Industry Intel

Simplified Two-factor Authentication for Webroot

Webroot has evolved its secure login offering from a secondary security code to a full two-factor authentication (2FA) solution for both business and home users. Webroot’s 2FA has expanded in two areas. We have: Implemented a time-based, one-time password (TOTP)...

Shoring Up Your Network and Security Policies: Least Privilege Models

Why do so many businesses allow unfettered access to their networks? You’d be shocked by how often it happens. The truth is: your employees don’t need unrestricted access to all parts of our business. This is why the Principle of Least Privilege (POLP) is one of the...

Online Gaming Risks and Kids: What to Know and How to Protect Them

Online games aren’t new. Consumers have been playing them since as early as 1960. However, the market is evolving—games that used to require the computing power of dedicated desktops can now be powered by smartphones, and online gaming participation has skyrocketed....

Thoughtful Design in the Age of Cybersecurity AI

AI and machine learning offer tremendous promise for humanity in terms of helping us make sense of Big Data. But, while the processing power of these tools is integral for understanding trends and predicting threats, it’s not sufficient on its own. Thoughtful design...

A Cybersecurity Guide for Digital Nomads

Technology has unlocked a new type of worker, unlike any we have seen before—the digital nomad. Digital nomads are people who use technologies like WiFi, smart devices, and cloud-based applications to work from wherever they please. For some digital nomads, this means...

Healthcare Cyber Threats That Should Keep You up at Night

Reading Time: ~ 4 min.

In my previous blog post, Why Healthcare Organizations are Easy Targets for Cybercrime, I discussed various reasons that hospitals and healthcare organizations make desirable and lucrative targets for hackers. In this second installment, I’ll go over how criminals are attacking these organizations, the methods they use, and also what needs to be done to begin to address this dangerous threat. 

Medical Device Compromise

As I mentioned in my first blog on this topic, there is a wide array of connected medical devices in a hospital environment. These devices can be classified into 5 broad categories:

  • Consumer wearables, such as sleep pattern monitors, fitness trackers, etc.
  • Patient monitoring devices, including insulin pumps, ECG, heart rate monitors etc.
  • IVD, blood analyzers, etc.
  • Embedded devices, such as pacemakers and implants
  • In-house equipment, like medicine dispensing systems, MRI, CT, and X-ray machines, etc.

Devices like these can he hacked in an alarming number of ways. In addition to attacks that could endanger patients’ lives, such as remotely tampering with pacemakers or insulin pumps, these devices may be exploited to enable data theft or to gain access to other hospital infrastructure or systems. In one example from 2017, penetration tester Saurabh Harit managed to compromise a digital pen used for writing prescriptions, which gave him access to a patient database and scans of each prescription.

Learn how can endpoint protection help you secure your business.

Data Breaches

Medical data is a valuable commodity that is openly traded on the dark web. Although hackers and automated malware are often to blame, old-fashioned user error can play a major role in these types of compromises. Phishing remains a preferred method for stealing data and infiltrating networks.

Some examples of stolen medical data include:

  • Patient data. Identity and insurance fraud are relatively easy when you have access to the kinds of data medical organizations store about their patients. Additionally, this information can be used to charge expensive medical procedures, claim prescription drugs, or be exploited to breach other organizations outside of the healthcare industry. It can even be used for personal extortion and a host of other crimes.
  • Administrative paperwork. Criminals may target medical licenses to forge prescriptions and commit other types of fraud or extortion.
  • Prescription information. Criminals may forge prescriptions or drug labels and use them for purposes like fraud and even drug smuggling.
  • Biometric data. As biometrics are increasingly used in security measures and law enforcement practices, records of fingerprints, ocular scans, and even heartbeats could be stolen and used for nefarious purposes. 

Ransomware

Because the services that medical facilities provide are essential and often cannot be disrupted without serious risk to patients, ransomware is a weapon of choice. Many organizations have no choice but to pay the ransom, and some health facilities have had to shut down permanently due to these attacks.

Medical facilities worldwide have turned patients away, curtailed or suspended services, and even closed as a result of ransomware attacks. The groups that carry out these attacks have typically done recon on their targets to discover exactly how to breach them and which systems to encrypt to cause maximum disruption. 

