dying as a result of an attack. 

There was no change in the perception of patient care in Ardent's hospital, emergency room, and clinic as the company that started as a psychiatric hospital continued to deliver care "safely and effectively." Despite that, the company also announced that because of the "obvious precautions", some non-emergent, elective procedures have been rescheduled and some emergency room patients have been diverted to hospitals in the area until the systems are back up and running. 

According to Ardent Health Services, the disruption was caused by a ransomware attack and the organization has informed its patients that some emergency room patients have been transferred to other hospitals until the systems are restored. As a result, some non-emergency surgeries had to be rescheduled by hospital facilities. 

Ardent spokesperson Will Roberts told us on Tuesday afternoon that more than half of Ardent's 25 emergency rooms had reopened their doors to accepting ambulances or were fully lifting their “divert” status. In a divert situation, ambulance services are asked to transport emergency patients to nearby hospitals when they need emergency care.

During flu seasons, COVID-19 surges, natural disasters, and large trauma events, hospitals nationwide have used divert status. Roberts said hospitals have used divert status at times. It has been reported that at least 35 Ransomware attacks have disrupted the operations of healthcare providers this year, according to Brett Callow, a cybersecurity analyst at Emsisoft. 

As the cybersecurity company starts to catch more and more infections, it is expected that the number of attacks will increase. In most cases, hackers can commit attacks during holidays when they believe that there are fewer security guards available to protect them. Several law enforcement agencies, including the FBI, are advising victims of ransomware attacks not to agree to ransom demands. 

The emergency rooms at several hospital chains in Oklahoma, New Mexico, and Texas were transferring patients to other hospitals as a result of several hospital transfers. There has been an attack on the computer programs of Ardent that track patients' healthcare records, among others. According to Ardent's statement, the ransomware has taken the company's network offline. 

In addition to reporting the matter to law enforcement and consulting third parties on forensics and threat intelligence, the company also retained an independent forensic and threat intelligence team to handle the matter. The fact that hackers have consistently targeted hospital chains has been one of the major indicators that a growing trend of cybercrime has gained momentum in 2019. 

According to several studies, a significant correlation indeed exists between ransomware attacks on hospitals and increased mortality rates, yet there are no cases that have yet been proven to occur in which a ransomware attack has killed a patient in a healthcare facility. Some medical professionals, however, disagree and believe the cause of death is purely coincidental.
Read more »
Shimano
Japanese Firm LockBit 3.0 malware Ransomware Shimano

LockBit Leaked 4.5 TB Data of Shimano Industry

 

Shimano Industries, a prominent Japanese multinational manufacturing company specializing in cycling components, fishing tackle, and rowing equipment, fell victim to the world's largest ransomware group, LockBit. The group stole 4.5 terabytes of sensitive company data. 

The company had previously been involved in the production of golf supplies until 2005 and snowboarding gear until 2008. Situated in Sakai, Osaka Prefecture, the corporation operates with 32 consolidated and 11 unconsolidated subsidiaries. Its primary manufacturing facilities are strategically located in Kunshan (China), as well as in Malaysia and Singapore. 

According to Flashpoint, a company specializing in cyber-crime protection, it labels LockBit as the 'most active' ransomware group globally. Flashpoint attributes 27.93 percent of all documented ransomware attacks to this particular group. 

As reported by Cycling News, LockBit is a cybercrime group that uses malicious software to break into companies' sensitive data. Once they have the information, they demand money from the targeted companies, threatening to make the compromised data public if payment is not made. 

The announcement asserts that the group has infiltrated exceptionally sensitive information, encompassing: 

1. Employee details, comprising identification, social security numbers, addresses, and scanned passports. 

2. Financial records, including balance sheets, profit and loss statements, bank statements, various tax forms, and reports. 

3. Client information, involving addresses, internal documents, mail exchanges, confidential reports, legal documents, and results from factory inspections. 

4. Miscellaneous documents, such as non-disclosure agreements, contracts, confidential diagrams and drawings, developmental materials, and laboratory test results. 

The Data has been Leaked? 

Earlier this month, Escape Collective initially disclosed that hackers issued a threat to release 4.5 terabytes of confidential data unless Shimano made an undisclosed ransom payment. The compromised data, as outlined by Escape Collective, encompasses confidential employee information, financial records, a client database, and various other sensitive company documents. 

The hackers imposed a deadline for the ransom, set for November 5, 2023. Subsequently, when the stipulated demands went unmet, the message on LockBit's website changed, indicating that "all available data" had been made public. However, notably, there was no corresponding download link provided for accessing the data.
Read more »
Subscribe to: Comments (Atom)