Author Archives: Sean Lyngaas

Cyberattack on U. of Vermont hospital IT network delays chemotherapy, mammogram appointments

Posted on by

A cyberattack at the University of Vermont Health Network has forced one of the network’s hospitals to delay chemotherapy and mammogram appointments, making it the latest example of how cybercriminals can impact patient care. The disruption of computer systems at the health network, which comprises six hospitals and more than 1,000 physicians, began the week of Oct. 25, the organization said. The attack made some of the data used to process appointments for cancer patients temporarily unavailable. And the health network said that as of Monday it was still unable to conduct mammograms, breast ultrasound screenings and biopsies because of a lack of access to patient data. The health network is nonetheless still treating cancer patients and is working to “expand our capacity” to provide chemotherapy seven days per week, the organization said in a statement on Saturday. The laborious recovery process is ongoing. “We are slowly and methodically restoring some systems,” […]

The post Cyberattack on U. of Vermont hospital IT network delays chemotherapy, mammogram appointments appeared first on CyberScoop.

Continue reading Cyberattack on U. of Vermont hospital IT network delays chemotherapy, mammogram appointments

Crooks behind Ghimob banking trojan have ambitions far beyond Brazil, researchers say

Posted on by

Cybercriminals have used a new malicious software kit to target banking customers in Brazil, but harbor ambitions far beyond the Latin American country, security researchers said Monday. The data that anti-virus company Kaspersky released shows how an enterprising group of crooks has used Brazil to fine-tune their banking trojan, as the financially-focused malware is called. After successfully infecting numerous victims in Brazil, the campaign has expanded to other Portuguese-speaking countries, from Angola to Mozambique to Portugal. Ghimob, as the newly discovered trojan is known, has a series of features that could make it more effective than previous attempts by Brazilian malware developers to target users abroad, according to the researchers. It is a “full-fledged spy in your pocket” that siphons off data through a number of means, Kaspersky researcher Fabio Assolini and his colleagues wrote in a blog post. It’s a fraudulent app, hosted outside of the Google Play Store, that once installed […]

The post Crooks behind Ghimob banking trojan have ambitions far beyond Brazil, researchers say appeared first on CyberScoop.

Continue reading Crooks behind Ghimob banking trojan have ambitions far beyond Brazil, researchers say

Apple releases patches for 3 iOS zero days that hackers used for targeted attacks

Posted on by

Apple has issued fixes for three critical bugs in its software for iPhones, iPads and iPods that could allow an attacker to burrow into the inner sanctum of a device’s operating system and steal data. The researchers who found the flaws said that attackers were actively exploiting them. Two of the bugs affect the kernel, the core of the device’s operating system which handles interactions between hardware and software. Apple users are protected if they update their software, which the company encouraged them to do on Thursday. Project Zero, Google’s team of security researchers that found the vulnerabilities, said hackers exploited the flaws in targeted attacks, but did not disclose the victims or perpetrators. Shane Huntley, of Google’s Threat Analysis Group, said the activity was not related to the U.S. election. Vulnerabilities in iPhone software are coveted by spies and criminals alike because of the popularity of the phones around the world, and the resources […]

The post Apple releases patches for 3 iOS zero days that hackers used for targeted attacks appeared first on CyberScoop.

Continue reading Apple releases patches for 3 iOS zero days that hackers used for targeted attacks

How the pandemic helped election officials prepare for a flood of misinformation

Posted on by

As Americans await the results of a heated presidential contest, election officials are in the spotlight in a country on edge. They are trying to sift through a fog of domestic misinformation, and their methodical process for counting and verifying ballots is belying demands to hurry up, or stop. Now, security experts say months of extraordinary preparation during the coronavirus are paying off. After months of explaining how elections would work during a pandemic, state and local officials are projecting confidence to the public by being open about their work. Election officials have “transformed some of the challenges associated with COVID into opportunities to increase transparency and election administration education,” said Liz Howard, senior counsel at the Democracy Program at New York University’s Brennan Center for Justice. “Before the election, when many election officials received calls and questions from voters about their absentee ballot security measures, many offered to provide tours of their offices to the […]

The post How the pandemic helped election officials prepare for a flood of misinformation appeared first on CyberScoop.

Continue reading How the pandemic helped election officials prepare for a flood of misinformation

Ransomware attacks grow more menacing during the pandemic, creating headaches in health sector

Posted on by

Steve Giles was having dinner in the Los Angeles area on Friday, Feb. 5, 2016, when he received an ominous phone call. The computer networks of Hollywood Presbyterian Medical Center, the 434-bed hospital where Giles was the chief information officer, were seizing up. “This created panic, to some degree, within the nursing and physician staff,” Giles told the California Senate weeks later. “We immediately reverted to downtime procedures.” His staff ended up running to an ATM across the street, twice, to withdraw $17,000 to convert to cryptocurrency and pay off the hackers who were holding his hospital’s computers hostage. There were no reports of patient harm from the incident. Giles’ team averted a serious medical crisis, but the attack exposed vulnerabilities in one of the first high-profile ransomware incidents at a hospital. Nearly five years on, numerous health care organizations have endured their own version of that jarring experience. “I equate Hollywood Presbyterian to […]

The post Ransomware attacks grow more menacing during the pandemic, creating headaches in health sector appeared first on CyberScoop.