Of course, when we talk about ransomware affecting healthcare organizations, one attack stands out above them all: WannaCry. This nasty threat spread like wildfire across the world in 2017 and crippled many organizations through a combination of lateral wormlike propagation and machine-wrecking encryption. One of the largest and most publicized victims was the U.K.’s National Health Service. The attack “disrupted services across one-third of hospital trusts and around 8% of GP practices,” according to a report published by the NHS a year later. On top of that, ambulance services were affected and over 19,000 appointments were cancelled. 

Despite the financial gains to be had when attacking healthcare organizations, WannaCry was actually an example of a cyber-weapon spreading far beyond its intended targets; the attack was not specifically aimed at the NHS or other health orgs affected. 

Ultimately, WannaCry really highlighted the poor security practices prevalent in so many healthcare organizations. The NHS fell under a lot of scrutiny in the aftermath of the attack, particularly as Microsoft had issued a Windows® update that would have fixed the exploited vulnerability months before. Since then, the health service has undertaken a number of changes to shore up defenses.

The Stats

According to a survey of industry Chief Information Security Officers (CISOs) by Carbon Black, the state of cybersecurity in healthcare is somewhat bleak, if unsurprising.

  • 83% of surveyed healthcare organizations said they’ve seen an increase in cyberattacks over the past year.
  • Two-thirds (66%) of surveyed healthcare organizations said cyberattacks have become more sophisticated over the past year.
  • With increased adoption of medical and IoT devices, the surface area for healthcare attacks is becoming even larger. 
  • Limited cybersecurity staffing and stagnant cybersecurity budgets in the industry further compound the issues.

Other reports by security companies Thales and Fortinet paint a similar picture. A recent report in the HIPAA Journal puts data breaches at record levels in 2019.

What Needs to Happen

Healthcare’s poor track record when it comes to updates, patching and obsolete operating systems needs to be addressed—no question. Below are some of the other things that need to happen to improve security all around at hospitals and other healthcare practices.

  • All staff members should be trained on security risks and best practices to avoid them.
  • Medical device designers need to adopt security as a design principle ASAP.
  • Hospitals and other facilities need to better audit and patch their devices, operating systems, applications, firmware, etc. to help eliminate vulnerabilities.
  • Government initiatives and coordination are essential, not just for the public facilities they run but also for private practices.
  • All healthcare practices should have antivirus and other cybersecurity solutions and should have access to security teams who can investigate any breaches to identify and address vulnerabilities.
  • Access to devices, middleware, and APIs should be restricted where possible and secured.

And, finally, the “blame game” culture that pervades healthcare needs to be seen for what it really is: an obstacle to progress. Cybersecurity is a group effort that we should all share. From governing bodies to businesses to individual users, each of us has a role to play in creating a more secure connected world.

Cyber News Rundown: MedusaLocker Ransomware

Reading Time: ~ 2 min.

MedusaLocker Ransomware Spotted Worldwide

While it’s still unclear how MedusaLocker is spreading, the victims have been confirmed around the world in just the last month. By starting with a preparation phase, this variant can ensure that local networking functionality is active and maintain access to network drives. After shutting down security software and deleting Shadow Volume copies, it begins encrypting files while setting up self-preservation tasks.

Bargain Website Server Exposes Customer Data

Several websites used by UK customers to find bargains have left a database filled with customer data belonging to nearly 3.5 million users completely unprotected and connected to the internet. Along with the names and addresses of customers, the database also included banking details and other sensitive information that could be used to commit identity fraud. The researchers who initially discovered the breach notified the site owners, but received no response or any indication the leak would be resolved until nearly six weeks after the database was left exposed.

Arrests Made Following Major BEC Scam

At least three individuals have been arrested in Spain for their connection to a business email compromise (BEC) scam that netted over 10 million euros and affected 12 companies across 10 countries. It appears the operation began in 2016 and involved the cooperation of multiple law enforcement agencies. By creating a web of fake companies and bank accounts, the group was able to successfully launder money into various investments, including real estate, in an attempt to remain undetected.

