Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hackers have published extensive patient information from two U.S. hospital chains in an apparent attempt to extort them for money. The files, which number in at least the tens of thousands and were posted to a blog on the dark web that the hackers use to name and extort their victims, includes patients’ personal identifying information, like their names, addresses and birthdays, as well as their medical diagnoses. They come from the Leon Medical Centers, which serves eight locations in Miami, and Nocona General Hospital, which has three locations in Texas. The files also include at least tens of thousands of scanned diagnostic results and letters to insurers. One folder contains background checks on hospital employees. An Excel document titled 2018_colonoscopies has 102 full names, dates and details of the procedures, and a field to mark “yes” or “no” to whether the patient has a “normal colon.” The hacker group that posted the files is well known to cybersecurity researchers. They typically first encrypt their victims’ files and demand payment, and it’s rare for them to publicly release such files first. But at least with Nocona, that appears to be what happened. The motive for the release of the files is unclear. The leak highlights how hackers have in recent years steadily targeted American hospitals, small businesses, schools and government computers, often infecting them with ransomware,which is malicious software that locks up computers, rendering them inoperable. Hackers then demand payment, usually in bitcoin, to unlock the files. A redacted image leaked from Leon Medical Centers. At least 560 health care providers were hit with ransomware in 2020, according to a survey by the cybersecurity firm Emsisoft. In October, several federal agencies issued warnings about "an increased and cybercrime imminent threat" directed at hospitals. Recommended SECURITYFox News sued by Smartmatic for $2.7 billion over rigged election claims SECURITYJustice Department issues rare charges against ransomware operator Some ransomware gangs have declared hospitals off limits, but others have found them particularly ripe targets. The fallout when doctors and nurses suddenly can't access their computers can be severe. And since many hospital chains share the same computer networks across dozens or hundreds of physical locations, a single ransomware infection can delay medical procedures across the country. Some ransomware gangs have increasingly turned to leaking their victims’ personal files online if they refuse to pay, but dumping such vast troves of personal medical information is a line that not many have crossed, Brett Callow, a ransomware analyst at Emsisoft, said. “When financial stuff leaks, people can at least fix their credit,” Callow said in a text message. “Not so with health stuff. Once it's out there, it's out there.” In January, Leon Medical Centers announced that it had been hacked in November, and that it had soon determined that “certain files stored within Leon Medical’s environment that contain personal information had been accessed by the cybercriminals.” A redacted image leaked from Nocona General Hospital. That includes “name, contact information, Social Security number, financial information, date of birth, family information, medical record number, Medicaid number, prescription information, medical and/or clinical information including diagnosis and treatment history, and health insurance information,” the announcement said. As first reported by DataBreaches.net, a website that tracks exposures of medical data, Leon has notified the U.S. Department of Health and Human Services of a data breach, but only estimated 500 patients were affected. In an emailed statement, Yolanda Foster, a spokesperson for Leon, wrote: “We are working diligently with third-party forensic experts to complete an investigation into the matter. As soon as possible, we will provide direct notifications to any affected individuals.” One lingering question is why the hackers, who did not respond to requests for comment sent to an email address or through their website, leaked the information. Many hacker groups, including the one that posted the two hospitals' patient information, only leak sensitive files as retribution when their victims don't pay for ransomware. Foster declined to address specifics about whether Leon had been hit with ransomware. Nocona didn't appear to have been a victim of ransomware, and no systems there appear to have been encrypted, Brian Jackson, an attorney representing the firm, said. "I can't tell you with absolute certainty that they did not send a ransom demand," he said in a phone call. "I can tell you we did not open one." Kevin Collier Kevin Collier is a reporter covering cybersecurity, privacy and technology policy for NBC News.
