The Anchor module is a framework of tools designed “for targeted data extraction from secure environments and long-term persistency,” according to SentinelOne.
It includes memory scrapers, POS malware, backdoor installers and submodules enabling lateral movement, among other capabilities.
“The Anchor project combines a collection of tools — from the initial installation tool to the cleanup meant to scrub the existence of malware on the victim machine. In other words, Anchor presents as an all-in-one attack framework designed to compromise enterprise environments using both custom and existing toolage,” the firm’s SentinelLabs team wrote.
“Logically, this tool will be a very tempting acquisition for high-profile, possibly nation-state groups. However, the Anchor is also be used for large cyber heists and point-of-sale card theft operations leveraging its custom card scraping malware. Among the nation-state groups, only a few are interested in both data collection and financial gain, and one of them is Lazarus.”
Linking the two groups is the PowerRatankba PowerShell backdoor, previously associated with Lazarus but which is actually part of Anchor.
Lazarus isn’t the only customer of TrickBot’s Anchor module; it’s also being used in a “wave of targeted campaigns against financial, manufacturing and retail businesses” designed to steal card data from POS and other systems, according to Cybereason.
Those researchers pointed to a new Anchor_DNS variant which uses DNS tunneling to communicate covertly with C2 servers.
TrickBot is one of the most successful botnets ever built, used in a range of attacks, from banking trojans to ransomware and data theft. Threat intelligence firm Blueliv revealed last week that it detected a 283% increase in detections of the botnet across Q2-Q3 this year.
The US Department of Defense (DoD) is planning to protect its supply chain from threat actors by introducing a cybersecurity certification program for its contractors.
Undersecretary of defense for acquisition and sustainment, Ellen Lord, said the new cybersecurity maturity model certification program will play a vital role in ensuring that the companies seeking to win DoD contracts meet stringent cybersecurity requirements.
"The cybersecurity maturity model certification, or CMMC program, establishes security as the foundation to acquisition and combines the various cybersecurity standards into one unified standard to secure the DoD supply chain," said Lord.
The certification program is expected to be up and running in June 2020, with cybersecurity requirements included as part of new requests for information. These requests typically form part of the opening stage of awarding a new defense contract.
Under the program, five different levels of certification will be established that correspond to the importance of a particular system or subsystem which a contractor is bidding to work on.
"These levels will measure technical capabilities and process maturity," Lord said.
The framework for the CMMC program, which will be made fully available in January, was developed in partnership with the defense industry and leadership on Capitol Hill. It was also shaped in part through engagement with the public.
Behind the program is the logical concept that any business applying to do contract work for the US government should be required to demonstrate that they have taken reasonable steps to secure the computer networks from cyber-attacks. Ensuring that the cybersecurity policies and practices of the companies are up to snuff will not be the government's responsibility but will be undertaken by an as yet unconfirmed third party.
"Cybersecurity is a threat for the DoD and for all of government, as well as critical U.S. business sectors, such as banking and healthcare," Lord said.
Lord added that the DoD would be taking steps to assist small businesses to meet the requirements of the CMMC program.
"We know that this can be a burden to small companies, particularly, and small companies is where the preponderance of our innovation comes from," Lord said. "So, we have been working with the primes, with the industry associations, with the mid-tiers, with the small companies on how we can most effectively roll this out, so it doesn't cause an enormous cost penalty for the industrial base."
American healthcare provider Banner Health has agreed to pay the alleged victims of a 2016 data breach $6 million.
Banner Health operates 28 hospitals and specialized facilities across six states, providing jobs for over 50,000 people. The company, which is the largest single employer in Arizona, suffered a data breach in June 2016.
Threat actors accessed the private health data of 2.9 million individuals over a period of approximately two weeks.
Two months later, the alleged victims of the breach brought a class action lawsuit against the healthcare provider. According to documents filed in the US District Court of Arizona on December 5, 2019, that suit has now been settled with Banner Health agreeing to pay $6 million to the plaintiffs.
The lawsuit alleges that threat actors illegally accessed the computer systems of Banner Heath in a financially motivated hack, exfiltrating sensitive personal information of approximately 2.9 million patients.
Entry into Banner Health's network was gained via a payment processing system used in the food and beverage outlets of the healthcare provider's hospitals.
