Hackers ‘scramble’ patient files in Melbourne.

Federal agencies investigating breach, reported to be a ransom demand. Hackers have “scrambled” patient files at a Melbourne heart specialist clinic in what was reportedly a ransom attempt. The Australian Cyber Security Centre has confirmed it’s providing advice and assistance to the Melbourne Heart Group, which leases practice space from the Cabrini hospital in Malvern. “As the matter is ongoing, it is not appropriate to comment further,” a spokesman from the centre said. The Australian federal police is also involved in a joint investigation.

Report: Concerted Global Cyber Attack Could Disrupt Global Economy

According to a hypothetical cyber risk scenario prepared by the Cyber Risk Management (CyRiM) project for risk management purposes, a ransomware strain that can disrupt more than 600,000 businesses worldwide within 24 hours would potentially lead to damages in the amount of billions of dollars.Cyber Risk Management (CyRiM) project is a collaborative partnership including Lloyd’s of London, the Cambridge Centre for Risk studies, the Nanyang Technological University in Singapore and others. The report ‘Bashe Attack: Global infection by contagious malware’ uses a theoretical catastrophic ransomware attack to model the broader impact of such an incident and “explores how a ransomware attack might take place and what the impacts would be on governments, businesses, and the insurance sector.” The “hypothetical scenario [is] developed as a stress test for risk management purposes.”While fictional, the ‘Bashe’ ransomware campaign uses data and tactics from past global cyber attacks, including WannaCry and NotPetya, as a basis for how hackers could spread malware around the world. The main finding of the report is that a worldwide cyber attack could cost global economic losses of almost $200 billion as organizations across sectors are still unprepared to face the consequences of a malicious global cyber campaign.The ScenarioIn the scenario, ‘Bashe’ is delivered to targets via phishing emails that appear to come from the target’s payroll departments. These emails attempt to trick recipients into opening a PDF attachment that triggers the ransomware.In this scenario, the malware is so potent that once one employee runs the ransomware on their computer, it’s enough to spread the file-locking malware around the network, with a demand of $700 in cryptocurrency for each machine. Around 30 million devices at organizations around the globe are locked in just 24 hours. The report sets out how the cybercriminal group behind Bashe has learned from the mistakes of previous ransomware campaigns, including the use of a kill switch, in order make the campaign “the most infectious malware of all time” when it comes to the number of targets infected.Major FindingsConsequences of the attack are catastrophic, with organizations of all sizes in all sectors unable to perform day-to-day operations. The report shows a ransomware attack on this scale would cause substantial economic damage to a wide range of business sectors through reduced productivity and consumption, IT clean-up costs, ransom payments and supply chain disruption. As a result, some organizations opt to pay ransoms. Among them are healthcare companies, which need to keep life-saving equipment online.No matter how companies choose to deal with the attack, the Lloyd’s report predicts that such an event would cost a total of $193 billion around the world as a result of cyber incident response, damage control and mitigation, business interruption, lost revenue and reduced productivity. To put that figure into perspective, it’s estimated that WannaCry caused a total of $4 billion in damages.The scenario estimates that:Retail and healthcare would be the most affected ($25 billion each), followed by manufacturing ($24 billion).Regionally, the US would be the hardest hit with $89 billion at risk. Europe could lose $76 billion, with Asia losing $19 billion. The rest of the world could lose $9 billion.Despite the high costs to business, the report shows the global economy is under-prepared for such an attack, with 86% of the total economic costs uninsured, leaving an insurance gap of $166 billion.Commenting on the report, Dr Trevor Maynard, Head of Innovation at Lloyd’s, said the following:This report shows the increasing risk to businesses from cyber attacks as the global economy becomes more interconnected and reliant on technology. Companies must ensure they are better prepared for ransomware attacks, and that includes working with insurers to reduce the risks before they are attacked and ensure they have the right insurance cover in place to respond after the event. The reality for business is it’s not if you get attacked but when.Discussion and CritiqueAlthough some argue that such a catastrophic attack might seem unlikely and practically impossible, the aim of the report is to show that the global economy is still under-prepared for a massive cyber event and that companies need to act to make sure their systems can withstand such a scenario.Despite the fact that the report “identifies opportunities for insurers to expand their business in insurance classes associated with ransomware attacks,” recent events show that, in some circumstances, insurers have refused to cover the losses generated by ransomware attacks. In the case of Mondelez, for example, according to Bloomberg, the company “claimed $100 million on its insurance policy because it believed the permanent damage to 1,700 of its servers and 24,000 laptops, inflicted by NotPetya. [..] In June 2018, Zurich countered that NotPetya fell under an exclusion in the policy covering ‘hostile or warlike action in time of peace or war,’ which meant the insurer didn’t have to make good on the claim.”Furthermore, seeing that this study was co-produced by insurance and reinsurance organizations and sellers, it is important to note that there is a benefit to be gained from a theoretical report like this that would make businesses want to buy specialized cyber insurance.Data Breaches and Cyber Attacks as Global RisksThe CyRIM report comes shortly after the World Economic Forum Global Risks Report listed large-scale cyber attacks and data breaches as some of the biggest risks facing the world today. Cyber attacks and data breaches featured heavily in the 2018 report, ranking as the third and fourth most likely types of global risks, only finishing behind extreme weather events and natural disasters. This year, massive data breaches and large-scale cyber attacks are ranked as the fourth and fifth most likely global risks, with failure of climate-change mitigation and adaptation ranked second behind extreme weather. Natural disasters again ranked above cyber attacks and data breaches.That doesn’t mean the risk of cyber attacks is decreasing. Quite the contrary. The vast majority of respondents expect cyber attacks to be a major problem during 2019. Eighty-two percent of those surveyed believe there’s an increased risk of cyber attacks leading to the theft of money and data, and 80 percent believe there’s an increased risk of cyber attacks leading to the disruption of operations.Whether this scale of attacks is hypothetical or fictional, the lesson to be learned by all organizations is simple: when it comes to cyber attacks, be prepared for the worst case scenario. With what has happened over the last 10 years, has this changed your behavior? Do you have plans to enhance your visibility, deploy protective controls and continuously monitor your environment? It’s only a matter of time until the next unintentional piece of malware seeks to disrupt your day-to-day business, damage your reputation and cost you millions of dollars.Fortunately, Tripwire’s solutions can help with visibility, protective controls and continuous monitoring all through data collection techniques that are non-intrusive to organizational processes.

