The target: Düsseldorf University Hospital, a German teaching hospital
The take: A critically ill patient died as a result of the cyberattack on the hospital’s systems
The attack vector: A ransomware attack was carried out on the hospital’s systems, exploiting a vulnerability in their VPN. However – as the encryption attack caused the hospital’s computer system to become disconnected from the ambulance network, a critically ill patient had to be redirected to a remote hospital, and died after her admission to hospital was delayed by over an hour.
While hospitals are regular targets of ransomware attacks, this is the first known case where such an attack has cost a patient’s life, and is a stark reminder of the potential stakes. This attack was made possible by a security vulnerability in an off-the-shelf software product, which, for IT professionals, again, underlines the critical importance of maintaining patching procedures and ensuring that applications and appliances are maintained.
ZDNet: The general public faces phishing attempts, spam, malvertising, and more in their daily lives. However, in the business realm, successfully targeting major companies -- including banks, industrial giants, and medical facilities -- can be far more lucrative for cybercriminals.
GBHackers: Big companies such as Facebook have allowed their staff to work from home permanently. Shopify, a Canadian-based e-commerce company, has announced that it has become “digital by default.” Since many companies have rapidly adopted the arrangements of semi-remote working conditions, they need to be very quick in mitigating the cyber risks.
The Washington Post: The next Supreme Court justice could play a key role in determining rules of the road for cybersecurity and privacy in the digital age ― regardless of whether they're appointed by President Trump or Joe Biden.
The Sydney Morning Herald: Macquarie Group and Commonwealth Bank are facing fresh scrutiny of their oversight of anti-money laundering laws after it emerged that overseas banks had reported close to $US167 million ($230m) of potential dirty money transactions flowing through the two Australian banks.
CBC: A ransomware attack last spring at Simon Fraser University (SFU) compromised the personal information of about 250,000 students, faculty and alumni, documents reveal. The ransomware — malicious software that locks a computer system until a ransom is paid — breached a database on Feb. 27 that contained the personal information of every person who joined the school before June 20, 2019.
ZDNet: "Ransomware is one of the main threats," Fernando Ruiz, head of operations at Europol's European Cybercrime Centre (EC3), told ZDNet. Europol supports the 27 EU member states in their fight against terrorism, cybercrime and other serious and organised forms of crime.
Cyberscoop: Last week saw a flurry of U.S. indictments of alleged Chinese and Iranian hackers as part of a multi-agency crackdown on foreign intelligence services.
The target: Razer, an American-based maker of computer accessories and peripherals.
The take: 100,000 records of Personally Identifiable Information including: full name, email, phone number, internal customer ID, order number, billing and shipping address
The attack vector: The data was left unsecured due to a misconfiguration on an Elasticsearch server without any protection or credential management, leaving the information open to be downloaded by anyone with an internet connection.
The information exposed poses great risk for Razer’s customers as social engineering attacks, such as fraud and phishing, could easily be crafted with precision by bad actors because of the leaked personally identifiable data. This breach highlights the critical importance of not only proper and secure configurations of storage where sensitive information is held, but also strict and robust policy around access and security.
Security Magazine: A new report, Taking the Pulse of Government Cybersecurity 2020 by Nominet surveyed government cybersecurity professionals in the U.S., U.K. and Middle East. The research was conducted by the Information Security Media Group and shows a clear perception that collaboration with the private sector is desirable in order to keep pace with change and innovation to ensure robust national cyber defense.
Krebs on Security: U.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges.
Businesswire: Neustar, Inc., a global information services and technology company and leader in identity resolution, released its latest cyberthreats and trends report which identifies significant shifts in distributed denial-of-service (DDoS) attack patterns in the first half of 2020. Neustar’s Security Operations Centre (SOC) saw a 151% increase in the number of DDoS attacks compared to the same period in 2019. These included the largest and longest attacks that Neustar has ever mitigated at 1.17 Terabits-per-second (Tbps) and 5 days and 18 hours respectively. These figures are representative of the growing number, volume and intensity of network-type cyberattacks as organisations shifted to remote operations and workers’ reliance on the internet increased.
NBC: Five members of an alleged Chinese hacking group have been indicted for their role in a scheme to hack into more than 100 companies in the U.S., the Justice Department announced.
Proskauer: A cyber breach can have serious legal, financial, and reputational consequences for a fund sponsor, as described in our previous post. As such, cybersecurity threats must be treated as business risks, not just a potential IT problem. Senior management at fund sponsors should take the lead to ensure that the sponsor is taking appropriate actions to protect itself against cyber risks. There are several steps that senior management can guide the fund sponsor to take to prevent breaches from occurring and to mitigate the impact when they do occur.