Information said to be appropriated during the breach includes names, addresses, dates of birth, prescription information, medical histories and social security numbers.
It is further alleged that the credit and debit card numbers of 30,000 individuals who had visited food and beverage outlets at Banner Health hospital sites were also stolen. According to the suit, malware was used to steal card details as purchases were made.
The lawsuit alleges Banner Health failed to implement appropriate safeguards to protect against cyber-attacks, such as firewalls, data encryption and multi-factor authentication. Some plaintiffs claimed that as a result of the breach, their identities had been stolen and used to commit fraud.
Reimbursement claims for expenses accrued as a result of the data breach may be submitted by plaintiffs under the terms of the settlement. Individuals will not be allowed to claim more than $500 for standard expenses or more than $10,000 for extraordinary expenses.
Banner Health has also offered alleged victims of the breach two years' worth of credit monitoring and identity theft protection.
A motion for preliminary approval of the $6 million settlement has been filed by the plaintiffs.
Software testing and quality assurance company Qualitest has announced the acquisition of an Israeli firm specializing in the creation of automated machine learning tools.
AlgoTrace, which is based in Tel Aviv, uses artificial intelligence (AI) and machine learning (ML) to assist companies to improve their predictive analytic capabilities. The company was founded in 2016 and is best known for its tool AlgotraceML.
While news of the acquisition was shared yesterday, the financial details of the transaction remain under wraps.
Ron Ritter, CEO at AlgoTrace, said: “We are thrilled to be joining with Qualitest. Following successful implementations with the company in the past, we have complete faith that we will help Qualitest change the testing paradigm forever – enhancing their quality engineering with machine learning. While there is a lot of hype surrounding AI, we’re deploying real, hard-nosed and practical tools that significantly change the rules.”
Qualitest and the team at AlgoTrace have been working together for over a year on multiple projects which have turned out to be successful. The software testing giant has been using AlgoTrace’s AI platform to power Qualitest’s market-leading test predictor tool, which applies pioneering autonomous AI capabilities and predictive modeling to unstructured data without the need for code or complex interfaces.
Norm Merritt, CEO of Qualitest, said: “Applying AI to quality engineering is a perfect fit. Just as software becomes increasingly complex, the companies producing it are under competitive pressure to increase the speed and frequency of their rollouts.
"AI is the only way companies can scale software testing and quality engineering and the AlgoTrace team have shown that they understand this. In our view, companies that do not use AI to improve quality will be at a significant disadvantage.”
Qualitest's newest purchase marks the first step of a comprehensive growth strategy made possible by an investment from Bridgepoint earlier in the year.
Through the acquisition, Qualitest hopes to expand the number of AI-powered testing solutions available to clients, as well as develop its capabilities in assisting companies test and launch new AI-powered solutions with greater confidence and speed.
Microsoft has taken pity on system administrators by ending the year with a relatively light patch load fixing just 36 vulnerabilities.
The update round includes seven critical flaws and one being actively exploited in the wild: CVE-2019-1458, a privilege escalation vulnerability in the Win32k component.
Although it’s only listed as “important,” security experts urge admins to prioritize a fix for that bug. Recorded Future intelligence analyst, Allan Liska explained that an exploit for a similar vulnerability, CVE-2019-0859, was found being sold on underground markets earlier this year.
In this attack scenario an attacker would need to convince a developer to clone a malicious repository. This may be tricky, but the rewards are potentially big, according to Ivanti director of security solutions, Chris Goettl.
“This is a spear phishing escalation of privilege into the engineering group. Hypothetically a threat actor could target a software vendor or service provider. If they know enough about the vendor’s platform and have access to a list of email addresses for those developers, they could create a spear phishing campaign to target these users and attempt to convince them to access their malicious repository,” he explained.
“It is very common for developers to share code across or to ask someone to debug an issue they are seeing. If an unsuspecting developer connects to the repository from someone they think they trust, then an attacker can gain control of their development environment.”
Elsewhere yesterday, Google released an update for its Chrome browser which resolves 51 vulnerabilities, while Adobe fixed 21 flaws in its Reader product.
Experts were also keen to point out that there’s just one scheduled monthly patch update round left before Windows 7 and Server 2008/2008 R2 reach end-of-life. After that time, any organization still running the products without adequate security in place or with extended support from Microsoft will be at risk from newly discovered flaws.
