Friday, May 28, 2021

Is Your Business in Danger from an Infrastructure Attack?

Is Your Business in Danger from an Infrastructure Attack?


Infrastructure targeted cyberattacks aren’t just the problem of big business, government and military targets these days. Increasingly, cybercriminals including nation-state actors, are setting their sights on smaller companies that may have weaker security. One in four attacks that IBM Security X-Force Incident Response remediated in 2020 were caused by ransomware. But by taking a few sensible precautions, you can bolster your defenses against this threat. 

Experts estimate that 51% of businesses were victims of ransomware in 2020. These included companies in data handling, cloud computing, medical information processing and storage, transportation, manufacturing, education and many other sectors that may not at first glance seem like infrastructure targets. By attacking companies that do business with big fish, cybercriminals can gain information about them, or even gain access to the systems of major targets, like recently happened with Solarwinds.

Cybercrime gangs overwhelmingly favor ransomware as their weapon of choice in these attacks. This multifunctional tool can be used to shut down production lines, steal data, lock down servers and cripple services. The number one delivery system for ransomware is phishing – 94 % of ransomware arrives at businesses via email. By preventing phishing attacks from finding success at your business, you can protect your business from ransomware.

BullPhish ID is the perfect solution for training staffers to resist phishing attacks. Customization capability means that your employees can be trained in simulations that mimic real threats that they face every day, no matter what your industry – including URLs, attachments and content. Plus, increased security awareness training that includes phishing resistance can reduce your risk of suffering a cybersecurity incident by up to 70%!

Take action now to protect your business from this growing threat by implementing sensible precautions like a security assessment to find vulnerabilities and increased security awareness training to ensure that you’re ready for trouble.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Week In Breach

Major breaches at two medical service providers are sending shockwaves throughout the industry. A new email security report from Graphus shows massive cybercrime increases. Plus, government entities around the world have another bad week and a look at how to protect your clients from ransomware attacks targeting infrastructure like this week’s Colonial Pipeline disaster including who should be beefing up security to stay safe from cybercrime.





United States – MedNetwoRX

https://www.healthcareitnews.com/news/reported-ransomware-attack-leads-weeks-aprima-ehr-outages

Exploit: Ransomware

MedNetwoRX: Medical Information Processing 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.607= Severe 

A reported ransomware attack on MedNetwoRX has impeded medical providers’ access to their Aprima electronic health record systems for more than two weeks. This hack impacts medical practices, clinics and hospitals of all sizes, from solo providers to conglomerates that rely on MedNetworx to host the Aprima electronic medical records system from vendor CompuGroup eMDs. MedNetworx says that on April 22, it experienced a network outage that resulted in a temporary disruption to its servers and other IT systems. Two major clients, Arthritis & Osteoporosis Center of Kentucky, the Alpine Center for Diabetes, Endocrinology and Metabolism, have been identified as victims as well as many small single and partner practices. The incident is under investigation and some functionality has been restored. 

Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: This is the kind of third-party service provider incident that reverberates for months as rolling damage becomes apparent. With no clear word on what if any data was stolen, your clients could be waiting for a nasty surprise. 



United States – City of Tulsa

https://therecord.media/city-of-tulsa-hit-by-ransomware-over-the-weekend/

Exploit: Ransomware

City of Tulsa: Municipality

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.722= Severe 

The city of Tulsa, Oklahoma, has been hit by a ransomware attack that affected the city government’s network and brought down official websites. The attack, which took place on the night between Friday and Saturday, is under investigation and city IT crews have begun restoring functionality and data from backups. This follows a string of ransomware attacks on other US municipalities in recent weeks. City officials were careful to note that no customer information has been compromised, but residents will see delays in-network services. While emergency response is not hampered, 311, some credit card payment systems and the city’s new online utility billing system were impacted.

Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware has been an especially nasty foe for government entities, especially cities and towns. Cybercriminals know that these targets are likely to pay ransoms and unlikely to have strong security or security awareness training in place.



