Ransomware, healthcare and incident response: Lessons from the Allscripts attack

On January 18, 2018, at around 2:00 a.m. EST, the security operations center (SOC) at electronic health record (EHR) and practice management software provider Allscripts detected abnormal activity. Four hours later, the SOC started their investigation and discovered a full-blown ransomware incident due to SamSam, a family of ransomware that is known to target healthcare […]

Cyber-Security Attacks Already Happening in Business Aviation

While the commercial aviation industry is struggling to even acknowledge threats to cybersecurity, the business aviation industry has already experienced attacks, according to Josh Wheeler, Satcom Direct director, entry into service. “The attacks are happening while the aircraft is airborne,” Wheeler explained. “The attacks, just like the ones that corporations like Walmart have experienced, are most likely coming […]

Cybersecurity Will Become A War Between Machines

Cybersecurity will become a war between machines. Artificial intelligence changes the rules of computer science and automates tasks that were previously manual for both attackers and their victims. In particular, artificial intelligence is a real global security challenge. It reduces the costs of existing attacks, allows attacks previously unknown and makes it more difficult to […]

Thousands of compromised websites spreading malware via fake updates

Malicious hackers have been exploiting thousands of legitimate websites since at least December 2017 in a sophisticated campaign that has disguised malware as fake software updates. Security researchers at MalwareBytes report that they have uncovered evidence of thousands of compromised websites running popular content management systems (CMS) such as SquareSpace, WordPress and Joomla. Having injected malicious code […]

New Email Campaign Employs Malicious URLs

When it comes to malware, email still reigns supreme as the delivery mechanism of choice. The reasoning is simple: It’s cheap, it’s easily spoofed, and recipients are accustomed to getting messages from various sources. That means when a new attack is found, there’s a good possibility that it will spread successfully. Researchers at Barracuda Networks […]

HTTP Injector Steals Mobile Internet Access

A new attack in the wild leans not on email nor ransom, but on YouTube, Telegram, and HTTP headers intended to confuse an ISP. Researchers at Flashpoint found that hackers have developed HTTP injectors that gain them free Internet access on mobile phone networks — and that they’re trading these injectors like cents-off coupons at […]

RTF Design, Office Flaw Exploited in Multi-Stage Document Attack

A newly discovered multi-stage document attack exploits design behaviors in .docx and RTF, along with CVE-2017-8570, to drop a malicious payload called Formbook on target endpoints. Attackers bypass traditional security tools with embedded URLs instead of active code. Researchers at Menlo Security Labs who isolated the second-stage document say the behaviors enabling this attack are […]

Cisco security: Russia, Iran switches hit by attackers who leave US flag on screens

Hackers on Friday attacked vulnerable Cisco switches at data centers in Russia and Iran, leaving an image of the US flag and the message: “Don’t mess with our elections”. Cisco last month released a patch for a critical vulnerability affecting Smart Install software. However, the Friday attacks exploited a Smart Install “protocol misuse” issue that […]

Four Gas Pipeline Firms Hit in Attack on Their EDI Service Provider

Several cybersecurity experts this week cautioned against underestimating the seriousness of a cyberattack on an EDI service provider that disrupted data communication services at four major US interstate gas pipeline companies in the last few days. The attack does not appear to have interrupted gas pipeline operations or cause any damage to operational systems at any […]

Mirai Variant Botnet Takes Aim at Financials

Insikt Group, the threat research group within Recorded Future, has found that a Mirai botnet variant was used to attack a company, or companies, in the financial sector in January. And it might not have been alone; they found that it was possibly linked to the IoTroop or Reaper botnet. Three financial companies were hit by DDoS attacks on Jan. 28: […]