A critical program relied on by 40% of the nation’s hospitals was hit by the Ryuk strain of ransomware, as confirmed by a CronUp security researcher. Dallas-based T-System, which provides end-to-end solutions for U.S. emergency care facilities, has been working to recover from the attack. T-System was not the only U.S. organization to fall victim; in November, a software company supporting senior living facilities was victim to a Ryuk ransomware attack along with a private security company and a Mississippi school district.
The U.S. Department of Justice (DOJ) disclosed the identities of two Russian hackers and charged them for developing and distributing the Dridex banking Trojan with which the hackers stole more than $100 million over a period of 10 years.
Phishing scam operators have been continuously evolving their techniques to avoid detection. In 2019, Microsoft saw phishing attacks reach new levels of creativity and sophistication, including the abuse of legitimate cloud services like those offered by Microsoft, Google, Amazon and others. Microsoft highlights three of the most notable attack techniques spotted last year:
1. Google search scam
2. Custom 404 error pages
3. Increasingly sophisticated impersonation
For years, ransomware have threatened to release stolen data to the public if the target organization did not pay up but have not actually followed through – until recently. No longer an empty threat, operators of the Maze ransomware released 700MB-worth of data stolen from Allied Universal to a hacking forum in late November, when the California-based security services firm refused to pay the ransom. Following the data release, another ransomware operator, REvil is threating to make good on its intentions to release data taken from a data center if the company does not pay the ransom. This tactic serves as proof that ransomware should be taken seriously as a form of data breach.
After following through on the threat to release stolen data for failing to pay ransom, the Maze ransomware gang has also publicly identified other organizations infected with their ransomware in an effort to pressure victims to pay.
Emotet operators have started a new spam campaign banking off the popularity of environmental activist, Greta Thunberg, and her dedication to the climate movement. Unsuspecting users who think they are receiving information about an upcoming "climate crisis" demonstration, will instead find that they have become infected with Emotet, categorized as one of the costliest and destructive botnets ever seen by the U.S. Department of Homeland Security (DHS).
The FBI has issued a warning to the private industry on the LockerGoga and MegaCortex ransomware infections. With the recent wave of successful infections reported in the news, these strains of malware will continue to be a significant threat to organizations in 2020.
Microsoft announced in December that the technology giant had obtained a court order allowing it to seize web domains used by a North Korean hacking group to attack human rights activists, researchers and others. The company originally notified 10,000 Microsoft customers in July that they were being targeted by the North Korean hacking group, Thallium. Microsoft stated this was the fourth nation-state group it has acted against, including operations from China, Russia and Iran. While certain North Korean state-sponsored activity appeared to be financially motivated, this latest announcement points toward espionage as well.
New Orleans is the latest high-profile municipality to suffer a ransomware attack, leading to the shutdown of the city’s servers and computers. Operators of the Ryuk ransomware strain were identified as the likely perpetrators.
How safe is your organization? Take the Cyber Risk Scorecard survey to assess your current cybersecurity standing and find additional steps your organization can take to protect against common cyber threats.
Jake has been in the insurance industry since 2004. He started his career in consulting at a global financial services corporation before beginning his brokerage career where he has managed management liability programs at global insurance brokerages for a diverse set of organizations ranging from start-ups to Fortune 500 companies.
Jake has been in the insurance industry since 2004. He started his career in consulting at a global financial services corporation before beginning his brokerage career where he has managed management liability programs at global insurance brokerages for a diverse set of organizations ranging from start-ups to Fortune 500 companies. Jake has served on several non-profit boards throughout his career and is a frequent speaker on D&O and cyber liability risks. Jake joined Associated Benefits and Risk Consulting (ABRC) in 2014 and his primary responsibilities include leading the firm’s management liability group and serving as global team lead.
Wire transfer requests top the list of business email compromise (BEC) objectives, according to a study by Barracuda Networks. Additional objectives laid out by the report include duping users into clicking on malicious links, establishing rapport and stealing information, with the end goal of extorting millions of dollars from unsuspecting companies.
This month's Threat Intelligence Report is about a large hotel chain that reports an “unauthorized access” to its customer database since 2014, exposing data of 500 million guests; a vulnerability in a postal service site that left 60 million customers exposed for more than a year; a third-party vendor breach that exposes data of millions of healthcare patients; a new report that profiles notorious MageCart cyber criminals; court documents that reveal first-ever indictment on ransomware charges; and a bundled pack that makes SamSam and other ransomware easier for hackers to obtain and deploy.
Send a Message
Find a Location