Internet service provider (ISP) and hosting company 1&1 has been fined nearly €10 million ($11m) by Germany’s GDPR watchdog for data protection failures in its call centers.
The United Internet subsidiary, which operates across Europe and the Americas, will be appealing the €9.55 million ($10.6m) penalty from the German Federal Data Protection Authority (BfDI).
“Under GDPR organizations are obliged to put in place adequate technical and organizational measures (TOMs) to prevent unauthorized access to personal data. In this case the BfDi felt that 1&1 had not put adequate TOMs in place after callers were able to obtain information on customers simply by giving the name and date of birth of a customer,” explained compliance specialists Cordery.
“The German data protection authority said that the imposition of a fine was necessary because, whilst the infringement was limited to a small number of customers, it represented a risk for 1&1’s entire customer base. The BfDI took into account 1&1’s cooperation throughout to reduce the penalty.”
For its part, the ISP is arguing in its appeal that: the issue occurred in 2018 and its processes have since improved; only contractual info was exposed; and the method used to calculate the fine was inaccurate.
However, it has apparently agreed to introduce a new authentication process to make it harder for callers to access the personal data of others.
The fine came on the same day that the BfDI announced another financial penalty, this time of €10,000 ($11,100) against ISP Rapidata GmbH, for failing to appoint a data protection officer (DPO).
The latest regulatory moves illustrate that firms can no longer expect to get away with GDPR infractions, as was the case in the first few months of the new data protection regime.
The UK’s Information Commissioner’s Office (ICO), for example, issued even bigger fines earlier this year to BA (£183m) and Marriott International (£99m) in response to serious breaches at both companies.
Security experts have warned of several flaws in connected toys which could allow hackers to talk to the children using them or even launch attacks against the smart home.
British consumer advice group Which? enlisted the help of pen testing firm NCC Group to run the rule over seven smart toys from major retailers Amazon, Smyths, Argos and John Lewis.
Several, including the Singing Machine SMK250PP and TENVA’s pink karaoke microphone, don’t require session-based authentication for their Bluetooth connection. This could allow hackers to anonymously pair with and stream audio into them — potentially offensive or even “manipulative" messages exhorting the child using the device to go outside, NCC Group claimed.
A similar issue existed in KidiGear walkie talkies from Vtech.
“A pair of walkie talkies investigated as part of this security assessment allowed for children to communicate with each other, within a range of up to 150 meters. There was no mutual authentication between the pairs of walkie talkie devices,” NCC Group continued.
“This means that if an attacker purchased the same set of toys and was in range of an unpaired, powered-on walkie talkie, they would be able to successfully pair with it and engage in a two-way conversation with the child user under certain conditions.”
However, the chances of this happening are pretty slim, according to Vtech.
“The pairing of KidiGear Walkie Talkies cannot be initiated by a single device. Both devices have to start pairing at the same time within a short 30 second window in order to connect,” it clarified. Once paired, a handset cannot be paired with a third device owned by a stranger.
NCC Group also uncovered potential problems with the karaoke toys, which it said could be used to launch “second-order IoT attacks.”
“With the two karaoke toys investigated and their unauthenticated Bluetooth implementations, it was possible to connect to them when in range and issue digital assistant voice activation commands,” it said.
“While different smart home configurations will exist, it is not inconceivable that some homes might have digital assistants configured to open smart locks on front doors, for example. One can thus imagine an attacker outside of a property, connecting without authentication to a Bluetooth toy to stream audio commands to enact a second-order objective, such as ‘Alexa, unlock the front door’.”
A similar attack could enable hackers to order goods from the victim household’s Amazon account and intercept them, claimed Which?
“Smart toys are one of the key areas identified by the government’s drive to make connected products ‘secure by design’,” the group said. “We’re calling on the toys industry to ensure that unsecure products like the ones we’ve identified are either modified, or ideally made secure before being sold in the UK.”
The British government issued a cybersecurity alert to charities today warning of a spike in reported cases of mandate fraud in which scammers impersonate employees.
A spokesperson for the Charity Commission said: "We have received several reports from charities who have been targeted by fraudsters impersonating members of staff, specifically attempting to change employees bank details."
