IT Security Newsletter - 10/01/2020
Ransomware hits US-based Arthur J. Gallagher insurance giant
US-based Arthur J. Gallagher (AJG) global insurance brokerage and risk management firm confirmed a ransomware attack that hit its systems on Saturday. AJG is one of the largest insurance brokers in the world with more than 33,300 employees and operations in 49 countries. The company is ranked 429 on the Fortune 500 list and it provides insurance services to customers in over 150 countries. AJG says that it detected the ransomware attack on September 26, 2020, with only a limited number of the company's internal systems being affected. READ MORE...
LinkedIn hacker Nikulin sentenced to 7 years in prison after years of legal battles
One of the most-watched cybercrime cases in recent memory has come to a close. A U.S. judge on Tuesday sentenced Yevgeniy Nikulin to 88 months in prison, or more than seven years, capping an international legal drama that's involved three countries over a span of eight years. Prosecutors had requested nearly 12 years in prison. A jury in California found Nikulin, now 33, guilty in July of hacking LinkedIn and Formspring in a pair of 2012 data breaches in which he stole credentials belonging to 117 million Americans. READ MORE...
Ohio medical center offline following another security incident in the health sector
A cybersecurity incident has forced the computer systems of an Ohio medical center offline for multiple days and prompted the clinic to postpone elective procedures for patients. A statement Tuesday from the Ashtabula County Medical Center, which includes a hospital of more than 200 beds, said the emergency department remains open and that outpatient care has continued as outside security experts investigate the disruption. The medical center did not specify the cause of the security incident. READ MORE...
Swiss watchmaker Swatch shuts down IT systems to stop cyberattack
Swiss watchmaker Swatch Group shut down its IT systems over the weekend after identifying a cyberattack targeting its organization. Swatch Group is a Swiss watchmaker known for its colorful watches commonly found in department stores and employs over 36,000 people with $9.6 billion in revenue for 2019. In a statement to BleepingComputer, Swatch Group stated that they detected a cyberattack over the weekend and shut down their IT system so prevent the spread of the attack. READ MORE...
Two charged for hacking NBA, NFL players' social media accounts
The US Department of Justice charged two men for their involvement in the fraudulent takeover of email and social media accounts owned by multiple National Football League (NFL) and the National Basketball Association (NBA) athletes. Between December 2017 and April 2019, Trevontae Washington from Louisiana and Ronnie Magrehbi from Florida allegedly compromised and took over Facebook, Twitter, Instagram, and Snapchat social media accounts of several professional and semi-professional football and basketball players employed by the NFL and the NBA. READ MORE...
Attacks on Flight Tracking Services Possibly Linked to Armenia-Azerbaijan Conflict
Distributed denial-of-service (DDoS) attacks launched in recent days against popular flight tracking services may be linked to the conflict between Armenia and Azerbaijan. UK-based live flight tracking service Plane Finder, which is used by millions of people, informed users on Tuesday via Twitter that its services were disrupted by a cyberattack. The disruption appears to have lasted at least 10 hours. The even more popular Flightradar24, a Sweden-based company that claims to have over 2 million users per day. READ MORE...
Universal Health Services Ransomware Attack Impacts Hospitals Nationwide
A ransomware attack has shut down Universal Health Services, a Fortune-500 owner of a nationwide network of hospitals. The attack occurred in the wee hours of the morning on Monday, according to reports coming in from employees on Reddit and other platforms. On Reddit, a discussion with hundreds of comments indicated that many UHS locations were indeed down and requiring a return to manual processes. "It was an epic cluster working 'old school' last night with everything on paper downtime forms," one posted said. READ MORE...
Fake software crack sites used to push Exorcist 2.0 Ransomware
The threat actors behind the Exorcist 2.0 ransomware are using malicious advertising to redirect victims to fake software crack sites that distribute their malware. According to security researcher Nao_Sec, PopCash malvertising is redirecting users from legitimate sites to a fake software crack site. This crack site, shown below, pretends to offer download links for the programs that break copyright protection on commercial software so that it can be used for free. READ MORE...
Cryptojacking: The Unseen Threat
Cryptojacking isn't a new threat, but it's highly evolving. This type of mining malware tends to ebb and flow in infections with the price of cryptocurrencies. The bad news is that cryptojacking is experiencing new upward momentum in 2020. As background, 2018 was one of the biggest years for cryptomining malware development and proliferation. In 2019, there was a 40% drop early in the year, followed by a steady infection rate into 2020, with a slight uptick through August. Those trends line up with the price of Bitcoin over the last three years. READ MORE...
Blackbaud: Ransomware gang had access to banking info and passwords
Blackbaud, a leading cloud software provider, confirmed that the threat actors behind the May 2020 ransomware attack had access to unencrypted banking and login information, as well as social security numbers. The US-based company listed on NASDAQ is headquartered in Charleston, South Carolina, and it has operations in multiple countries including the United States, the United Kingdom, Australia, and Canada. The security incident Blackbaud refers to was disclosed in a press release issued on July 16, 2020. READ MORE...
Spammers add random text to shortened links to evade detection
Spammers are using a new technique of generating URLs to evade detection by humans and spam filters alike. This technique comprises adding random, unused text bits to shortened links, to disguise them as full-sized URLs and bypass the scrutiny of email gateways. The phishing email is titled, "URGENT: REQUEST FOR OFFER (University of Auckland)..." Unsurprisingly, like many phishing emails, this one too arrives with a PowerPoint file containing macros. READ MORE...
Anthem to pay $39.5 million to states in latest settlement over 2015 hack
Anthem has agreed to pay $39.5 million in penalties and fees resulting from a sweeping 2015 cyberattack on the health insurer as part of a multi-state settlement, the company announced Wednesday. It's the latest fallout from a major data breach that exposed data on some 79 million people, and which U.S. authorities have blamed on a Chinese hacker. The settlement, based on an investigation by attorneys general in over 40 states, requires Anthem to implement a security program that includes penetration-testing, and logging and monitoring of networks. READ MORE...
QNAP warns customers of recent wave of ransomware attacks
QNAP has issued an advisory about a recent wave of ransomware attacks targeting its NAS storage devices and encrypting files. Last week, BleepingComputer broke the story of ransomware known as AgeLocker attacking publicly exposed QNAP NAS devices. The ransomware gets its name from its use of the encryption algorithm called Actually Good Encryption (AGE) when encrypting files. At the time of our reporting, it was not known how the attackers were gaining access to QNAP devices. READ MORE...
- ...in 1880, John Philip Sousa becomes leader of the United States Marine Corps Band.
- ...in 1908, Ford introduces the Model T automobile at a price of $825 -- $22,000 in 2018 dollars.
- ...in 1962, Johnny Carson debuted as regular host of NBC's "Tonight" show.
- ...in 1989, actress Brie Larson ("Room", "Captain Marvel") is born in Sacramento, CA.