Rudraduttsinh

Ransomware surge imperils hospitals as pandemic intensifies

November 2, 2020 by Rudraduttsinh Leave a Comment

Hackers are stepping up attacks on health care systems with ransomware in the United States and other countries, creating new risks for medical care as the global coronavirus pandemic accelerates. Alerts from US authorities and security researchers highlight a wave of cyberattacks on hospitals coping with rising virus infections. An unusual warning this week from the FBI with the Departments of Homeland Security and Health and Human Services, underscored the threat. The three agencies “have credible information of an increased and imminent cybercrime threat to US hospitals and health care providers,” said the alert issued Wednesday, calling on health systems to “take timely and reasonable precautions to protect their networks from these threats.”

Ransomware is a longstanding security issue and health care has been a frequent target. A September attack disrupted Universal Health Services, which operates hospitals in the US and Britain. But security experts say the attacks are accelerating as the pandemic worsens. Researchers at the security firm Check Point said its survey showed health care has been the most targeted industry by ransomware, with a 71 percent jump in attacks on US providers in October from a month earlier. Check Point said there have been significant rises in ransomware attacks on hospitals in Asia, Europe and the Middle East as well. Globally, the firm said ransomware attacks were up 50 percent in the third quarter compared with the first half of this year . Many of the attacks use a strain of ransomware known as Ryuk, which security researchers say may be tied to North Korean or Russian cybercriminals. The US government warning said health organizations are being targeted by phishing attacks to get access to the systems, with hackers using sophisticated tools including TrickBot software which can harvest credentials and exfiltrate data. The Canadian government’s Cyber Centre issued a similar warning in early October, warning of Ryuk ransomware “affecting multiple entities, including municipal governments and public health and safety organizations in Canada and abroad. “The ransomware problem is steadily worsening and a solution desperately needs to be found,” said Brett Callow of the security firm Emsisoft”.

In the news article

September 28, 2020 by Rudraduttsinh Leave a Comment

Twitter bug may have exposed API keys, access tokens

A bug could have exposed their API keys and access tokens in their browser’s cache. Luckily, the problem was fixed before any leaks. According to the twitter, if the person using a public computer to view developer app keys and token on developer.twitter.com, they may have been store temporarily in the browser’s cache on the computer. That information has the potential of being misused by accessing the keys and tokens. With more and more organizations and businesses relying on the API, this makes API a lucrative target for hackers. Leaked keys and token can make their way to the dark and possess a threat of being used in the automated attacks against API endpoints. Twitter notified that they changed their caching instructions that the site sends developer’s browsers. Twitter also stopped storing information about the apps or accounts and fixed the leak.

In the News Article

September 21, 2020 by Rudraduttsinh Leave a Comment

A Vulnerability identified in Firefox for android could have been exploited to remotely open arbitrary websites on a targeted user’s phone without the need to click on links, install malicious applications, or conduct man-in-middle (MitM) attacks.

The flaw was discovered by researcher Chris Moberly in version 68 of the Firefox for android. According to Moberly, the vulnerability is related to Firefox periodically sending out SSDP discovery messages in search of a second-screen device that I can cast to. These messages can be seen by any device that is connected to the same LAN. AN attacker connected to the same WI-FI as a targeted user can deploy a malicious SSDP serves that is set up to respond with specially crafted messages that cause Firefox to open an arbitrary website. Further, Moberly mentions” had it been in the wild, it could have targeted known-vulnerable intents in other applications. Or it could have been used in similar to phishing attacks where a malicious site is forced onto the target without their knowledge in the hopes, they would enter some sensitive info or agree to install a malicious application (Kovacs, 2020). Moberly has released technical details and proof-of-concept (PoC) exploits. ESET researcher Lukas Stefano has confirmed that the exploit works and has posted a video showing how an attacker can open an arbitrary website on three phones at the same time.

References

Kovacs. Eduard. (September 21,2020). Firefox Flaw Allowed Hackers to Remotely Open Malicious Sites on Android Phones. Securityweek. Retrieved from https://www.securityweek.com/firefox-flaw-allowed-hackers-remotely-open-malicious-sites-android-phones

Canadian Revenue Agency security breach

August 29, 2020 by Rudraduttsinh Leave a Comment

The Canadian Revenue Agency (CRA) was forced to suspend its services after a series of cyberattacks that compromised the username and password of thousands of accounts. The federal government described the three separate attacks as the “credential stuffing,” which uses password and username from another website to access the CRA (D’Amore, 2020). This attack brings a unique set of challenges because they were not going through the back doors, instead applied credentials like regular users. According to Marc Brouillard, the federal government’s acting chief information officer. Detection of intrusion traffic from normal is challenging (D’Amore, 2020).

References

D’Amore, Rachael. (2020, August 17). What to know (and do) about the CRA breach and shutdown. Globalnews.ca. https://globalnews.ca/news/7281074/cra-hack-online-services/