All the requests to change employee bank details were made via email. The Charity Commission urged all of the nation's charities to be on the lookout for similar requests to their HR department, finance department or staff with the authority to update employee bank details.
Such fake emails may be sent from spoofed email addresses that closely mimic the real email address of the member of staff being impersonated.
"With a strong social engineering element, the fraudster often states that they have changed their bank details or opened a new bank account," said a Charity Commission spokesperson.
Charities are advised not to open any attachments or click on any links contained within unexpected or unusual emails and to take action to verify the validity of any emails requesting changes to an employee's details.
"Check email addresses and telephone numbers when changes are requested. If in doubt, request clarification from an alternatively sourced email address or phone number," said ta Charity Commission spokesperson.
To help reduce the likelihood of becoming a target for fraudsters, the Charity Commission advised charities to think twice about how they handle sensitive information.
"Sensitive information you post publicly, or dispose of incorrectly, can be used by fraudsters to perpetrate fraud against you. The more information they have about your charity and employees, the more convincingly they can appear to be one of your legitimate employees," said a Charity Commission spokesperson.
A tip given by the Commission was to always shred confidential documents before throwing them away.
The government Cyber Security Breaches Survey 2019 revealed that over two thirds of high income charities had recorded a cyber breach or attack in 2018. Of those charities affected, the vast majority (over 80%) had experienced a phishing attack.
Charities that have been targeted by mandate fraud are advised to report the incident to Action Fraud.
The number of people arrested for using the internet to exploit people for sexual and other purposes has grown by 2.5 times in just four years in the state of New Jersey.
In 2015, New Jersey law enforcement officers arrested 143 cyber predators. This year, the figure is expected to rise to over 360.
New Jersey attorney general Gurbir Grewal said action is being taken to crack down on individuals who stalk young children and teens online, but with criminals eschewing traditional chat rooms in favor of more elusive communication methods, catching predators was no easy task.
“They’re using the chat features on games like Fortnite, they’re using the chat features on other social media apps, they’re using Tik Tok, they’re using a whole host of different tools to target young people,” said Grewal.
The attorney general said that a cyber predator will use the anonymity granted by the internet to impersonate a young person when online. By presenting themselves in this way, they are able to win the trust of unsuspecting youngsters.
Grewal said: “When young people have social media accounts, those are being targeted as well by people who are either pretending to be a kid, pretending to be somebody they’re not. There’s just so many more areas and avenues for these cyber-predators to attack young people.”
While law enforcement invests significant resources into fighting this particular type of crime, Grewal said parents must also do their part to help protect children and young people from cyber predators.
Using technology to track down the perpetrators is "resource intensive, it takes a long time, and we can’t do it alone," said Grewal, "So we do our part on the enforcement side, but the message that we want out there is that parents need to do their part as well."
Grewal urged parents to make sure that they know what apps their children are using on their smart phones and IoT devices and to disable chat features where necessary.
He also emphasized the importance of telling children about the very real dangers of communicating with strangers online. Besides being groomed by sexual predators, children who share personal information online are at risk of having their identities stolen.
Arkansas high school students will be offered cybersecurity courses for the first time next year.
The courses, which are due to commence in the fall of 2020, will be designed to prepare students to study cybersecurity at college or to pursue an industry-level certification after they graduate high school.
The state's curriculum will be based on models created by the University of Arkansas at Little Rock (UALR) and already in use at the university's Cyber Gym facility, a cloud-hosted education and simulation model for cybersecurity learning.
Courses will be offered both on high school campuses and remotely via the state's virtual school, Virtual Arkansas. In partnership with public schools throughout the state, Virtual Arkansas provides course access and opportunities to students who may not be able to access the same opportunities through local resources.
Three cybersecurity courses for high schoolers are currently in development and are expected to be completed by May 30, 2020. Teacher training will be carried out over the summer so students can start their cybersecurity education in the fall.
More advanced courses are to follow, designed using models created by the University of Central Arkansas' (UCA) cyber-range. The cyber-range - the first in the state - is currently being built with $500,000 of state funding.
"This is going to be a great thing for the students of Arkansas," said John Ashworth, Virtual Arkansas director.
Anthony Owen, state director of computer science, said at the very least, the cybersecurity courses will help to create a more cyber-literate state population which is better placed to protect itself from cyber-threats.
