Cybersecurity Updates
- With a single update, a popular barcode scanner app on Google Play transformed into malware and was able to hijack up to 10 million devices as reported by Malwarebytes
- Lavabird Ltd.'s QR code barcode scanner was an Android app that had been available on Google's official app repository for years
- accounting for over 10 million installs
- ESET Cybersecurity is reporting that there is a 768% growth in Remote Desktop Protocol (RDP) attacks over the course of 2020
- detected 29 billion attempted RDP attacks across the year, as cyber criminals attempt to exploit remote workers.
- The United Nations reported that the country of North Korea is using money it received from hacking to modernize its nuclear weapons and ballistic missiles
- “total theft of virtual assets from 2019 to November 2020 is valued at
approximately $316.4 million” - illegally obtained proceeds “estimated at up to $2 billion”
- “total theft of virtual assets from 2019 to November 2020 is valued at
- A security researcher’s analysis of 30 popular health apps (they weren’t named) finds problems:
- 50% of the apps store PHI
- 100% of API endpoints were subject to BOLA attacks (broken object-level authorization) that can allow access to full patient records.
- 50% of the apps allowed clinicians to access to records of any patient by changing the URL that is passed in the “GET” command.
- 100% of the apps failed to implement certificate pinning to prevent person-in-the-middle attacks.
- 77% of the apps used hard-coded API keys that never expire and 7% use hard-coded names and passwords.
- 50% of APIs did not authenticate requests with tokens.
- Nicholas Faber, 25, of Rochester, New York pleaded guilty to one count of computer intrusion causing damage and one count of aggravated identity theft.
- admitted that from about 2017 to 2019, he worked with co-conspirator Michael Fish to access the school email accounts of dozens of female college students and then used information from those school email accounts to gain access to the victims’ social media accounts
- Members of the Egregor ransomware cartel have been arrested this week in Ukraine
- are the result of a joint investigation between French and Ukrainian police.
- Egregor gang operates based on a Ransomware-as-a-Service (RaaS) model
- rent access to the actual ransomware strain, but they rely on other cybercrime gangs to orchestrate intrusions into corporate networks and deploy the file encrypting ransomware.
- Jones Day Law Firm headquartered in Cleveland, Ohio has published a number of articles on their web site about ransomware attacks and how they have helped or advised clients how to respond to security incidents.
- threat actors known as CLOP initially posted some screenshots of files they
- appear to have exfiltrated
- involve current and confidential communications.
- Central Piedmont Community College of Charlotte, North Carolina
experienced a ransomware attack that exposed info on an unknown number of students - The Salt Lake Community College of Utah notified an unknown number of students that their info may have been exposed after a cybersecurity incident.
- Council Rock School District of Pennsylvania notified an unknown number of students that their info may have been exposed after email phishing incident.
- The federal government reports that 958,000 patients had their PHI exposed because of breaches in January, 2021
- Bannock County of Idaho notified an unknown number of citizens that their info may have been exposed during recent breach of county servers.
- Renown Health of Reno, NV agreed to pay a $75,000 fine to settle charges that it failed to provide patients copies of their PHI.
- Sharp Healthcare of San Diego, CA agreed to pay a $70,000 fine to settle charges that it failed to provide patients copies of their PHI.
- Syracuse University of New York notified 9,800 students that their info was exposed after email phishing incident.
- University of Colorado notified an unknown number of students that their info was exposed after cybersecurity incident.
- The National Counterintelligence and Security Center, as well as CBS 60 Minutes TV program are warning that threat actors with ties to China are continuing to target US healthcare, genomic, and other valuable data through hacking and other malicious activities.
- Somerset Independent School District of Texas notified an unknown number of students that their info may have been exposed after ransomware attack.
- VMware Carbon Black analyzed data from attacks on its healthcare customers in 2020 and found 239.4 million cyberattacks were attempted in 2020, which equates to an average of 816 attempted attacks per endpoint.
- That represents a 9,851% increase from 2019.
- Nebraska Medical Center notified an unknown number of patients that their PHI was exposed after cybersecurity incident.
- The City of Oldsmar in Florida notified its citizens that it was able to prevent a hacker from penetrating its network and causing the city’s water supply to be poisoned.
- Chatham County of North Carolina notified an unknown number of citizens that their info may have been exposed after ransomware attack.
- Wimberly School District of Texas notified an unknown number of students that their info may have been exposed after ransomware attack.