1. U.S Coast Guard Says Ryuk Ransomware Took Down Maritime Facility by Sergiu Gatlan

In a marine safety alert recently published by The United States Coast Guard, it was revealed that an incident involving Ryuk Ransomware was under investigation. It is assumed that a malicious link contained in a phishing email was likely the point of entry. The ransomware contained in the link allowed the threat actor to encrypt critical files and prevent the facility’s access to them. Although the safety alert did not specify the type of facility or release its name, it can be inferred that it was a port as the USCG said the virus infected the industrial control systems that monitor and control cargo transfer; it also encrypted files necessary to process operations. The attack forced the company to shutdown all operations for 30 hours at the affected facility while an incident response plan for cyber security was followed through. The USCG continues to remind stakeholders of the importance of checking the validity of email senders before clicking a link or replying.

Read more

2. Ransomware Shuts Down The Heritage Company by Doug Olenick

Yet another case of ransomware forcing the shutdown of operations, this time involving the telemarketing firm The Heritage Company. The CEO of the company, Sanra Franecke, notified her 300 employees about the suspension of activities in a company-wide letter. Employees would be notified on January 2nd about the status of the shutdown and whether or not they could return to work. Apparently, the ransomware attack occurred two months ago and Franecke chose to pay the attackers, but her IT staff have been unable to bring the systems back online with the decryption key they were given. Law enforcement and cybersecurity pros warn against giving in to attackers’ demands for this exact reason. In some cases, the hackers release the encrypted files, but others don’t actually have the correct decryption key or have permanently encrypted or deleted files. Franecke has stated that they are working hard to bring systems back and to restructure certain areas in the company to recoup losses and better protect themselves from any future attacks. She hopes that this incident is just a temporary setback, as it has already cost the company hundreds of thousands of dollars.

Read more

3. Cybercrime’s Most Lucrative Careers by Joan Goodchild

As more criminals are shifting toward cybercrime, it comes as no surprise that the dark web is becoming a very lucrative, bustling market. Dr. Michael McGuire, a professor at the University of Surrey, released a study earlier this year called, “Into the Web of Profit” in which he interviewed 50 convicted or active cybercriminals and spoke with dozens of experts from law enforcement, financial institutions, and IT security companies. Anything and everything can be sold on the Dark Web, and McGuire found the most popular categories of goods to be credit card information, login credentials to financial accounts, stolen subscription credentials, and usernames and passwords of all kinds. McGuire determined that total cybercrime revenues are around $1.5 trillion, and the most successful cybercriminals are making as much as $2 million a year. The “Web of Profit” report also reveals the top five most lucrative markets in cybercrime – starting with illegal online markets making a net profit of $860 billion to ransomware making a net profit of $1 billion. Cybercriminality is becoming increasingly popular and will continue to grow as hacking groups are always looking for new recruits with superior technical skills.

Read more

4. Special Olympics New York Hacked to Send Phishing Emails by Sergiu Gatlan

Over the Christmas holiday, an email server belonging to the nonprofit organization Special Olympics of New York was hacked, and the contact information of previous donors was stolen. The nonprofit focuses on competitive athletes with intellectual disabilities – providing sports training to over 67,000 children and adults. The information on the email server has already been used by threat actors to launch a phishing campaign targeted at previous donors, with the goal of stealing their credit card details. The campaign was orchestrated through malicious emails camouflaged as alerts of an impending donation transaction that would be debited from targets’ accounts. The attackers utilized a sense of urgency to further compel targets to click the link. If donors clicked on the link in order to verify their information, it would redirect them to the attackers’ landing page. Special Olympics of NY sent a message to warn all those affected about the security incident and urged them to disregard the last received message. Fortunately, the hack only affected the “communications system” that stores contact information, so no financial data was exposed.

Read more

5. Email Breach at Chicago’s Sinai Health System Puts Data of 12,500 at Risk by Joseph Goedert

Back in October, an unknown third party gained unauthorized access to two Sinai Health employees’ email accounts, but data forensic specialists found no evidence that any patient information was removed the system. The two email accounts that were accessed did include patients’ names, addresses, dates of birth, Social Security numbers, and health insurance information. The organization is currently not aware of any misuse of patient information, but a letter recapping the data security incident assures patients that the security of their sensitive information is a high priority. Sinai Health has not mentioned whether the system will be offering protective services, such as credit monitoring or identity theft protection, to affected patients. Steps are being taken by Sinai Health System to prevent future security incidents, including revising information security policies and increasing security of email systems and information networks. The organization is also working on training employees on cybersecurity and email filtering protocols.

Read more