A grant of $94,500 to fund the initiative was provided by the Arkansas Department of Education. The project was further supported by two sub grants totaling $50,000 awarded by the Arch Ford Education Service cooperative to UALR for the development and assessment of the Cyber Gym.
UALR is considering offering further educational support to high school students by hosting a cybersecurity summer camp.
UALR's STEM education specialist and head of STEM outreach Sandra Leiterman said interest in the university's current STEM summer camp program was so high that waiting lists are in use.
Over 750,000 applications for US birth certificates have been found exposed online thanks to a misconfigured cloud server.
UK security firm Fidus Information Security found the trove, which was left unsecured in an Amazon Web Services (AWS) bucket with no password protection.
The company in question hasn’t been named because it has yet to respond to attempts by the research team to notify it of the privacy snafu. It provides a service to US citizens allowing them to request copies of birth and death certificates from state governments.
As such, the data exposed is highly sensitive, including: applicant name; date of birth; home and email address; phone number; and other personal information such as previous addresses and names of family members.
That’s all information that would be highly valuable to potential scammers, to help commit identity fraud and craft convincing phishing emails to harvest even more sensitive information.
The identities of children are particularly highly sough after; because they have limited financial records associated with them it is easier for scammers to open new accounts in their name. Over one million US kids fell victim to identity fraud in 2017, resulting in losses of $2.6bn, according to Javelin Strategy & Research.
“Examples such as this show just how important it is for consumers to know precisely which companies are part of the software supply chain delivering any given service to them,” argued Synopsys senior principal consultant, Tim Mackey.
“That repeated contacts went unanswered is a clue that the company delivering this service likely is being operated using a high degree of automation and with a limited understanding of how valuable the data they interact with might be. Properly securing any data store is 101-level work, but we consistently see companies omitting this critical task from their ‘go-live’ checklist."
Hackers are increasingly prepared to scan for exposed cloud data stores like the one publicized above. In 2019 there have been several incidents where databases have been stolen and ransomed, such as those belonging to Mexican bookstore Libreria Porrua.
The UK’s Ministry of Justice (MoJ) has seen laptop losses soar by 400% over the past three years, according to new Freedom of Information (FOI) data.
Security vendor Apricorn sent FOI requests to five government departments to better understand the extend of their risk exposure through lost or stolen devices.
Of the three that responded, the MoJ appeared to show the largest increase in losses: with the number of laptops going missing rising from just 45 in 2016/17 to 201 in 2018/19.
The combined figure for laptops, PCs, mobile phones and tablets saw a 55% increase in losses from 2017/18 to last year, when they reached 354 in total.
The Department for Education (DfE) reported 91 devices lost or stolen in 2019, whilst NHS Digital has lost 35 to date in 2019.
On the plus side, all responding departments claimed they encrypt any USB or storage devices, with the MoJ saying USB ports on laptops are blocked by default.
“Whilst devices are easily misplaced, it’s concerning to see such vast numbers being lost and stolen, particularly given the fact these are government departments ultimately responsible for volumes of sensitive public data. A lost device can pose a significant risk to the government if it is not properly protected,” said Jon Fielding, managing director, EMEA, Apricorn.
“Modern day mobile working is designed to support the flexibility and efficiency increasingly required in 21st century roles, but this also means that sensitive data is often stored on mobile and laptop devices. If a device that is not secured is lost and ends up in the wrong hands, the repercussions can be hugely detrimental, even more so with GDPR now in full force.”
A separate FOI report from MobileIron earlier this year revealed that 508 mobiles and laptops were lost or stolen from eight government departments between January 2018 and April 2019.
The US city of Pensacola has become the latest municipality to suffer a suspected ransomware attack taking out local services.
The north-west Florida city came under attack early on Saturday morning local time, according to local reports.
“The City of Pensacola has experienced a cyber incident, and we have disconnected much of our city network until the issue can be resolved. Our IT Department is working diligently to resolve the issue,” it said in a Facebook notice.
Services affected include some online payments such as Pensacola Energy and City of Pensacola Sanitation Services, and the 311 customer service line. City hall workers were also disrupted, as email and some phone systems were taken down.
An update on Monday appeared to suggest the local government was still battling to restore systems and remediate the incident.