United States – Fermilab

https://www.govinfosecurity.com/us-physics-laboratory-exposed-documents-credentials-a-16536

Exploit: Credential Compromise

Fermilab: Research Laboratory 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.523 = Severe

The Fermilab physics laboratory has taken action to lock down its systems after security researchers found weaknesses exposing documents, proprietary applications, personal information, project details and credentials. Fermilab, which is part of the US Department of Energy, is a world-famous particle accelerator and physics laboratory in Batavia, Illinois. One database the researchers discovered allowed unauthenticated access to 5,795 documents and 53,685 file entries. One entry point led into Fermilab’s IT ticketing system, which displayed 4,500 trouble tickets. Also found was an FTP server that required no password and allowed anyone to log in anonymously. Other impacted systems exposed credentials, experiment data and other proprietary information that were stored with no security.

Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Proprietary data needs to be stored securely. Not only does it give your competition an edge if they can see what you’re doing, but it also gives cybercriminals an edge when they’re crafting a cyberattack against your company.



United States – BlueForce Inc.

Exploit: Ransomware

https://searchsecurity.techtarget.com/news/252500356/US-defense-contractor-BlueForce-apparently-hit-by-ransomware

BlueForce: Defense Contractor 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.668 = Severe 

Someone who runs training programs may need to upgrade their security awareness training. Defense contractor BlueForce has been hit by the Conti ransomware group. The gang posted data from the operation on its leak site along with supposed chat records from its negotiation with BlueForce. The Conti gang has demanded 17 bitcoin for the decryption key. BlueForce is a Virginia-based defense veteran-owned contractor that works with the US Department of Defense and the US Department of State on program management, training and development initiatives.

Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Increased security awareness training makes organizations up to 70% less likely to experience damaging cybersecurity incidents like this one.



United States – CaptureRX 

https://www.infosecurity-magazine.com/news/capturerx-data-breach-impacts/

Exploit: Ransomware

CaptureRX: Medical Software Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.907 = Severe 

Texas-based CaptureRx, fell victim to a ransomware attack in which cybercriminals snatched files containing the personal health information (PHI) of more than 24,000 individuals. The security breach impacted 17,655 patients of Faxton St. Luke’s Healthcare and a further 6,777 patients at Gifford Health Care as well as an indeterminate number of Thrifty Drug Store patients. CaptureRx is currently unclear how many of its healthcare provider clients have been affected by the attack. Nor has the company finished its final tally of how many individuals had their PHI exposed because of the incident.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.959 = Severe 

Data exposed and stolen by the ransomware attackers included names, dates of birth, prescription information, and, for a limited number of patients, medical record numbers. Affected healthcare provider clients were notified of the incident by CaptureRx between March 30 and April 7.

Customers Impacted: 24K +

How it Could Affect Your Customers’ Business: The medical sector has been absolutely battered by ransomware in the last 12 months. Breaches at service providers like this and Accellion show that cybercriminals are playing smart by hitting targets that offer them access to a variety of information that has value for future attacks.



United States – Alaska Court System (ACS) 

https://thehill.com/policy/cybersecurity/551463-alaska-court-system-forced-offline-by-cyberattack

Exploit: Ransomware

Alaska Court System: Judicial Body 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.572 = Severe 

The Alaska Court System (ACS) was forced to temporarily disconnect its online servers this week due to a cyberattack that installed malware on their systems, disrupting virtual court hearings. The court’s website had been taken offline and the ability to search court cases had been suspended while it worked to remove malware that had been installed on its servers. Activities that may be impacted by the ACS taking its website offline include the ability of the public to view court hearings over Zoom, online bail payments, submitting juror questionnaires and sending or receiving emails to or from an ACS email address.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for cybercrime especially against local, state and municipal governments with often weak or outmoded IT departments. 






Australia – NSW Labor Party

https://www.smh.com.au/national/nsw/police-investigate-cyber-attack-on-nsw-labor-party-20210505-p57p4y.html

Exploit: Ransomware

NSW Labor Party: Political Organization 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.109 = Severe

The ransomware group Avaddon is threatening to release a trove of sensitive information including images of passports, driver’s licenses and employment contracts from a ransomware hit on the NSW Labor Party. The cybercriminals have demanded a response to its ransom request within 240 hours and threatened to launch a denial of service attack against the party if it did not pay. NSW Police has come on board in the investigation. 

