Category Archives: Recorded Future

Philadelphia-area health system says it ‘isolated’ a malware attack

Posted on by

A “malware attack” has hit computer systems at Crozer-Keystone Health System, a large health care provider in the Philadelphia suburbs, a spokesman for the organization said Friday. “After quickly identifying a recent malware attack, the Crozer-Keystone information technology team took immediate action and began remediating impacted systems,” Crozer-Keystone’s Rich Leonowitz said in an email statement. Crozer-Keystone owns four hospitals and four outpatient centers in and around Delaware County, Pennsylvania, according to its website. It was not immediately clear how, if at all, the cybersecurity incident impacted those facilities. Leonowitz declined to answer questions on the matter. “Having isolated the intrusion, we took necessary systems offline to prevent further risk,” Leonowitz’s statement continued. “We completed this work in collaboration with cybersecurity professionals across our health care system and are currently conducting a full investigation of the issue.” A set of hackers behind the NetWalker ransomware claimed responsibility for the attack. On their victim-shaming website, […]

The post Philadelphia-area health system says it ‘isolated’ a malware attack appeared first on CyberScoop.

Continue reading Philadelphia-area health system says it ‘isolated’ a malware attack

This was inevitable: ‘Thanos’ ransomware weaponizes research tool against Microsoft Windows users

Posted on by

Hackers have converted software initially created as a testing tool into a destructive strain of ransomware, weaponizing inside knowledge about digital fortifications at a time when internet extortion only is accelerating. Scammers on cybercriminal forums are marketing a new strain of ransomware, dubbed “Thanos,” to other attackers aiming to infiltrate computers running Microsoft Windows, according to research published Wednesday by threat intelligence firm Recorded Future. Thanos operates much like similar hacking tools — encrypting victims’ files until they pay a shakedown fee — except that it’s the first ransomware built, in part, based on a proof-of-concept from security researchers who previously marketed their computer code as a way to bypass Windows 10 security protocols as part of otherwise legitimate tests. The discovery of the Thanos malware family coincided with a 25% uptick in overall ransomware attacks during the first three months of this year, compared to the final three months of […]

The post This was inevitable: ‘Thanos’ ransomware weaponizes research tool against Microsoft Windows users appeared first on CyberScoop.

Continue reading This was inevitable: ‘Thanos’ ransomware weaponizes research tool against Microsoft Windows users

Ransomware crooks attack Conduent, another large IT provider

Posted on by

A ransomware attack disrupted IT services company Conduent’s work with its clients last week, another example of digital extortionists targeting key technology suppliers. Conduent, which reported $4.5 billion in revenue last year and provides IT services in sectors such as health care and banking, had its European operations temporarily hampered, spokesman Sean Collins said. The incident occurred on May 29. Most systems were functioning nine hours later on that same day, and all have since been restored, he said. It was unclear which Conduent clients were affected by the disruption. Collins did not respond to a question on which clients were affected. The notorious set of hackers behind the Maze ransomware variant claimed responsibility. Like a lot of crooks involved in ransomware, the Russian-speaking Maze affiliates are not one group, but several distinct teams that specialize in writing code or breaching networks. If confirmed, it would be at least the second […]

The post Ransomware crooks attack Conduent, another large IT provider appeared first on CyberScoop.

Continue reading Ransomware crooks attack Conduent, another large IT provider

Have you patched these top 10 routinely exploited vulnerabilities?

Posted on by

The US Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to patch a slew of old and new software vulnerabilities that are routinely exploited by foreign cyber actors and cyber criminals. “Foreign cyber actors continu… Continue reading Have you patched these top 10 routinely exploited vulnerabilities?