“Please note that the city remains operational despite the cyber incident. We will continue to provide services as we are able to, and we want to emphasize that 911 is NOT impacted,” it noted.
The incident came just hours after a suspected terrorist shooting at the Naval Air Station (NAS) in Pensacola when a Saudi Arabian Air Force officer opened fire in a classroom, killing three sailors. However, the FBI has taken to Twitter to say that it had “not identified” a connection between the two incidents.
There is a connection, however, with the countless other ransomware raids on US municipalities across the country this year.
The situation has become so dire that the United States Conference of Mayors earlier this year passed a resolution not to cooperate with online extortionists.
Many local governments, including Florida's Lake City and Riviera Beach, have elected to pay ransoms in return for a decryption key, some of them out of cyber-insurance funds. This has emboldened the hackers to a certain extent.
An Indian information technology, consulting, and business process services company has opened its first of what could eventually be many cybersecurity centers in Australia.
Wipro Limited announced the launch of the NextGen Cyber Defense Center on Thursday. The new state-of-the-art facility, which is located in the coastal city of Melbourne, is expected to create over 100 jobs.
A Wipro spokesperson said: "With the launch of this center, Wipro aims to make substantial investments to upskill its employees, hire more local resources and generate more than 100 jobs in Melbourne for cybersecurity specialists."
With an eye on the future, the company shared plans to roll out similar Cyber Defense Centers in other Australian cities to "offer cyber resilience and provide digital protection to large government organizations."
Manoj Nagpaul, senior vice president of Asia Pacific and Japan at Wipro Limited, said: "We will offer our customers in the Australian market the ability to leverage our global experience, technical expertise and strategic cyber investments to secure their digital operations.
"Our CDC will be equipped with state-of-the-art technology–enabled infrastructure with continuous security monitoring, a large pool of experienced security professionals and a global delivery model to achieve and scale highly secure integrated platforms."
The new Melbourne facility was inaugurated by Tim Pallas, minister for economic development, Parliament of Victoria, in the presence of customers, technology partners, the leadership team, and local employees.
Pallas said: "Melbourne is Australia’s leading tech city, and we welcome this investment by Wipro—a leading global information technology company. The establishment of this Defense Center will strengthen Victoria’s capability in cybersecurity and draw on the local expertise to help Wipro protect Australian organizations from cyber-related incidents."
According to Wipro’s recently released "State of Cybersecurity Report 2019" (in which 10% of the global organizations surveyed were from Australia), 55% of the respondents highlighted digital lockdowns due to ransomware attacks are their top cyber-risk.
The report found that the worldwide breach rate, calculated as the number of records stolen per second, has gone up to 232 records per second from the previous year’s average of 88 records/second.
Despite the rise in the number of security incidents, the same report found that only 25% of respondents said that they carry out security assessments in every build cycle before pushing applications out to the internet.
An award-winning British cybersecurity firm has gone into administration owing £3.5m to unsecured creditors.
The company was best known for developing CyberScore, a security testing and rating service that converts raw vulnerability data into more easily digestible security remediation and risk management plans.
According to a statement of affairs document published on the Companies House website this week and dated October, trade creditors are owed just over £500,000.
The unsecured creditor who is owed the largest single sum of money by the Gloucestershire-based cybersecurity firm is an individual who made a £2.4m loan to the business. He was listed as someone who had significant control of the business in January 2017.
Aside from this individual investor, HM Revenue and Customs is the largest creditor, left out of pocket for a total amount of £473,649. Five- and six-figure sums are also owed to a small number of tech suppliers.
The statement of affairs estimates that assets totaling £304,374 are available to be used to pay back unsecured creditors.
The administrators stated that while XQ Cyber's intellectual property and goodwill have a book value of £645,599, they expect to be able to use them to realize just £200,000.
The National Cyber Security Centre (NCSC)–approved company, which boasted many former GCHQ staffers among its employees, had gone through a recruitment drive in 2019 and made new hires just six weeks before going into administration.
At XQ Cyber's demise, around 60 workers were made redundant, according to posts made on LinkedIn by former XQ Cyber staff members.
XQ Cyber was featured as one of 20 UK security start-ups to watch in a profile in Information Age in June. The company's Twitter account has been inactive since November 7; however, its website—which states that the trading name of the company is now CS Information Security Limited—is still up and running.