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the modern cybercriminal’s weapon of choice. Make sure your clients are taking every possible precaution because 61% of organizations worldwide experienced a damaging ransomware incident in 2020.



Australia – Schepisi Communications 

https://www.news.com.au/technology/online/hacking/telstra-service-provider-hit-by-cyber-attack-as-hackers-claim-sim-card-information-stolen/news-story/2ff32b2e3634506882102e9c9d012994

Exploit: Hacking

Schepisi Communications: Cloud Storage 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.307 = Severe

Melbourne-based Schepisi Communications has been the victim of a suspected ransomware attack. The company’s website has been offline for days after a hacker group said it infiltrated the company’s data systems and posted a disturbing ransom note on the dark web. The company is a service provider for Telstra that supplies phone numbers and cloud storage services. Among Schepisi’s other customers that appeared to have had their information exposed were global food conglomerate Nestle, a Melbourne radio station, an Australian property management firm, and a financial services company based in Victoria.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Malware and ransomware have been the plague of increasingly beleaguered service providers. Every organization in the sector should step up phishing resistance training to reduce the chance of falling prey to an attack. 






India – WedMeGood 

https://www.hackread.com/shinyhunters-leak-india-wedmegood-database/

Exploit: Hacking

WedMeGood: Wedding Planning 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.817 = Severe

Legendary cybercrime gang ShinyHunters has dumped a database belonging to WedMeGood, a popular Indian wedding planning platform. WedMeGood is yet to verify the data breach, but dark web analysts say that the database contains 41.5 GB worth of data. Lately, the hacking group has been focusing on leaking databases of Indian entities. 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.773 = Severe

Impacted users have had PII exposed including full names, city, gender, phone numbers, email addresses, password hashes, booking leads, last login date, account creation date, Facebook unique ID numbers, vacation descriptions for Airbnb and other wedding details. Site users will want to be aware of the potential of spear-phishing attacks using this data.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: ransomware attacks have been especially prevalent against targets in India recently, with hits on other major companies like BigBasket and Dr. Reddy’s. Every organization in the sector should step up phishing resistance training to reduce the chance of falling prey to an attack. 



dark web economy represented by the words dark web in white on a black background blurred like a faint tv transmission



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Is Cybercrime a Public Health Menace?



Healthcare organizations worldwide have seen an onslaught of cyberattacks in the last 12 months as cybercriminals seek to profit from an overburdened yet essential resource. In the midst of the global pandemic, heartless cybercriminals chose to slam healthcare and healthcare-related organizations with ransomware, phishing, hacking and other dangerous and disruptive cyberattacks. That means that cybercrime isn’t just an expensive inconvenience – it’s a public health menace. 

Ransomware incidents had a huge impact on the healthcare sector in 2020 – attacks against healthcare organizations have jumped about 45% since early November. Many of those attacks didn’t just snatch data from hospitals. Some ransomware attacks caused significant patient care disruptions, forcing staffers to rely on old-fashioned pencil and paper records in the midst of the world’s worst health crisis in generations. 

Data breaches at healthcare organizations have also soared by an estimated 55% in 2020, with huge spikes in Q4. These breaches affected more than 26 million people. That’s a big contributor to the flood of personally identifiable information that made its way to the dark web last year, increasing every company’s risk for dangers like a credential compromise. 

Protect your business from the increased risk of ransomware and credential compromise that healthcare and even healthcare-adjacent businesses are facing today. You’ll get the most value for your money by adding secure identity and access management using a dynamic solution like Passly. It includes multifactor authentication, one tool that provides strong protection against 99% of password-based cybercrime, like a phished password. You’ll have peace of mind knowing that you’ve made a strong move for your business.

