Friday Five: 4/3
Ryuk ransomware continues to target hospitals, the personal information of five million hotel guests gets breached, and Italy's social security website gets hacked - catch up on the week's news with the Friday Five.
1. Best Buy Gift Cards, USB Drive Used to Spread Infostealer by Doug Olenick
2. Personal Details for the Entire Country of Georgia Published Online by Catalin Cimpanu
Over the weekend, personal information such as full names, home addresses, dates of birth, ID numbers, and mobile phone numbers of more than 4.9 million Georgians was published on a hacking forum. Under the Breach, a data breach monitoring and prevention service, spotted the 1.04 GB MDB (Microsoft Access database) file on the site and found that it contained almost five million records, including those of deceased citizens, as Georgia’s current population is estimated at 3.7 million. It is unclear exactly where this data came from, and if the forum user who shared the data was the one who obtained it. It was initially reported that the leak came from Georgia’s Central Electric Commission (CEC) but in a statement to ZDNet, one of the individuals sharing the data on the hacking forum clarified it was not from CEC, but declined to say where it was from. Georgian authorities and cybersecurity professionals are now investigating this breach.
3. Ryuk Ransomware Targets More Hospitals During Coronavirus Pandemic by Duncan Riley
Amid the global COVID-19 crisis, some cybercriminal groups, such as Maze Ransomware, are publicly promising to refrain from attacking essential healthcare organizations. Ryuk ransomware, on the other hand, is continuing to target hospitals and other medical providers, and it is said that the group targeted 10 health organizations over the past month. Those 10 targets included two independent hospitals and another healthcare provider that has a network of nine hospitals throughout the United States. According to an infosecurity analyst, a U.S. healthcare provider had just been targeted by Ryuk ransomware last week. Unfortunately, Ryuk is not the only group to take advantage of this uncertain time, as a health service district in Illinois and a hospital in the Czech Republic were hit with different types of ransomware earlier this month. Colin Bastable, chief executive officer of security awareness training firm Lucy Security AG, said it best when he told SiliconANGLE, “Healthcare is the richest target for hackers, who are never going to let the proverbial crisis go to waste.”
4. Marriott Reports Data Breach Affecting Up to 5.2 Million Guests by Sergiu Gatlan
Marriott International suffered a data breach, detected at the end of February, that revealed the personal information of over five million hotel guests. The company believes the activity started in mid-January of this year, and that the guest information may have been accessed using the login credentials of two employees. Marriott has stated that there is no “reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.” Immediately after discovering the breach, the company disabled the login credentials, began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests. Guests can determine whether their info was involved in the data breach and what categories of personal data was involved through Marriott’s self-service online portal. Possible categories of guest information involved in the breach includes contact details, loyalty account information, additional personal details, partnerships and affiliations, and room preferences. The company is offering a free, one-year personal information monitoring service to all affected individuals.
5. Italy’s Social Security Website Hit by Hacker Attack by Angelo Amante, Crispian Balmer and Philippa Fletcher
Italy’s social security website, which houses the application Italians can use to apply for coronavirus benefits, was forced to shut down on Wednesday following a cyberattack. Pasquale Tridico, the head of the welfare agency, said the service had received over 300,000 applications for the 600 Euro (EUR) in benefits when the hackers compromised access to the site. Italy, like many other countries, is in the middle of a nationwide lockdown to contain the coronavirus outbreak, and the restrictions have brought much of the Italian business world to a halt. Self-employed or seasonal workers are able to apply to the entity - Istituto Nazionale della Previdenza (INPS) - for a special payout, but users who tried to log into the agencies site reported severe disruptions and were unable to place their request. The personal data of other people was even displayed on some users’ screens as they tried to complete their application. The Italian Democratic Party has tasked the national security services with finding those responsible for the hacks and fixing the issue.