The news of the company's decline took the cybersecurity industry by surprise, as public-sector UKCloud had reportedly added XQ Cyber’s CyberScore cybersecurity testing and rating tool to its portfolio in May, potentially creating a lucrative sales channel.
A Minnesota healthcare facility specializing in treatments for the face, teeth, mouth, and jaw has been hit by a ransomware attack.
On September 23, 2019, threat actors struck a server used by the organization. IT staff were able to intervene immediately to restore the impacted data. No mention was made as to the amount of money demanded by the attackers or whether the ransom was paid.
All 80,000 patients of the facility are being informed of the incident, which SEMOMS said "may have resulted in the inadvertent exposure of patients’ health information."
In a statement published on their website, SEMOMS said: "Although at this time there is no evidence that patient information was actually accessed or viewed, or any indication of anyone’s information being misused, the practice has taken steps to notify anyone who may have been affected by this incident, including sending letters to anyone whose information may have been exposed."
Computer forensic experts, hired by SEMOMS to discover what, if any, information had been accessed in the attack, were unable to give a definitive answer.
SEMOMS said: "After examining the impacted server, the investigation was unable to determine if patients’ names and X-ray images had been viewed or accessed by an unknown, unauthorized third party.
"While our investigation did not identify specific activity surrounding patients’ information, we are notifying potentially impacted individuals out of an abundance of caution."
Letters sent to potentially impacted patients include information about what occurred and a toll-free number where patients can learn more about the incident.
SEMOMS gave a reassurance that any patients' financial information, medical records, or Social Security numbers that had been provided to the health organization had not been impacted by the event.
The incident has spurred SEMOMS to carry out a review of their current cybersecurity protection and procedures.
SEMOMS said: "SEMOMS remains committed to protecting patients’ information and has taken steps to prevent a similar event from occurring in the future, including reviewing and revising its information security policies and procedures."
A Vietnamese state-backed threat group has been blamed for cyber-attacks that compromised the networks of BMW and Hyundai over recent months.
APT32, also known as “Ocean Lotus,” has been operational for the past few years. This spring it managed to infiltrate the network of the German car giant, installing a pen testing tool known as Cobalt Strike to remotely spy on machines, according to local reports.
However, BMW’s cybersecurity team caught wind of the attack and carefully monitored the group's activity, before finally kicking the attackers out in early December, Bayerischer Rundfunk claimed.
“We have implemented structures and processes that minimize the risk of unauthorized external access to our systems and allow us to quickly detect, reconstruct, and recover in the event of an incident,” the carmaker said in a general statement.
It was claimed that the hackers may be looking for trade secrets that will help to spur development at privately owned Vietnamese automotive start-up VinFast, which is currently supplied almost 100% by German manufacturers.
Hyundai’s corporate network was apparently also targeted, but there are no further details about that raid.
APT32 is known mainly for cyber-espionage activities targeting foreign businesses with a vested interest in Vietnam’s manufacturing, consumer products and hospitality sectors. It has also targeted political activists and free speech supporters inside Vietnam and across south-east Asia, according to FireEye.
“The targeting of private sector interests by APT32 is notable, and FireEye believes the actor poses significant risk to companies doing business in, or preparing to invest in, [Vietnam],” the security vendor said in its 2017 report on the group.
“While the motivation for each APT32 private sector compromise varied—and in some cases was unknown—the unauthorized access could serve as a platform for law enforcement, intellectual property theft or anti-corruption measures that could ultimately erode the competitive advantage of targeted organizations.”
Cambridge Analytica deceived tens of millions of Facebook users by working to harvest their personal data for use in political targeting, the FTC has ruled.
The regulator voted 5-0 in favor of issuing the Opinion and Final Order to the notorious consulting firm, which worked with developer Aleksandr Kogan to obtain data on as many as 87 million Facebook users.
That data, harvested via an innocuous-looking app, was subsequently used to target swing voters ahead of the 2016 US Presidential election, it is claimed.
The FTC Opinion confirms the allegations made in an administrative complaint issued in July: “that app users were falsely told the app would not collect users’ names or other identifiable information.”
It also states that Cambridge Analytica falsely claimed it still participated in the Privacy Shield data transfer agreement between the US and EU, despite its certification having lapsed.