Severe Vulnerabilities Uncovered In Popular Password Managers

chiefcrash shares a report from ZDNet: Independent Security Evaluators (ISE) published an assessment on Tuesday with the results of testing with several popular password managers, including LastPass and KeePass. The team said that each password management solution “failed to provide the security to safeguard a user’s passwords as advertised” and “fundamental flaws” were found that “exposed the data they are designed to protect.”

The vulnerabilities were found in software operating on Windows 10 systems. In one example, the master password which users need to use to access their cache of credentials was stored in PC RAM in a plaintext, readable format. ISE was able to extract these passwords and other login credentials from memory while the password manager in question was locked. It may be possible that malicious programs downloaded to the same machine by threat actors could do the same.

Threats to users of adult websites in 2018

Introduction

2018 was a year that saw campaigns to decrease online pornographic content and traffic. For example, one of the most adult-content friendly platforms – Tumblr – announced it was banning erotic content (even though almost a quarter of its users consume adult content). In addition, the UK received the title of ‘The Second Most Porn-Hungry Country in the World‘ and is now implementing a law on age-verification for pornography lovers that will prohibit anyone below the age of 18 to watch this sort of content. This is potentially opening a world of new tricks for scammers and threat actors to take advantage of users. In addition, even commercial giant Starbucks declared a ‘holy war’ on porn as it was revealed that many visitors prefer to have their coffee while consuming adult content, rather than listening to music or reading the latest headlines on news websites.

The Rise of Ransomware and the Consequences for SMBs

Ransomware has been making a lot of splashy headlines over recent years with high profile attacks, such as WannaCry and NotPetya, dominating the news in large-scale breaches. While these massive breaches are certainly terrifying, the more common attacks are actually being inflicted across much smaller businesses, though on a large scale.

Simple Powershell Keyloggers are Back, (Thu, Feb 21st)

Powershell is a very nice language in Windows environments. With only a few lines of code, we can implement nice features… for the good or the bad!

While hunting, I found a bunch of malicious Powershell scripts that implement a basic (but efficient) keylogger. The base script is always the same but contains connection details modified by script kiddies. The current script is based on an old one from 2015[1]. This time, it has been modified to add the following features:

  • You can specify for how long the script will capture keystrokes
  • At the end of the defined time period, the file with the recorded keystrokes is exfiltrated via email to the attacker.

Here are the parameters at the beginning of the script:

# Editar solo esta secci??n! $TimeToRun = 2 $From = “xxxxxx@gmail.com" $Pass = “xxxxxxxx" $To = “xxxxxx@gmail.com $Subject = "Keylogger Results" $body = "Keylogger Results" $SMTPServer = "smtp.gmail.com" $SMTPPort = "587" $credentials = new-object Management.Automation.PSCredential $From, ($Pass | ConvertTo-SecureString -AsPlainText -Force) ############################

Vuln: Microsoft Windows Device Guard CVE-2019-0627 Local Security Bypass Vulnerability

Vulnerable: Microsoft Windows Server 2019 0Microsoft Windows Server 2016 0Microsoft Windows Server 1803 0Microsoft Windows Server 1709 0Microsoft Windows 10 Version 1809 for x64-based Systems 0Microsoft Windows 10 Version 1809 for ARM64-based Systems 0Microsoft Windows 10 Version 1809 for 32-bit Systems 0Microsoft Windows 10 Version 1803 for x64-based Systems 0Microsoft Windows 10 Version 1803 for ARM64-based Systems 0Microsoft Windows 10 Version 1803 for 32-bit Systems 0Microsoft Windows 10 version 1709 for x64-based Systems 0Microsoft Windows 10 Version 1709 for ARM64-based Systems 0Microsoft Windows 10 version 1709 for 32-bit Systems 0Microsoft Windows 10 version 1703 for x64-based Systems 0Microsoft Windows 10 version 1703 for 32-bit Systems 0Microsoft Windows 10 Version 1607 for x64-based Systems 0Microsoft Windows 10 Version 1607 for 32-bit Systems 0Microsoft Windows 10 for x64-based Systems 0Microsoft Windows 10 for 32-bit Systems 0Microsoft PowerShell Core 6.2Microsoft PowerShell Core 6.1