LA Court System Hacked

The perpetrator of a 2017 spear phishing attack on the LA court system was sentenced to 145 months in prison following convictions on charges of wire fraud, unauthorized access to a computer, and identity theft. The individual was able to compromise employee email accounts and use them to launch a malspam campaign that distributed over 2 million emails.

Pennsylvania School District Hacked

Multiple students are being questioned after school district officials noticed unauthorized access to the student assistance site Naviance, a hack which appears to have been an attempt “to gain a competitive edge in a high-stakes water gun fight.” Access to the site would have also given them access to other student’s personal data, though no financial or social security information is stored on the site. District officials determined the security practices for the site lacking but have not currently released plans for improvement.

Why Healthcare Organizations are Easy Targets for Cybercrime

Reading Time: ~ 4 min.

Certain types of cybercrime targets always make headlines. In this two-part series, we’ll get into a pretty serious one: your health, and why hackers are targeting the healthcare industry for profit.

The Short Answer: Medical Data is Worth a Lot

Stolen medical data is valuable, plain and simple. In a Phishlabs study from 2014, healthcare-related credentials were valued at 10 times the worth of stolen credit card numbers on the dark web. The data for sale typically includes names, birthdays, relevant policy numbers, billing details, and more. Criminals can use this data for anything from identity theft to insurance fraud and more.

The More Complex Answer: There’s a Huge Attack Surface

“An average hospital room will have between 15 and 20 medical devices, and almost all of them will be networked.” – Rick Reid, Aruba Networks

Most hospitals are very large organizations. Even smaller hospitals have hundreds of staff members, while larger institutions, such as my local hospital in Dublin, have over 3,000. The sheer number of patients, visitors, and contractors on site at any one time would give any admin team a challenge to monitor, never mind secure. 

Endpoints and Devices are Disparate and Often Unsecured 

The variety of connected devices in a given hospital environment also presents a host of security challenges. Modern IoT medical devices, such as wearable monitors, operate on the same network as ancient un-patchable devices which were developed without any security considerations by companies that have since closed. These factors combine to provide plenty of avenues for attackers to infiltrate sensitive systems. 

According to Christopher Neal, CISO of Australia’s largest operator of private hospitals, Ramsey Healthcare, unsecured medical devices will continue to be a problem in the industry for years to come. After a security audit of the company, which consists of around 30,000 employees and around 9,500 beds, Neal stated:

“[We found] a lot more equipment with default credentials, default configuration, sitting not on the corporate network but [in] DMZs… Anything you’re buying today has not been built secure-by-design, most likely. This is a problem that’s going to live in healthcare for another 15 to 20 years.”

Even keeping a typical Windows® computer secure is tricky in an environment where updating operating systems is notoriously slow. Hospitals worldwide are clinging onto the less secure Windows® 7 and Windows® XP platforms. Unfortunately, the reluctance to upgrade OS’s brings significant security risks; in our own research, we’ve discovered that systems running Windows 7 and older are at least twice as likely to become infected as those running the newer and more secure Windows® 10 operating system. 

Learn how ongoing cybersecurity education and training for end users is a must for businesses to stay secure.

The Operational Structure is Disjointed

Hospitals are complex and sometimes chaotic places. Institutions with a lot of non-elective admissions, especially public hospitals, are usually crowded. A single campus might contain many different hospital organizations, each with its own units, wards, offices, etc. All of these share data between them.

As you might imagine, management structures for such hospitals are very complicated, especially in Europe, where public hospitals are more common than in places like the U.S. Many public health facilities communicate with each other, while, above them, a large national health service coordinates and facilitates data sharing. As a result, planning and implementing security initiatives is often both challenging and slow. 

Medical Research is Valuable

Medical institutions are also targeted for the purpose of stealing research. Medical research can take many years and cost millions to develop, but it can be stolen in minutes. Motives for stealing research may vary, but most are financially based. For instance, some attacks may be state-sponsored initiatives to outpace other nations in pharmaceutical research and, thereby, bring new drugs to market before competitors. Others may simply be to hold potentially life-saving research for ransom or sale to the highest bidder.