If you only do one thing to improve your company’s cybersecurity posture this year, make it adding powerful protection against cybercrime with secure identity and access management with Passly.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

The Healthcare Sector is Still Under Siege by Cybercriminals

The Healthcare Sector is Still Under Siege by Cybercriminals


Although every industry has been impacted by cyberattacks during the unprecedented wave of cybercrime in 2020, the healthcare sector really experienced a disproportionate share. That wasn’t good news in the middle of a global pandemic that was driving already challenged healthcare organizations to the brink and beyond in the worst health crisis in generations. Cybercriminals saw an opportunity and they took it – confirmed data breaches in the healthcare industry increased by 58% in 2020. Now industry experts are wrestling with a thorny question: are healthcare cyberattacks a legitimate public health crisis?





 No one disputes that cyberattacks against hospitals, health systems, research facilities, pharmaceutical manufacturers and even temperature-controlled transportation were incredibly disruptive to the COVID-19 pandemic response around the world. Experts estimate that the healthcare sector alone lost $25 billion alone last year and an estimated 27% of all cyberattacks in 2020 targeted healthcare organizations. That’s not including pharmaceutical companies, research facilities, testing laboratories, equipment manufacturers, technology providers, insurance companies and myriad other healthcare-related businesses.

This onslaught led to huge problems exactly when hospitals and clinics couldn’t stand to have anything else go wrong. Unfortunately, according to researchers at Blackberry, healthcare sector businesses are the most likely to pay ransoms, making them extremely attractive targets. The information gained in healthcare data breaches is also exceptionally desirable and valuable. During the race to develop a COVID-19 vaccine, the pressure was on pharmaceutical companies, with three major contenders breached in one week at the peak of the pressure. Two specific outcomes for healthcare-related cyberattacks have made an especially strong case for healthcare cybercrime constituting a public health crisis. 


top phishing scams of 2020

Ransomware

Ransomware attacks against every target soared in 2020, and healthcare was no exception. Attacks against healthcare organizations dramatically increased in Q4 2020, with a month-over-month increase of about 45%in early November. That followed an alarming 71% spike in October. Researchers noted that on average, businesses and organizations faced an average of 440 ransomware attacks per week in October 2020 – and by the end of November 2020 that number climbed to 626 — nearly 90 attacks every single day.

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) didn’t wait to make a pronouncement about the status of ransomware attacks on healthcare targets. CISA, FBI and HHS joined together in a rare joint warningthe healthcare sector on October 28, 2020, to be on high alert for a new flood of attacks and continuing pressure, including potential activity by nation-state threat actors. Private security experts agree that it was the right call. At the time, the alert specifically called out TrickBot ransomware, but the suggested precautions would offer healthcare organizations strong protection against most other types of ransomware as well.





Care Continuum Impacts

The most feared result of potential cyberattacks against healthcare targets is a disruption in care. Many hospital systems experienced IT outages as a result of cyberattacks that caused serious problems. In some cases, hospitals were forced to resort to old-fashioned written records during these outages, or they experienced an inability to access important test results, scans, x-rays and other important patient information. Universal Health Services (UHS), a nationwide hospital and health facility operator in the US, experienced a massive IT network outage in late September 2020. The company was forced to disconnected its IT system after identifying a malware attack. The outage lasted for eight days in the middle of a pandemic wave, creating more stress for already overburdened medical; staffers in its facilities. In hundreds of UHS healthcare facilities across the US, healthcare workers were forced to resort to cumbersome downtime protocols and paper records during the outage.

It wasn’t just hospitals who have felt the pinch. Just last week, scores of US hospitals were impacted by a security breach at a specialist provider of equipment for cancer treatments.  Supply chain and third-party riskhas been a nightmare for every industry in the last 12 months. Swedish oncology and radiology system provider Elekta’s announcement of a data security incident, purported to be ransomware, was a heavy blow to 42 hospitals that were reliant on its first-generation cloud-based storage system. This led to an inability for providers to access the precise notes and details of radiotherapy treatments for patients. Yale New Haven Health in Connecticut was forced to take its radiation equipment offline for over a week, resulting in many of the hospital’s cancer patients being transferred to other providers with little notice.  Care disruptions are an unfortunate reality for many hospitals, and that makes cybercrime like this a public health emergency.



Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

What is SOC-as-a-Service?