IT Security Newsletter - 11/20/2020
Iowa Hospital Alerts 60K Individuals Affected by June Data Breach
Mercy Iowa City hospital this week reported that an internal email compromise and phishing email incident led to the exposure of personal information of some 60,473 individuals. An attacker had compromised a hospital employee's email account and sent out phishing emails between May 15 and June 24, 2020. This ultimately led to the exposure of recipients' names, Social Security numbers, driver's license numbers, dates of birth, medical treatment information, and health insurance data. READ MORE...
Scammer sentenced for stealing $9M from adoption, automotive firms
A Florida man was sentenced to 37 months in prison earlier this week for his involvement in a business account takeover scheme that resulted in more than $9 million in total financial losses. Business account takeover (also known as corporate account takeover) is a type of fraud or business identity theft where scammers gain access to a business' finances to fraudulently change its bank accounts to ones under their control to make unauthorized transactions. READ MORE...
Chinese Hackers Target Japanese Organizations in Large-Scale Campaign
China-linked threat actor APT10 was observed launching a large-scale campaign against Japanese organizations and their subsidiaries. Also referred to as Cicada, Stone Panda, and Cloud Hopper, APT10 is known for launching espionage campaigns for over a decade, including attacks aimed at managed service providers (MSPs) and Japan-linked organizations. As part of the newly observed campaign, the hacking group has been using a combination of living-off-the-land tools and custom malware. READ MORE...
Hacker Closing Out Prison Sentence in Chicago Halfway House
Computer hacker Jeremy Hammond, who is serving a 10-year prison sentence for breaking into computer systems of security firms and law-enforcement agencies, will serve out the remainder of his term in a Chicago halfway house, a U.S. Bureau of Prison spokesman said Wednesday. Hammond, who has gained mythic status among his supporters, was released Tuesday from the Memphis Federal Correctional Institution in Tennessee to community confinement, said Bureau of Prisons spokesman Emery Nelson. READ MORE...
Tis' the Season for Online Holiday Shopping, and Phishing
While online holiday shopping is nothing new, more of us will be avoiding the malls and brick-and-mortar stores this year - which opens up big opportunities for cybercriminals. This, along with COVID-19, is expected to anchor most of the scam and phishing lures in circulation this season. Since pandemic lockdowns began in early 2020, contactless transactions skyrocketed, and seasonal holiday shopping will likely continue that trend. READ MORE...
QBot partners with Egregor ransomware in bot-fueled attacks
The Qbot banking trojan has dropped the ProLock ransomware in favor of the Egregor ransomware who burst into activity in September. Qbot, otherwise known as QakBot or QuakBot, is Windows malware that steals bank credentials, Windows domain credentials, and provides remote access to threat actors who install ransomware. Victims usually become infected with Qbot through phishing emails utilizing Excel documents that pretend to be DocSign documents, as shown below. READ MORE...
Attacks on biotech and pharmaceutical industry escalate
Attacks on the biotech and pharmaceutical industry had increased by 50% between 2019 and 2020, according to a BlueVoyant report. The report highlighted that nation-states are ramping up cyber attacks on companies that are developing vaccines, and this is likely to increase as production and distribution gets underway. The analysis examined open source records of 25 publicly reported attacks that have taken place in the last four years. It set out to define key risks and how COVID-19 has changed the threat landscape. READ MORE...
Mount Locker ransomware now targets your TurboTax tax returns
The Mount Locker ransomware operation is gearing up for the tax season by specifically targeting TurboTax returns for encryption. Mount Locker is a relatively new ransomware operation that began infecting victims in July 2020. Like other human-operated ransomware gangs, the Mount Locker gang will compromise networks, harvest unencrypted files to be used for blackmail, and then encrypt the devices on the network. Stolen data and the encrypted files are then used in a double-extortion scheme. READ MORE...
- ...in 1900, cartoonist Chester Gould, creator of the long-running "Dick Tracy" comic strip, is born in Pawnee, OK.
- ...in 1924, scientist/mathematician Benoit Mandelbrot, known for his work with fractal geometry, is born in Warsaw, Poland.
- ...in 1945, the Nuremberg trials concerning Nazi war crimes during WWII begin in Germany.
- ...in 1963, actress Ming-Na Wen ("Mulan", "ER", "Agents of S.H.I.E.L.D.") is born in Coloane, Macau.