Continue reading Ransomware attacks grow more menacing during the pandemic, creating headaches in health sector

After a quiet election night on the cyber front, officials preach vigilance as results come in

Posted on by

After years of preparation from security professionals and election officials, Election Day went down without any significant publicly reported cybersecurity incidents, U.S. officials told reporters Tuesday. Federal and state officials were on watch for any unusual digital activity, but all in an all, it was just “another Tuesday on the internet,” as a senior Cybersecurity and Infrastructure Security Agency official put it. In other words, there were no reports of targeted cyberattacks from U.S. adversaries. Security experts chalked the smooth operation up to vigilance on the part of officials across the election ecosystem, and the resiliency built into the voting process. Voting machines and electronic pollbooks suffered glitches in certain counties in Georgia and Ohio, but they were technical errors that are to be expected and not caused by anything malicious. Election administrators quickly reverted to paper backups and the voting process carried on. Officials at the Election Infrastructure Information Sharing and […]

The post After a quiet election night on the cyber front, officials preach vigilance as results come in appeared first on CyberScoop.

Continue reading After a quiet election night on the cyber front, officials preach vigilance as results come in

Iranian hackers probed election-related websites in 10 states, US officials say

Posted on by

Suspected Iranian hackers have probed the election-related websites of 10 states and, in one case, accessed voter registration data, federal personnel told election security officials on Friday. The hackers were conducting broad scanning of state and local websites at the end of September, then attempted to exploit the websites and nab voter data, officials from the FBI and Department of Homeland Security said during a phone briefing. They successfully compromised one database, according to Jermaine Roebuck, an official at DHS’s Cybersecurity and Infrastructure Security Agency. “We have confirmed that in at least one state the threat actor did obtain [access] to a voter registration database by abusing a website misconfiguration,” he said. “We are aware of the specific states that were targeted in this activity and we’re actively coordinating with those states currently to ensure proper remediation.” The suspected Iranian hackers have been attempting to exploit known software vulnerabilities in their search for voter data, federal […]

The post Iranian hackers probed election-related websites in 10 states, US officials say appeared first on CyberScoop.

Continue reading Iranian hackers probed election-related websites in 10 states, US officials say

Health sector mobilizes defenses following Ryuk ransomware warning

Posted on by

A day after U.S. federal agencies warned of an “imminent” ransomware threat to hospitals, it’s an all-hands-on deck mentality for a health sector already strained by the coronavirus pandemic. Private threat briefings are being held for hospital executives, federal officials are appealing for more data on the cybercriminals and hospitals are hardening their computer networks. The defensive measures follow an advisory Wednesday from the FBI and departments of Homeland Security and Health and Human Services that cybercriminals were deploying Ryuk ransomware to disrupt IT networks and extort hospitals. It was a stark warning, even for a health care sector accustomed to pandemic-era cyberattacks: Medical organizations are being singled out by capable crooks. While the federal agencies did not name victim organizations, the announcement coincided with suspected ransomware attacks this week on hospitals in New York, Oregon and Vermont, and perhaps other states. The American Hospital Association, which includes 5,000 health […]

The post Health sector mobilizes defenses following Ryuk ransomware warning appeared first on CyberScoop.

Continue reading Health sector mobilizes defenses following Ryuk ransomware warning

Why the extortion of Vastaamo matters far beyond Finland — and how cyber pros are responding

Posted on by

Even for veterans of cybercriminal investigations, the recent extortion of a psychotherapy practice in Finland has been unusual — and disturbing. Rather than sticking only to the common tactic of trying to shake down a breached organization, the attackers who stole tens of thousands of patient records from Vastaamo also demanded ransoms from individual people. In doing so, the thieves have been leveraging some of the most sensitive medical data imaginable, and making it difficult for victims to respond collectively. “Therapeutic notes are at a different level of privacy problems,” said Mikko Hypponen, chief research officer at Finnish cybersecurity company F-Secure. “I know of a handful of cases where patients were blackmailed for their health data, but those were much smaller breaches. There’s never been a crime in Finland with so many victims as in this one.” While the incident has rocked Finland, prompting an emergency government meeting and costing Vastaamo’s CEO his job, […]

The post Why the extortion of Vastaamo matters far beyond Finland — and how cyber pros are responding appeared first on CyberScoop.

Continue reading Why the extortion of Vastaamo matters far beyond Finland — and how cyber pros are responding

European ransomware group strikes US hospital networks, analysts warn

Posted on by

An Eastern European cybercriminal group has conducted ransomware attacks at multiple U.S. hospitals in recent days in some of the most disruptive cyber-activity in the sector during the coronavirus pandemic, cybersecurity company FireEye said Wednesday. The group, which FireEye calls UNC1878, has been deploying Ryuk ransomware and taking multiple hospital IT networks offline, said Charles Carmakal, senior vice president of Mandiant, FireEye’s incident response arm. “UNC1878 is one of most brazen, heartless and disruptive threat actors I’ve observed over my career,” Carmakal said. The group’s activity “is deliberately targeting and disrupting U.S. hospitals, forcing them to divert patients to other healthcare providers,” he said. The company did not detail any specific attacks, or the timing of the activity it says it observed. The announcement coincides with multiple reported ransomware incidents, including an attack earlier this week on Oregon-based Sky Lakes Medical Center. The medical center carried on with emergency and urgent […]

The post European ransomware group strikes US hospital networks, analysts warn appeared first on CyberScoop.

Continue reading European ransomware group strikes US hospital networks, analysts warn