How China’s government used social media against movements in Taiwan, Hong Kong

Posted on by

The Chinese government has adopted known disinformation techniques and utilized social media harassment campaigns to try to increase its influence in Asia, according to new findings that add to a growing body of research. In recent months, two distinct Chinese internet campaigns have sought to influence public opinion with fake news ahead of an election in Taiwan, and intimidate pro-democracy protesters in Hong Kong by posting their personal data online. Both efforts mimic similar Russian operations, and reflect how governments’ use of social media for propaganda efforts have become an everyday reality for much of the world’s population. The latest research, published Wednesday by the threat intelligence firm Recorded Future, comes after international journalists and nongovernmental organizations also have detailed the interference in semi-autonomous Hong Kong and the disputed region of Taiwan over the past year. “From a tactical standpoint, the mainland Chinese government views both Taiwan and Hong Kong as domestic information space,” […]

The post How China’s government used social media against movements in Taiwan, Hong Kong appeared first on CyberScoop.

Continue reading How China’s government used social media against movements in Taiwan, Hong Kong

The latest in FBI impersonation: An extortion scheme involving mobile ransomware

Posted on by

The FBI has done a lot to crack down on illicit online activity in recent years, from installing cyber investigators in field offices across the country to scouring the dark web for suspects. But those efforts, needless to say, do not include locking a suspect’s phone and demanding a fee to get the data back. It’s the latest twist on a scheme that cybercriminals have been using online for years: Make people think they’re in trouble with the feds, and shake them down for cash. Cybersecurity company Check Point said Tuesday that this time the crooks are encrypting the data on Android phones, accusing the victims of possessing illegal pornographic material and claiming that their personal details have been sent to an FBI data center. Victims are told to pay $500 to escape the situation. Older versions of the scheme involve fake FBI warnings that arrive via email or web browsers. Using the tactic with mobile ransomware is much less […]

The post The latest in FBI impersonation: An extortion scheme involving mobile ransomware appeared first on CyberScoop.

Continue reading The latest in FBI impersonation: An extortion scheme involving mobile ransomware

Microsoft Patch Tuesday, April 2020 Edition

Posted on by

Microsoft today released updates to fix 113 security vulnerabilities in its various Windows operating systems and related software. Those include at least three flaws that are actively being exploited, as well as two others which were publicly detailed prior to today, potentially giving attackers a head start in figuring out how to exploit the bugs. Continue reading Microsoft Patch Tuesday, April 2020 Edition

Attackers are using a Brazilian hacking tool against Spanish banks

Posted on by

An easy-to-use hacking tool has made its way from Brazil’s criminal underworld to Spain, where it’s being used to try to steal from the customers of major banks, researchers said this week. The attackers have targeted customers of at least 10 large Spanish banks as part of an ongoing campaign, said Limor Kessem, IBM Security’s executive security advisor. “We have seen this sort of migration in the past, and this one is likely tied to local criminals [in Spain] using malware from counterparts in Brazil.” The malware, known as Grandoreiro, uses a remote-access feature which overlays images on a victim’s web browser, tricking them into keeping a banking session alive. That gives a hacker the opportunity to steal money from the victim’s account or swipe other account information, Kessem and her colleague, Dani Abramov said in a blog post. It remains unclear how many Spanish banking customers were targeted. The Spanish Banking […]

The post Attackers are using a Brazilian hacking tool against Spanish banks appeared first on CyberScoop.

Continue reading Attackers are using a Brazilian hacking tool against Spanish banks

Everything must go: Cybercriminal forums offer discounts during pandemic

Posted on by

Countless legitimate businesses are offering discounts or altering their services to turn a profit during the coronavirus pandemic. Cybercriminal forums are no different. More than 500 posts on forums tracked by cybersecurity company Group-IB have advertised promotional codes and discounts during the pandemic on distributed denial of service (DDoS) attack tools, spamming, and other services. It’s an example of how the economy for cybercriminal services — worth, according to one estimate, $1.6 billion annually — is adapting to a health crisis that has changed spending habits around the world. “Due to the current situation in the world, we provide a 20% discount on all our services with a promotional code: COVID-2019 until the end of April,” read one criminal forum posting found by Group-IB, which was originally in Russian. Another post offered customer service around the clock. “The prices are very favorable during the coronavirus epidemic.” The Group-IB data fits a larger picture. Multiple threat intelligence […]

The post Everything must go: Cybercriminal forums offer discounts during pandemic appeared first on CyberScoop.

Continue reading Everything must go: Cybercriminal forums offer discounts during pandemic