Blog

Cybersecurity News Bytes: Kroll Report, Russian Interference, Medical Records Ransomware Attack, & More.

Cybersecurity News Bytes for the Week Ending January 26, 2018

Increase in ransomware attacks reported in Texas

Texas suffered more malware attacks than any other state in the first quarter of 2016, according to a recent report summarized in the San Antonio Express-News, and small and medium-sized businesses were a major target. Texas is an alluring target for hackers because of its large population and large concentrations of energy and hospitality companies. Overall in 2016, Texas businesses suffered more than $77 million in losses due to cybercrime according to the FBI’s annual Internet Crime Complaint Center report. San Antonio Express-News, 20 Jan 2018

Medical Records Storage Firm Hit with Ransomware Attack

Allscripts, a multibillion dollar company that provides Electronic Health Records (EHR) and other services for medical practices, was struck with a ransomware attack against two of the company’s data centers in North Carolina. The attack affected 1,500 physician practices throughout the country. As a result, physicians and medical practices are suffering from being unable to access patient data, appointments logs, and other vital EHR information. Many doctors are having to resort to paper records and relying on an open-clinic approach for patients. Allscripts said most of their systems were up and running as of 23 January and that the incident affected only a small percentage of its 45,000 medical practice clients and 180,000 physicians. The company also said that backup systems were not affected, and no patient data was lost. Fierce Healthcare, 23 Jan 2018

Major Study of Website Defacements Published

Cybersecurity firm Trend Micro published a report on digital vandalism on 22 January. The study is based on analysis of 13 million global website defacements from 1998-2016, and focuses on website defacements, defined as the substitution of a hacker’s message for a legitimate message. The report describes categories of hacktivists, typical targets, and several of defacement campaigns. Examples include “Free Kashmir,” “#opisrael,” and “#OpFrance,” the hacktivist campaign directed against French magazine Charlie Hebdo in 2015. Most defacements are benign and are based on political or religious motivations, although there is concern that hacktivists can move from website defacements to more malicious activities including cybercrime. Article from thehill.com

Democrats Concerned About More Russian Interference

On 23 January, congressional Democrats asked social media giants Facebook and Twitter to investigate new Russian botnets interfering in American politics. The concern this time is a classified document written by Republican staffers of Freedom Caucus representatives which casts doubt on the Christopher Steele portfolio, one of the main sources that led to the Robert Mueller investigation of possible Russian connections with President Trump and his team. The classified memo is said to rebut much of Steele’s report and how it was used by the FBI. Hashtags like “#Release The Memo” have trended on Twitter recently, and top Democrats believe many occurrences on social media have come from Russian bot accounts as part of the ongoing attempt to interfere with U.S. politics and cast doubt on American institutions. Tracking center Data for Democracy identified a surge in new Russian bot accounts with about 400 created in January alone. Washington Post, 23 Jan 2018

Turkish Propaganda Campaign Focuses on World Economic Forum

In connection with this week’s World Economic Forum in Davos, Switzerland, a Turkish hacker group called “Ayyildiz Tim” took over the Twitter accounts of the Indian Ambassador to the UN, the president of the WEF, and two Fox News reporters. The hacked accounts were used to spread pro-Turkish and pro-Pakistan tweets, according to McAfee’s Advanced Threat Research Team and other sources. Inforsecurity Magazine article

New Global Cyber Center in Geneva

The World Economic Forum (WEF) announced on 24 January the establishment of the “Global Centre for Cybersecurity” in Geneva. The new center will become operational in March and will initially work with G20 countries and industry to develop safeguards against data breaches and nation-state hackers. The WEF considers cybersecurity a growing global problem with larger threats accompanying new technology developments like drones and self-driving cars. Article in gulfnews.com

UK Sets Up New Unit to Deal with Fake News

The British Government has decided to establish a new unit in the Cabinet Office to deal with fake news and disinformation campaigns promulgated by other countries. The new unit, apparently to be called the National Security Communications Unit, will focus on potential disinformation campaigns to deal with the “interconnected complex challenges” of “fake news and competing narratives” such as the Russian-based social media campaign targeting the 2016 Brexit negotiations. TechCrunch Article

Report Cites Increase in Fraud and Cyber Incidents

The 2017/2018 Kroll Annual Global Fraud and Risk Report, based on a survey of senior corporate executives worldwide, shows that fraud, cyber, and security risks were a growing concern in 2017. 86% of those surveyed said their companies had experienced a cyber event in the previous 12 months compared to 85% who were affected by fraud. Both numbers are higher than 2016. Information theft or loss and business losses due to cyber attack were cited as the most prevalent types of fraud, slightly ahead of the loss of physical assets. Executives categorize information-related risks as their highest concern. (A summary of the Kroll report can be found at the following URL. The summary includes a link to the full report.) Kroll Report Summary

Russian “Fancy Bear” Group Targets International Luge Federation

As part of Russia’s continuing response to the exclusion of Russian athletes from the Winter Olympics, a cyber persona believed to be affiliated with the Fancy Bear hacking group released documents stolen from the International Luge Federation. The hackers released email and other documents purporting to show violations of doping rules by other countries. Fancy Bear, also known as APT28, is believed to be associated with Russian military intelligence (GRU). Cybersecurity firms TrendMicro and ThreatConnect have previously identified Olympics organizations and anti-doping authorities as targets for Russian hackers in retaliation for the ban on Russian athletes. Article on thehill.com

Google Parent Company Alphabet Enters Cybersecurity Market

Alphabet’s X Division is launching “Chronicle LLC” to focus on enterprise cybersecurity at Fortune 500 companies. Chronicle will apply Google’s data analysis expertise to conduct machine learning to eventually enable anti-virus detection and eradication through artificial intelligence much faster than traditional methods. Alphabet Article

Maersk’s Extraordinary Recovery from NotPetya Attack

Maersk, the world’s largest container shipping company that carries 80% of global shipping, was one of the victims of last summer’s NotPetya ransomware attack. NotPetya is malware used by the TeleBot hacker group, thought to be associated with Russian intelligence. The malware was directed at Ukrainian companies, but then spread to other countries through individual company VPNs. The damage was so great to Maersk that the shipping giant had to replace its entire IT infrastructure – 4,000 servers, 45,000 personal computers, and 2,500 applications. The company completed this job in the remarkably short time of 10 days at an estimated cost between $250-300 million. This is the same estimated cost to recover for U.S. pharmaceutical company Merck and Federal Express that were also hit with the NotPetya attack. Article via Bleepingcomputer.com

New Report Quantifies Huge Increase in Ransomware

Infosecurity Magazine reported on the “2017 State of Malware report” released by cybersecurity firm Malwarebytes. Among the more interesting statistics is that ransomware increased over 700% from July to September 2017 in attacks against businesses and consumers alike. Two ransomware families – GlobeImposter and WannaCry – were responsible for most of the damage. Ransomware attacks against businesses in September 2017 were ten times the number of attacks in September 2016. The report points out that cryptocurrency mining is also increasing as hackers follow the global markets in cryptocurrency. Other reporting indicates that most cryptocurrency mining is directed against Monero and not Bitcoin. Infosecurity Magazine Article

Return to our HOME PAGE.