Hospitals Provide an Essential Service

Delays or disruption at a care facility could seriously impact patient care or even cost lives. Hospitals simply can’t afford the outages, downtime, or general post-breach scrambling that an attack would cause, making them “easy money” for criminals. That’s why, when we hear about attacks on healthcare organizations, they usually involve some kind of ransomware—hospitals often have no choice but to pay the ransoms. Unfortunately, all targets would seem to be fair game, and reports of attacks on cancer support organizationscardiology units, and children’s hospitals are not out of the ordinary. 

The Road Ahead

In his book, Black Box Thinking, Matthew Syed outlines how medicine lags far behind other (similarly complex) industries, such as aviation, when it comes to learning from mistakes and improving safety. Syed asserts that the litigation and shame associated with failures in healthcare has led to a negative culture in an industry that tends to bury bad stories, instead of tackling them head on. The healthcare sector is also legally more culpable for any data breaches and is at greater risk from any resulting costs.But it’s not all bad news. Although the gears of government and healthcare may move more slowly, a lot of security-related changes are happening in the sector. For example, the much-maligned NHS in the U.K. has implemented major changes since the WannaCry attacks of 2017. Wide-ranging investigations were undertaken and costly and far-reaching initiatives were put into practice. In fact, the digital wing of the NHS now offers advice to other state healthcare groups on how to tighten up defenses against this global scourge.

To learn more about how criminals are targeting the healthcare industry, as well as what needs to be done about it, check out the second installment of this blog: Healthcare Cyber Threats That Should Keep You up at Night.

Cyber News Rundown: Cryptomining WAV Files

Reading Time: ~ 2 min.

Cryptominers Found in Audio Files

Researchers have recently found that both cryptominers and backdoors are being deployed within WAV audio files on targeted systems. Using steganography, attackers can include components for both loading and executing malicious scripts, while still allowing some audio files to play normally. Along with the malicious software, Monero cryptominers were launched simultaneously to begin generating cryptocurrency.

Vermont School District Monitoring Students Online Activity

A Vermont school district recently hired the cyber-monitoring software company Social Sentinel track the social media and email accounts of enrolled students. The purported purpose of the software is to stop problems such as bullying and self-harm among students by scanning for specific keywords, while supposedly respecting the privacy of the district’s thousands of students. Unfortunately, most of the posted alerts are currently being triggered by searches for a locally-made beer.

Darknet Child Porn Distribution Site Shutdown

Officials in the U.S. and South Korea collaborated to shut down a darknet site thought to be the largest distribution site of child porn. More than 300 individuals were arrested in connection with the site. By monitoring new Bitcoin addresses created when users made an account, the officials were able to find not only hundreds of users, but also the site’s administrator, who has since been charged in South Korea. Most alarmingly, amongst the 250,000 videos found on the server, nearly half were previously unknown to law enforcement. 

Fake Account Reporting Leads to Facebook Lockout

Many Facebook users have been locked out of their accounts after reporting fake or spam accounts, some for nearly a week. Following the lockout, users were shown a bugged verification screen that left users even further from regaining access. Luckily, Facebook responded to the many requests to reinstate user accounts, resolved the issue, and fixed the authentication process.

Payment Card Marketplace Re-leaks Stolen Cards

One of the largest online marketplaces for stolen payment card info has been breached, leading to nearly 26 million payment cards stolen in prior breaches being reintroduced to hackers. By accessing the binary data stored in the magnetic strips, hackers were able to create fake cards and make fraudulent purchases. At least 8 million unique cards had been uploaded to the marketplace since the start of 2019.

Cyber News Rundown: E-Scooters Vulnerable

Reading Time: ~ 2 min.

E-Scooter Security Vulnerability

A security researcher recently found an API vulnerability within the software of Voi e-scooters that allowed him to add over $100,000 in ride credits to his account. The vulnerability stems from a lack of authentication after creating an account which allows users to enter an unlimited number of promo codes offering ride discounts through several of the service’s partners. The writeup of steps to replicate flaw was temporarily taken down by the researcher until the company resolves the issue.

MageCart Strikes Volusion Sites

Thousands of sites using Volusion software have been affected by malicious MageCart scripts going back to mid-September. The scripts have been running from a non-descript API bucket and are using filenames that would appear benign to most security software and site admins. While victims will likely begin monitoring for stolen payment card data, it is still unclear how many sites have been compromised in total.

