Friday Five: 12/13 Edition
Ransomware hits 100+ dentists' offices, the U.K. warns charities about a new internet fraud campaign, and more - catch up on all the week's news with the Friday Five.
1. Ransomware at Colorado IT Provider Affects 100+ Dental Offices by Brian Krebs
The ransomware strain we saw in the news last week, “Sodinokibi” or “rEvil”, has struck again – this time targeting a Colorado company that specializes in providing IT services to dental offices. The company, Complete Technology Solutions (CTS) provides its customers a range of services – including network security, data backup and voice-over-IP phone service. The ransomware attack began on November 25 and eventually made its way onto the computers of over 100 dentists' offices. CTS apparently declined to pay the initial $700,000 ransom demand but some of the offices that are still affected are beginning to take the issue into their own hands. While some firms had usable backups of their data offsite, others have been sidelined by the attack and have been working with outside experts to negotiate and pay the ransom for their individual practices. As we mentioned last week, this ransomware strain had also hit 400+ dental offices in the summer. Security experts have noted that the security practices of the dental industry in general are fairly atrocious and many offices are not willing to pay the necessary amount to fend off sophisticated attackers.
2. Data Leak Exposes 750K Birth Certificate Applications by Phil Muncaster
Fidus Information Security, a U.K.-based security firm, discovered an unsecured Amazon Web Services bucket that has left over 750,000 applications for US birth certificates exposed. The information belongs to a yet-to-be named company that provides a service to US citizens that allows them to request copies of birth and death certificates from state governments. The highly sensitive information, including names, birth dates, home addresses, email addresses, phone numbers, and names of family members, was held in the AWS bucket without password protection. The exposed data could be used by hackers to commit identity fraud or create targeted phishing emails to gain even more personal information. As Information Security Magazine points out, security experts, such as Tim Mackey from Synopsys, believe the company is likely being operated using a high degree of automation, and the data store was not properly secured before going live. Hackers are constantly scanning for exposed cloud data stores that they can steal or hold for ransom.
3. Pensacola Hit with Cyber Attack Hours After Shooting at Naval Base by Teri Robinson
It has been a very hard week for this particular Florida city – less than 24 hours after three members of the U.S. military were shot and killed by a Saudi Airman at the Pensacola Naval Air Station, a cyberattack hit the city’s network. One of the city’s spokeswomen confirmed that much of the city’s network has been disconnected as a precautionary measure until the issue can be resolved, and they have also reported the attack to the federal government. Although city officials have not yet disclosed this incident as a ransomware attack, it would be consistent with many other US cities, especially in Florida, that have outdated cybersecurity technology and have been victimized by hackers seeking payment. Pensacola is currently trying to figure out who is targeting the city’s network and how to put the system back together. No link between the naval base shooting and the cyberattack has been established, but federal investigations are most likely underway.
4. U.K. Government Issues Cybersecurity Warning to Charities by Sarah Coble
The British government recently issued an alert to all charity organizations across the country warning of internet fraud. There's been a sharp increase in reported cases of mandate fraud from many charities. These cyber scammers are impersonating employees, mostly using spoofed email addresses that closely mimic the real email addresses of staff members, to get a hold of sensitive information. The emails come in the form of a request, usually to the HR or finance department, asking to change employee bank details. When changes like these are requested, charities in the U.K. are now advised to request confirmation from an alternate email or phone number before opening any attachments or links. The Charity Commission is also urging organizations to think twice about how they handle sensitive information.
5. Snatch Ransomware Encrypts Files in Safe Mode to Thwart Security Software by Bradley Barth
A cybercriminal organization, known as Snatch Group, has developed a malware that is operating through a loophole in the endpoint protection programs on Windows’ machines. The malware, which has been dubbed Snatch, basically forces the infected computer into Safe Mode and encrypts it, because most software and security programs do not operate in that environment. Although this hacker group has been active since summer 2018, they have only recently initiated this Safe Mode tactic. Snatch has been classified as primarily a ransomware program and its main targets include organizations located in the U.S., Canada and Europe. It is able to affect Windows 7 through 10, and both the 32- and 64-bit versions. Victims of the ransomware have been hit with demands that have varied anywhere from $2,000 to $35,000.