Vuln: Microsoft Windows Device Guard CVE-2019-0632 Local Security Bypass Vulnerability

Vulnerable: Microsoft Windows Server 2019 0Microsoft Windows Server 2016 0Microsoft Windows Server 1803 0Microsoft Windows Server 1709 0Microsoft Windows 10 Version 1809 for x64-based Systems 0Microsoft Windows 10 Version 1809 for ARM64-based Systems 0Microsoft Windows 10 Version 1809 for 32-bit Systems 0Microsoft Windows 10 Version 1803 for x64-based Systems 0Microsoft Windows 10 Version 1803 for ARM64-based Systems 0Microsoft Windows 10 Version 1803 for 32-bit Systems 0Microsoft Windows 10 version 1709 for x64-based Systems 0Microsoft Windows 10 Version 1709 for ARM64-based Systems 0Microsoft Windows 10 version 1709 for 32-bit Systems 0Microsoft Windows 10 version 1703 for x64-based Systems 0Microsoft Windows 10 version 1703 for 32-bit Systems 0Microsoft Windows 10 Version 1607 for x64-based Systems 0Microsoft Windows 10 Version 1607 for 32-bit Systems 0Microsoft Windows 10 for x64-based Systems 0Microsoft Windows 10 for 32-bit Systems 0Microsoft PowerShell Core 6.2Microsoft PowerShell Core 6.1

Vuln: Microsoft Windows Device Guard CVE-2019-0631 Local Security Bypass Vulnerability

Vulnerable: Microsoft Windows Server 2019 0Microsoft Windows Server 2016 0Microsoft Windows Server 1803 0Microsoft Windows Server 1709 0Microsoft Windows 10 Version 1809 for x64-based Systems 0Microsoft Windows 10 Version 1809 for ARM64-based Systems 0Microsoft Windows 10 Version 1809 for 32-bit Systems 0Microsoft Windows 10 Version 1803 for x64-based Systems 0Microsoft Windows 10 Version 1803 for ARM64-based Systems 0Microsoft Windows 10 Version 1803 for 32-bit Systems 0Microsoft Windows 10 version 1709 for x64-based Systems 0Microsoft Windows 10 Version 1709 for ARM64-based Systems 0Microsoft Windows 10 version 1709 for 32-bit Systems 0Microsoft Windows 10 version 1703 for x64-based Systems 0Microsoft Windows 10 version 1703 for 32-bit Systems 0Microsoft Windows 10 Version 1607 for x64-based Systems 0Microsoft Windows 10 Version 1607 for 32-bit Systems 0Microsoft Windows 10 for x64-based Systems 0Microsoft Windows 10 for 32-bit Systems 0

Britain and Germany Will Not Ban Huawei, Citing Lack of Spying Evidence

An anonymous Slashdot reader writes from a report via Reuters: Despite persistent U.S. allegations of Chinese state spying, Britain said it is able to manage the security risks of using Huawei telecom equipments and has not seen any evidence of malicious activity by the company, a senior official said on Wednesday. Asked later whether Washington had presented Britain with any evidence to support its allegations, he told reporters: “I would be obliged to report if there was evidence of malevolence […] by Huawei. And we’re yet to have to do that. So I hope that covers it.”

At the same time, German officials have told The Wall Street Journal that the country has made a “preliminary decision” to allow Huawei to bid on contracts for 5G networking. Catering to the surging populism, the U.S. has accused Huawei and other Chinese telecom equipments, along with European cars, as national security risks, even though the National Security Agency, American’s cyber spying agency, was found to have wiretapped German Chancellor Angela Merkel, conducted economic espionage against France, and hacked into Chinese networks. Earlier this week, beleaguered Huawei founder Ren Zhengfei described the continued investigations by the U.S. into the Chinese firm — including the arrest of his daughter and company CFO, Meng Wanzhou — as politically motivated.

ESG Cautions More Stringent And Complex Requirements For Multi-Cloud Migration To Prevent Attacks And Data Leakage

As businesses take advantage of mobile workforce and consumers, they have also been actively migrating their data centers and “webifying” applications to the cloud. To this end, security professionals have been building out an application-based access security architecture called Software Defined Perimeter (SDP). SDP leverages the Zero Trust tenet of ‘never trust, always verify’ by essentially enabling secure access directly between the user and their device to the application and resource no matter the underlying infrastructure – but in a scalable way and according to policy. In a sense, SDP enables Secure Access elasticity as users gain easy means for access protection which travels with them everywhere they go, with what devices they use, and wherever the application resides.