Brazilian Database for Sale

A database containing extremely sensitive information belonging to more than 92 million Brazilian citizens was found up for auction on several marketplaces on the dark web. Included in a sample of the data were driver’s license numbers and taxation info for the 93 million Brazilians currently employed within the country. Unfortunately for those involved, Brazil’s recently introduced data protection law won’t be in effect until halfway through next year.

Twitter 2FA Leak

Twitter announced earlier this week that many email addresses and phone numbers customers were using for two-factor authentication had been provided to third-parties for use in targeted advertisements. The company is still working to determine how many users are involved in this apparently unintentional misuse of their sensitive information. Twitter has fixed the main issue, though they still require a phone number for 2FA regardless of the method used to verify the account.

New Zealand Health Organization Hacked

Following a cyber attack in August of this year, officials discovered evidence of multiple intrusions into their systems going back nearly three years. The health organization has been working with law enforcement to determine the extent of the unauthorized access, as well as attempting to contact all affected individuals.

5 Key Benchmarks for Choosing Efficient Endpoint Security

Reading Time: ~ 3 min.

First and foremost, endpoint protection must be effective. Short of that, MSPs won’t succeed in protecting their clients and, more than likely, won’t remain in business for very long. But beyond the general ability to stop threats and protect users, which characteristics of an endpoint solution best set its administrators for success?

Get the 2019 PassMark Report: See how 9 endpoint protection products perform against 15 efficiency benchmarks.

Consider the world of the MSP: margins can be thin, competition tight, and time quite literally money. Any additional time spent managing endpoint security, beyond installing and overseeing it, is time not spent on other key business areas. Performance issues stemming from excess CPU or memory usage can invite added support tickets, which require more time and attention from MSPs. 

So, even when an endpoint solution is effective the majority of the time (a tall order in its own right), other factors can still raise the total cost of ownership for MSPs. Here are some metrics to consider when evaluating endpoint solutions, and how they can contribute to the overall health of a business. 

1. Installation Time

We’ve written recently about the trauma “rip and replace” can cause MSPs. It often means significant after-hours work uninstalling and reinstalling one endpoint solution in favor of another. While MSPs can’t do much about the uninstall time of the product they’ve chosen to abandon, shopping around for a replacement with a speedy install time will drastically reduce the time it takes to make the switch. 

Quick installs often also make a good impression on clients, too, who are likely having their first experience with the new software. Finally, it helps if the endpoint solution doesn’t conflict with other AVs.  

2. Installation Size

Few things are more annoying to users and admins than bulky, cumbersome endpoint protection, even when it’s effective. But cybersecurity is an arms race, and new threats often require new features and capabilities. 

So if an endpoint solution is still storing known-bad signatures on the device itself, this can quickly lead to bloated agent with an adverse effect on overall device performance. Cloud-based solutions, on the other hand, tend to be lighter on the device and less noticeable to users.

3. CPU Usage During a Scan

Many of us will remember the early days of antivirus scans when considering this stat. Pioneering AVs tended to render their host devices nearly useless when scanning for viruses and, unfortunately, some are still close to doing so today. 

Some endpoint solutions are able to scan for viruses silently in the background, while others commandeer almost 100 percent of a device’s CPU to hunt for viruses. This can lead to excruciatingly slow performance and even to devices overheating. With such high CPU demand, scans must often be scheduled for off-hours to limit the productivity hit they induce. 

4. Memory Usage During a Scheduled Scan 

Similar to CPU use during a scan, RAM use during a scheduled scan can have a significant effect on device performance, which in turn has a bearing on client satisfaction. Again older, so-called legacy antiviruses will hog significantly more RAM during a scheduled scan than their next-gen predecessors. 

While under 100 MB is generally a low amount of RAM for a scheduled scan, some solutions on the market today can require over 700 MB to perform the function. To keep memory use from quickly becoming an issue on the endpoints you manage, ensure your chosen AV falls on the low end of the RAM use spectrum. 

5. Browse Time

So many of today’s threats target your clients by way of their internet browsers. So it’s essential that endpoint security solutions are able to spot viruses and other malware before it’s downloaded from the web. This can lead to slower browsing and frustrate users into logging support tickets. It’s typically measured as an average of the time a web browser loads a given site, with variables like network connection speed controlled for. 