“The Final Order prohibits Cambridge Analytica from making misrepresentations about the extent to which it protects the privacy and confidentiality of personal information, as well as its participation in the EU-US Privacy Shield framework and other similar regulatory or standard-setting organizations,” the FTC noted.
“In addition, the company is required to continue to apply Privacy Shield protections to personal information it collected while participating in the program (or to provide other protections authorized by law), or return or delete the information. It also must delete the personal information that it collected through the GSRApp.”
The FTC earlier this year fined Facebook a record $5 billion for deficiencies which allowed third-party app developer Kogan to get away with misleading customers and harvesting data without obtaining informed consent — on both Facebook users and their friends and family.
The social network has since announced a major new privacy-by-design push which will introduce more stringent processes to control what developers can and can’t do.
Although Kogan and former Cambridge Analytica CEO Alexander Nix have agreed to settle the FTC’s allegations, the consultancy itself filed for bankruptcy in 2018.
Documents allegedly revealing a secret post-Brexit US-UK trade deal were leaked online as part of a Russian influence campaign, Reddit has claimed.
The social site said it has banned 61 accounts and one subreddit following an investigation into the origin of the documents, which had been seized on by the opposition Labour Party as proof of a deal to ‘sell’ the NHS to US companies.
Those it found guilty of posting and sharing the documents are probably part of a Russian campaign dubbed “Secondary Infektion” that has already been attempting influence operations on Facebook, it claimed.
“In late October, an account u/gregoratior posted the leaked documents and later reposted by an additional account u/ostermaxnn. Additionally, we were able to find a pocket of accounts participating in vote manipulation on the original post. All of these accounts have the same shared pattern as the original Secondary Infektion group detected, causing us to believe that this was indeed tied to the original group,” explained Redditt in a post over the weekend.
“Outside of the post by u/gregoratior, none of these accounts or posts received much attention on the platform, and many of the posts were removed either by moderators or as part of normal content manipulation operations. The accounts posted in different regional subreddits, and in several different languages.”
The Secondary Infektion group is known for attempts to sow discord between NATO allies and in its mature OpSec capabilities, which help to keep its tracks covered.
If true, the incident would seem to echo attempts to influence the 2016 US Presidential election, when Russian hackers stole and leaked sensitive Democratic Party documents, to the detriment of Hillary Clinton’s campaign.
However, these don’t seem to have had the same impact. Reports claim UK officials are currently investigating whether the documents were originally leaked or hacked.
US presidential candidate Bernie Sanders today released a plan to introduce high-speed internet to every American household if he wins the 2020 election.
The High-Speed Internet for All proposal suggests giving local and state governments $150bn in grants and aid to create publicly owned broadband networks. Of this funding, $7.5bn would be ring-fenced to "expand high-speed broadband in Indian Country and fully resource the FCC’s Office of Native Affairs and Policy."
In a statement released on his website that will likely strike a chord with voters far younger than he is, Sanders said that the internet must be treated as "a public utility that everyone deserves as a basic human right." If elected as president next year, the Vermont senator said he would roll out the plan by the end of his first term.
The plan Sanders has drawn up involves antitrust authorities taking action to dismantle the "internet service provider and cable monopolies" that are currently in play in the US and would see the reinstatement of the net neutrality regulation that was repealed in June last year.
Sanders said the proposal would stop the internet from operating as a "price-gouging profit machine" for service providers. Internet and cable companies would be required to put a stop to hidden fees and be more transparent in disclosing the cost of services.
Earlier today on Twitter Sanders wrote: "The internet as we know it was developed by taxpayer-funded research, using taxpayer-funded grants in taxpayer-funded labs. Our tax dollars built the internet. It should be a public good for all, not another price-gouging profit machine for Comcast, AT&T and Verizon."
With supreme confidence in his own historical significance, Sanders likened his proposal to President Franklin D. Roosevelt's campaign to bring electricity to every rural community in America. In 1933, when Roosevelt first took office, only one in ten farms in rural America was on the grid.
"Just as President Roosevelt fundamentally made America more equal by bringing electricity to every community, urban and rural, over 80 years ago, as president, I will do the same with high-speed internet," Sanders wrote on Twitter today.
In broadband deployment, the United States ranked tenth out of 22 in a 2018 comparison with European countries, and in America's rural communities, more than 31 percent of people are without broadband.