  2. Retail firms are increasingly shifting toward digital environments, making them more likely to be targeted by cybercriminals. In addition, the pandemic-led restrictions have accelerated online purchasing since the last year. Recently, several retail organizations, including PupBox, have been affected by security incidents that compromised their customer data. Quick analysis In recent months, multiple retail organizations have been targeted by cyberattacks, including Croma, Kmart, Brendon, Dickey's Barbecue Pit, Ticketmaster, Viandes Dubreton, Premier Kids Care, Inc., and Designer Brands Inc., among others. The most affected regions included Southeast Asia, Eastern Europe, and North America. However, retailers in other regions aren’t targeted as frequently as the U.S.-based ones. The major attack vectors used in these recent cyberattacks, leading to data theft, include unauthorized access, code injection, ransom demands, phishing, spoofing, and fraud. The Qakbot trojan and TrickBot botnet have been particularly targeting the retail sector. Additionally, active ransomware groups targeting the sector were identified as Zeppelin, Egregor, Ransom X, and Clop. Additional info According to a report from Imperva, 2020 saw a record number of cyberattacks targeting retail websites. Right after stay-at-home orders, the web traffic to retail websites increased by 28%, in comparison to the 2019 holiday shopping season. More than 30% of cyber attacks originated from the USA, with Ukraine and Russia combined accounting for 27%. Around 98% of attacks on online retailers were automated bots found to be targeting websites, mobile apps, and APIs. Conclusion The sudden digitization and lack of adequate security are making the retail sector more vulnerable than ever before. Thus, experts suggest monitoring POS systems to check for breaches, educating employees about cybersecurity, testing company email systems for malware, and encrypting any essential data to keep it safe. retail sectors PupBox Ransomware Attack Croma Europe
  3. The growing adoption of IoT devices has resulted in gradually increasing waves of botnet attacks. While old botnet attacks are evolving, several new players are emerging in the threat landscape. Recently, Trickbot was found to be active again with new phishing and malware attacks. New botnet-based attacks In the last two months, several new botnet attacks have been discovered that were mostly focused on Linux systems, IoT devices, and open-source components. Attackers behind the DreamBus botnet were observed targeting enterprise apps running on Linux servers. Cybercrime gangs were found abusing RDP systems (running on UDP port 3389) to amplify junk traffic as part of the DDoS botnet attacks. Another new Linux-based cryptocurrency mining botnet, PGMiner, was spotted in the wild, abusing a PostgreSQL RCE flaw. Enhancements to existing botnets Last month, the U.K Department for Education distributed free laptops to several students that were later found infected with Gamarue botnet. In addition, the FreakOut botnet had surfaced again in a new series of attacks last month. A crypto-mining botnet, TeamTNT, implemented a feature dedicated to stealing and collecting AWS credentials. A newer variant of Gitpaste-12 worm botnet was found to be targeting at least 31 known vulnerabilities in several popular devices. Conclusion Botnet attacks are getting sophisticated and making it harder for organizations to defend against them. Thus, experts suggest connecting IoT devices only in environments that have firewalls, using DDoS mitigation services that employ robust content delivery networks, and patching network devices.
  4. Ransomware operators made at least $350 million in ransom payments in 2020, according to a Chainalysis report. The figure was calculated by tracking transactions on blockchain addresses associated with ransomware attacks. The total amount paid by ransomware victims increased by 311% compared to 2019. Quick insights According to the report, new strains are taking large sums from victims, while a few pre-existing strains are increasing their earnings. Ransomware payments are responsible for 7% of all funds received by criminal cryptocurrency. The top earners were Ryuk, Maze, Doppelpaymer, Netwalker, Conti, and REvil. In addition, other families such as Snatch, Defray777 (RansomExx), and Dharma made a profit in millions. There are fewer threat actors than initially thought, with many of these groups keep switching from one RaaS (ransomware-as-a-service) to another as they're being lured by better deals. Cashing-in the ransom The criminals laundered funds through Bitcoin mixing services and sent the funds to legitimate and high-risk cryptocurrency exchange portals to convert the funds into real-world currency. Some payments were made using bulletproof hosting providers, exploit sellers, and penetration testing services (aka initial access brokers), as ransomware operations involve suppliers. Money distribution Ransomware money laundering is focused at the deposit address level. Around 199 deposit addresses received 80% of all funds in 2020. An even smaller group of 25 addresses accounted for 46%. More importantly, besides ransomware operations, several other cybercrime operations often reused the same intermediary money laundering services. Conclusion From recent trends, it is clear that RaaS has become a full-fledged cybercrime enterprise, earning millions of dollars. In addition, the report indicates that there is a very small group of deposit addresses, with the ability to cash out ransomware proceeds.
  5. Greetings! Let us try to understand the concept of Social Engineering attacks through some examples :
  6. Name of the App: What Does Sherlock Do? After writing the username : xxxx to our application, xxxx takes out the social media accounts belonging to the username. Here I just tried to explain to you with a minimum summary. Github Link: https://github.com/sherlock-project/sherlock#installation
  • Create New...