Ransomware Operations Double Down on Data Leak Sites

Mathew J. Schwartz • December 3, 2021

Many ransomware-wielding attackers continue to rely on initial access brokers to easily gain deep access to victims' systems, allowing them to steal data and attempt to pressure victims into paying via data leak sites. Researchers say that the number of victims being listed on such sites has surged.

Breach Notification

The Ransomware Files, Episode 2: Bridging Backup Gaps

Latest

Incident & Breach Response

Researcher: Healthcare Staffing Database Exposed Worker PII

Marianne Kolbasuk McGee • December 3, 2021

A security researcher says a misconfigured, non-password-protected database of a healthcare staffing company potentially exposed the personal information in about 170,000 medical worker records. The staffing firm, however, disputes the details of what was allegedly contained in the database.

3rd Party Risk Management

TSA Issues New Cybersecurity Requirements for Rail Sector

Dan Gunderman • December 3, 2021

The U.S. Transportation Security Administration has issued new security directives for higher-risk freight railroads, passenger rail, and rail transit that it says will strengthen cybersecurity across the transportation sector in response to growing threats to critical infrastructure.

Business Continuity Management / Disaster Recovery

BIO-ISAC: Beware of Tardigrade Attacks on Biomanufacturers

Marianne Kolbasuk McGee • December 3, 2021

The Bioeconomy Information Sharing and Analysis Center is warning biotechnology organizations, including vaccine makers and other biomanufacturers, of escalating threats involving Tardigrade malware, which experts say is used to launch ransomware and other potentially serious attacks.

Cybercrime

Arrest Points to Ubiquiti Breach Being an Inside Job

Prajeet Nair • December 3, 2021

A former employee of a New York-based technology company, likely to be IoT technology company Ubiquiti, has been arrested for stealing confidential data and extorting his employer for nearly $2 million. If convicted, the suspect faces up to 37 years in prison.

Account Takeover Fraud

Deepfakes, Voice Impersonators Used in Vishing-as-a-Service

Soumik Ghosh • December 3, 2021

Advanced voice impersonation and deepfake technologies are giving rise to cybercrime groups that offer Vishing-as-a-Service, security researchers say. Vishing is proving to be successful in tricking victims and bypassing voice authorization mechanisms.

Account Takeover Fraud

ISMG Editors: Are We Close to Cracking Cybercrime Ecosystem?

Anna Delaney • December 3, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including how the FBI has seized bitcoins from an alleged REvil ransomware affiliate, how to mitigate risks from BIN attacks and the latest COVID-19 trends globally.

Application Security

Report: APTs Adopting New Phishing Methods to Drop Payload

Prajeet Nair • December 3, 2021

Multiple APT groups from Russia, China and India are adopting a new phishing attack technique using RTF template injection, which makes attacks harder to detect. The template is compatible with Microsoft Office, which makes it easier for an attacker to open or edit these documents.

Business Continuity Management / Disaster Recovery

Need to Negotiate a Ransomware Payoff? Newbies: Start Here

Anna Delaney • December 3, 2021

The latest edition of the ISMG Security Report features an analysis of best practices for negotiating a ransom payment. Also featured: Busting Zero Trust myths and the dangers of mythologizing defenders.

Cybercrime

Report: Aberebot-2.0 Hits Banking Apps and Crypto Wallets

Soumik Ghosh • December 1, 2021

A new variant of the Aberebot banking Trojan has been discovered by Cyble's researchers. Christened Aberebot-2.0, the latest malware version not only uses more advanced spying capabilities, it also has increased its target list to 213 banking apps and nine crypto wallets in 22 countries.

Application Security

Hackers Abuse Remote Access Tools to Steal Crypto Data

Prajeet Nair • December 1, 2021

Unidentified threat actors are using fake cryptocurrency-related websites to distribute the SpyAgent malware, which abuses legitimate remote access tools. They have targeted a legitimate Russian remote access tool called Safib Assistant, Trend Micro researchers note.

Business Continuity Management / Disaster Recovery

FBI Seizes Bitcoins From Alleged REvil Ransomware Affiliate

Mathew J. Schwartz • December 1, 2021

The FBI has seized 39.9 bitcoins worth $2.3 million from an alleged affiliate of the notorious REvil - aka Sodinokibi - ransomware group. A forfeiture notice filed by the government accuses Russian national Aleksandr Sikerin of having amassed the cryptocurrency via victims' ransom payments.

Electronic Healthcare Records

HHS Slaps 5 More Entities in HIPAA 'Right of Access' Disputes

Marianne Kolbasuk McGee • December 1, 2021

The Department of Health and Human Services has revealed its taken enforcement actions against five more healthcare providers in cases involving alleged failure to comply with the HIPAA Privacy Rule right of access provision. One includes a rare civil monetary penalty, which was levied against a physician.