NZ Herald: The NZX is understood to be under another cyber attack, putting its website out of action, but share trading was continuing normally under measures put in place when the first attacks occurred late last month.
ZDNet: The FBI has sent a private security alert to the US financial sector last week warning organizations about the increasing number of credential stuffing attacks that have targeted their networks and have led to breaches and considerable financial losses.
The target: Service New South Wales, an Australian government agency.
The take: 3.8 million combined records from a total of 186,000 customers. Data stolen included: names, home addresses, scans of handwritten notes, applications forms, and records of transactions.
The attack vector: Attackers gained access to NSW’s systems through a targeted phishing attack against an employee. These credentials were compromised when the employee clicked on a suspicious link, leading to unauthorized access of 47 Service NSW staff member’s email accounts.
The highly sensitive information stolen presents a clear risk of identity theft and further scams against the affected customers. Training and teaching around phishing attacks are of critical importance for every firm. Knowing how to recognize an attack and what to do are key takeaways from this incident.
infosecurity: Yet another cryptocurrency exchange has been hit by a major cyber-attack, this time leading to the loss of over $5m from customers’ hot wallets. Slovakian firm ETERBASE, which describes itself as “Europe’s premier digital asset exchange,” revealed yesterday that around $5.4m was stolen.
Private Bank International: One in five investors globally has been a victim of financial fraud over the past three years, according to our 2020 Banking and Payments Survey. By contrast, the fraud rate is notably lower among non-investors at just over one in 10 (11%). At least to some extent, this can be attributed to lower financial product holdings and engagement and, as such, lower exposure to risk. At any rate, this suggests that wealth managers have to up their game.
Mergers & Acquisitions: The Covid-19 pandemic has spawned a perfect confluence of events that created an optimal striking ground for hackers. At Aon, a global professional services firm headquartered in London, in the U.K., we have seen cyberaattacks increase by 33% during lockdown. Hackers are preying on isolated work forces during a time when IT resources are stretched and many staff are furloughed.
ZDNet: Newcastle University has been hit by a cyberattack that it says will take weeks to fix – and while the institution hasn't confirmed the nature of the incident, a ransomware gang is threatening online to leak the personal data of students.
Financial Times: Advisers have been warned of a scam email purporting to be from the regulator, asking them to complete a survey on its conduct rules and the effect coronavirus is having on their business.
Schroders: New research suggests online fraudsters are boosting their attacks at an alarming pace, and it’s thought multimillion dollar ransoms could be at stake.
The target: View Media, an online marketing and research company.
The take: 39 million user records containing sensitive Personally Identifiable Information such as: first and last names, zip codes, emails, and phone numbers.
The attack vector: View Media failed to secure an Amazon S3 storage bucket with any kind of credential management or authorization. The database housing this information was publicly accessible by anyone with an internet connection.
The personal information stored here is a perfect platform for scammers to launch a wide variety of phishing attacks from multiple angles including: email attacks, SMS text attacks (also known as smishing), and robo-call attacks via a phone number. The data found here can be used by hackers to build a robust target profile for their scamming campaigns, further highlighting the critical need for rigorous data storage practices and credential implementation.
ABC: Foreign government cyber-attacks on Australia have increased further since June, when Prime Minister Scott Morrison revealed Australian organisations were under sustained digital assault.
PRWire: Radware is following a global ransom DDoS campaign targeting organisations in the finance, travel and e-commerce verticals. Additionally multiple internet service providers have been reporting DDoS attacks targeting their DNS infrastructure.
ComputerWeekly: UK businesses were among those worst hit financially by the fallout from cyber attacks during 2020, according to research from insurance provider Hiscox.The firm’s annual Cyber readiness report highlights the vertical markets across the UK, the US, Spain, Germany, France, Belgium, Ireland and the Netherlands that are considered highest risk of falling victim to cyber attacks.
SearchCIO: News reports on ransomware attacks, distributed denial-of-service (DDOS) attacks, phishing and virus attacks occur on a regular basis. Fortune 500 organizations, such as Facebook with 540 million affected records and Capital One Bank with 80,000 affected bank accounts and 140,000 Social Security numbers, have sustained significant losses and damage to their reputations from these cyber incidents. And threats of attacks from well-known cybersecurity threat actors such as Russia, China and Iran pose an ongoing threat to many U.S. organizations.
Foresite: Executive involvement is a critical component to any organization’s cybersecurity. Why? The IT department may not have all of the knowledge about what data could have a critical impact on the business if it was lost or exposed, IT can recommend security controls, but may not have all of the financials to computer Return on Investment (ROI) or the level of risk tolerance that the executive team/Board is comfortable with.
itnews: The New Zealand stock market was hit by a fifth day of cyber attacks, crashing its website, but maintained trading after switching to a contingency plan for the release of market announcements.