Effectiveness is essential, but it’s far from the only relevant metric when evaluating new endpoint security. Consider all the above factors to ensure you and your clients get the highest possible level of satisfaction from your chosen solution.

Cyber News Rundown: Data Dash

Reading Time: ~ 2 min.

DoorDash Data Breach

Nearly five months after a breach, DoorDash has just now discovered that unauthorized access to sensitive customer information has taken place. Among the stolen data were customer names, payment history, and contact info, as well as the last four digits of both customer payment cards and employee bank accounts. The compromised data spans nearly 5 million unique customers and employees of the delivery service. DoorDash has since recommended all users change their passwords immediately.

American Express Employee Fraud

At least one American Express employee was fired after it was revealed they had illicitly gained access to customer payment card data and may have been using it to commit fraud at other financial institutions. Following this incident, American Express began contacting affected customers offering credit monitoring services to prevent misuse of their data.

Hackers Target Airbus Suppliers

Several suppliers for Airbus have recently been under cyber-attack by state-sponsored hackers that seem to have a focus on the company’s VPN connections to Airbus. Both Rolls-Royce and Expleo, European manufacturers of engines and technology respectively, have been targeted for their technical documentation by Chinese aircraft competitors. This type of attack has pushed many officials to urge for higher security standards across all supply chains, as both large and small companies are now being attacked.

Ransomware Law Passes Senate

A recently passed law mandates the Department of Homeland Security support organizations affected by ransomware. While focused on protecting students in New York state, the legislation follows 50 school districts across the U.S. falling victim to ransomware attacks in 2019 alone, compromising up to 500 schools overall. A similar bill recently passed in the House of Representatives, which is expected to be combined with this legislation.

Ransomware Targets Hospitals Around the Globe

Multiple hospitals in the U.S. and Australia have fallen victim to ransomware attacks within the last month. Some sites were so affected that they were forced to permanently close their facilities after they weren’t able to rebuild patient records from encrypted backups. Several offices in Australia have been unable to accept new patients with only minimal systems for continuing operations.

Cyber News Rundown: Instagram Phishing Campaign

Reading Time: ~ 2 min.

Copyright Phishing Campaign Hits Instagram

Many Instagram accounts were recently compromised after receiving a notice that their accounts would be suspended for copyright infringement if they didn’t complete an objection form within 24 hours. By setting a timeframe, the attackers are hoping that flustered victims would quickly begin entering account credentials into a phony landing page before being redirected to the authentic Instagram login page to appear legitimate.

WordPress Plugin Exploited

Rich Reviews, a vulnerable WordPress plugin that was removed from the main WordPress repository more than six months ago, has been found still active on thousands of websites. This vulnerability allows attackers to download malicious payloads, then redirect victims to phony websites that could further infect their systems. Fortunately, several security companies are working with the plugin’s creators to fix the current vulnerabilities, though these updates won’t reach users until it’s put back on the repository.

Banking Malware Campaign

Hundreds of malware samples have been discovered that target ATMs and can be deployed to obtain sensitive banking information from infected systems. Dtrack, the name of the malware tools, can also be used to steal local machine information, such as keystrokes and browser history, by using known vulnerabilities in network security. This type of attack comes from the Lazarus Group, who have been known to target nations and major financial institutions around the world.

Click2Gov Site Hacked

An online bill paying site used in dozens of cities across the U.S. was recently hacked in at least eight cities, already compromising more than 20,000 individuals from all 50 states. This will be the third breach affecting Click2Gov, all of which used an exploit allowing attackers to gain both remote access to the system and upload any files they choose. Many of the cities that were targeted recently were part of the prior attacks on the Click2Gov portal.

Wyoming Healthcare Hit with Ransomware

Campbell County Health’s computer systems were brought to a halt after suffering a ransomware attack this week. Nearly 1,500 computers were affected and all currently scheduled surgeries and other medical care must be delayed or diverted to another facility. Fortunately, CCH is working quickly to restore all of their systems to normal and determine the exact infection point for the attack.

Cyber News Rundown: TFlower Ransomware Exploiting RDP

Reading Time: ~ 2 min.

TFlower Ransomware Exploiting RDP 

Ransomware attacks seem to be earning larger payouts by focusing on big businesses and governments, and a new variant dubbed TFlower might be no exception. TFlower has been proliferating by hacking into compromised networks through various remote desktop services. Attackers can reportedly execute the malware and begin encrypting most file types and removing all local backups. It is still unclear how much the demanded ransom is, but researchers have found that TFlower doesn’t append the encrypted files’ extensions.  

Ransomware is evolving. Click here to learn more on the threat.

Lion Airline Data Leak 

More than 30 million customer records belonging to two Lion Air-owned companies Malindo Air and Thai Lion Air were found in a publicly accessible database and later on several underground forums earlier this month. Among the available data are names, birthdates, and passport information, all of which could easily be used to commit identity fraud. While the data was available for nearly a month, it is still unclear how many individuals may have obtained copies of the data. 

White Hat Hackers Expose Webcam Security Flaws 

Over 15,000 unique webcams from several different manufacturers have been found to be using default security settings while connected to the internet. Many of the compromised devices have been identified in the U.S., Europe, and Southeast Asia. This recent discovery should prompt manufacturers to implement additional security settings and require users to set their own passwords.  

Medical Patient Images and Data Unprotected 

In a recent research study of 2,300 healthcare systems, nearly 25 percent were publicly accessible on the internet, containing a total of 24.3 million patient healthcare records from at least 52 countries. Over 400 million medical images were available for access or download through a system that allows medical workers to share patient documents. These systems date back to the 1980s and need to be brought up to current security standards, as the current system has virtually none.  

Ecuadorian Data Analytics Breach 

An Ecuadorian data analysis firm, Novaestrat, is under investigation after it was discovered that the company left personally identifiable information for nearly every Ecuadorian citizen exposed in an unsecured database. Records for 2.5 million car owners and nearly 7.5 million financial and banking transactions were included in the records. Immediately upon the revelation of the breach, Ecuadorian government officials arrested the CEO for possessing the data illicitly.   

Cyber News Rundown: Arizona School Ransomware Attack

Reading Time: ~ 2 min.

Ransomware Closes Arizona School District

As many students began returning for the fall semester, classes were cancelled in the Flagstaff Unified School District in Arizona after a ransomware attack disabled some of the district’s computer systems. Officials haven’t yet released any additional information on the ransom demanded or if any sensitive employee or student documents was compromised. The attack is another in a chain of ransomware campaigns affecting dozens of school districts around the country in recent months.

Want more on the latest threats to your online security and privacy?
Follow us on Facebook and Twitter to stay up to date.

BEC Scam Targets Toyota Corporation

A subsidiary company of Toyota fell victim to a business email compromise (BEC) that could cost more than $37 million. Using social engineering to convince the victim to send the wire transfer has become a common practice around the world and earned scammers an estimated $1.3 billion in 2018 alone. Officials are still working to determine the proper course of action to recover the stolen funds, though it is unlikely they will be able to track down their present location.

International BEC Sting Nets 281 Arrests

With the cooperation of many law enforcement agencies around the world, at least 281 individuals were taken into custody for their roles in various BEC scams. Along with the arrests, officials seized $3.7 million in cash that had been stolen by redirecting wire transfers while posing as a high-level executive. While the majority of arrests came from Europe and Africa, nearly a quarter occurred in the U.S.

LokiBot Campaign Affects U.S. Manufacturer

A poorly written email phishing campaign was recently discovered with a rather malicious payload called  LokiBot. In the scam, once a victim would open the attachment (with assurances in the email that it simply needs to be reviewed), an archive would unzip and allow the payload to begin hunting for credentials and any other sensitive information stored on the system. After reviewing the LokiBot sample, the IP address from which the campaign originated from has been tied to several other, similar campaigns from recent months.

Oklahoma State Trooper Pension Fund Stolen

Malicious hackers recently stole more than $4.2 million from the Oklahoma State Trooper’s pension fund, which was to be used to assist roughly 1,500 retired law enforcement agents in the state. While most of the benefits programs should remain unaffected, officials are confident that they will be able to recover the funds, which would also be covered by insurance company if unable to be recovered.

Cyber News Rundown: Deepfake Voice Fraud

Reading Time: ~ 2 min.

Deepfake BEC Scam 

A new variant of the well-known BEC scam has implemented a feature that has yet to be used in an email scam: voice fraud. Using an extremely accurate deepfake voice of a company’s CEO, scammers were able to successfully convince another company to wire $250,000 with the promise of a quick return. Unfortunately, that transfer was quickly spread out through a number of countries, leaving investigators with very little clue as to the identity of the scammers.  

Yves Rocher Data Leak 

The customer databases belonging to French retailer Yves Rocher were found to be publicly available by researchers who discovered the records of over 2.5 million customers. In addition to the personal data, the details for over 6 million transactions, and internal Yves Rocher information were grouped with the exposed database. The internal data could be a major opportunity for any competitors to obtain some crucial footings in the marketplace.  

German Mastercard Breach 

Officials recently learned of a data breach that was affecting nearly 90,000 German Mastercard holders that are part of their members loyalty program. Nearly half of the exposed email addresses have already been compromised in previous data breaches, according to Have I Been Pwned, though the affected customers should still update their credentials. Fortunately, this breach only affected the loyalty program members rather than the entirety of Mastercard’s world-wide client base.  

Ransomware Wave Hits US 

Continuing on from a summer full of ransomware attacks on US cities comes a streak of 13 new attacks that range from the East Coast to the West Coast. Sadly, several of the victims have already paid out some portion of the demanded ransoms, with some insurance companies even attempting to negotiate with the attackers for a lower payout. With this streak, the total number of ransomware attacks in the US in 2019 is up to 149, 20% of which involved educational institutions.   

UK Travel Agency Breach 

A UK-based travel agency has recently fallen victim to a data breach that could affect over 200,000 of their customers. The main leak included audio files for the affected customers confirming travel and payment plans, as the travel firm completes their deals over the phone. The audio files appear to have bene publicly available for a span of nearly 3 years, but quickly secured the sensitive information once they were informed of its current status.  

Cyber News Rundown: Social Media Bots Attack

Reading Time: ~ 2 min.

Cybercriminals use Botnets to Launch Attacks on Social Media

According to a new report, more than half of all login attempts on social media sites are fraudulent, and at least 1 in 4 new account creation attempts are also fraudulent. With the sheer number of potential victims these types of sites provide attackers, these strategies are proving to be more and more lucrative. Even more worrisome: at least 10% of all digital handshakes from online purchases to new accounts being created are being made by malicious actors.

Cybercriminals target end users. Learn why businesses need security awareness training.

xHelper Trojan Infects Thousands of Android Devices

A new Trojan has infected over 30,000 devices in a very short time. By disguising itself as a JAR archive, the dropper is able to move quickly through a system, rather than being installed within a bundle as a standard APK. At least two variants of the Trojan have been spotted, one running extremely silently on infected devices while the other does less to hide itself, creating an actual xHelper icon and pushing an increasing number of notifications to the device.

Malicious PDF Scanner App

Researchers recently notified Google of a Trojanized CamScanner app that has been downloaded over 100 million times. The app itself is used to download and launch a malicious payload, after making contact with the attacker’s servers. Fortunately, Google is quick to act when they receive these types of reports, and has already removed the app from the Play Store. This app follows in a long line of high-install malicious apps to hit the Google™ Play Store in the last couple months.

Cable Companies Delay Robocall-Detection Implementation

Following the FCC decision to push out a technology that would allow all telecom companies to implement detections for the excessive number of robo-calls their customers receive every year. Unfortunately, the FCC never made an official deadline, so the lobby groups for the cable companies have been pushing for further delays. Hopefully, more telecom companies will get behind this technology and start helping their customers avoid this kind of harassment.

Hosting Provider Data Breach

A data breach was recently revealed by Hostinger, a hosting provider, which could affect their entire 14-million-strong customer base. Within the last week, the company identified unauthorized access to one of their servers, which contained sensitive customer information. Fortunately, Hostinger resolved the vulnerability quickly and pushed out a mandatory password reset to all affected users.