Friday Five: 8/3 Edition
Catch up on the week’s infosec news, including ransomware trends, a big healthcare breach, and millions in cryptocurrency stolen, with this roundup!
1. Massive Singapore Healthcare Breach Possibly Involved Contractor by Eduard Kovacs
Singapore recently experienced its largest data breach ever. Officials have said they believe a state-sponsored threat group is responsible for hacking into SingHealth, Singapore’s biggest group of healthcare institutions. The attackers used a malware infected device to gain access to personal data and details on medicine. The states reported that no medical records or financial information were affected in the breach. A file that was recovered suggested a contractor from a major IT firm had access to a user account which was hijacked. The attackers uploaded some of the files they stole to a platform that allows the posting of plain text called Pastebin.
2. Please Forgive Me, I Can’t Stop Robbing You: SamSam Ransomware Earns Handlers $5.9m by John Leyden
For the last two years, SamSam ransomware has made a tremendous amount of money for attackers by hacking some very large organizations. The most famous attack was done on the city of Atlanta, while infections at big healthcare companies like Hancock Hospital have made headlines as well. Many of the victims to SamSam have been in similar situations where they could not recover quickly enough and therefore simply paid the ransom. It has been estimated that the person behind the attacks made an estimated $300,000 per month in 2018 by taking payments in Bitcoin. What makes SamSam different and very dangerous is that it is not a download-based malware. The ransomware is sophisticated and can be manipulated by the attacker even when it is in the system. The person behind the attacks manually gets access, deploys the software, and deletes all traces of it following a compromise.
3. BitPaymer Ransomware Infection Forces Alaskan Town to Use Typewriters for a Week by Catalin Cimpanu
Matanuska-Susitna, a borough outside of Anchorage, fell victim to a ransomware attack that left its residents without computers for a week. The attack hit government networks in the area forcing IT staff to power down machines following the incident. For the entire week, while the IT department was working to solve the issue, the staff was forced to use typewriters to get their work done. Over 650 PCs and servers are now being reinstalled and rebuilt, according to government officials in the area. The culprit, BitPaymer ransomware, had allegedly been sitting on some of the devices since early May. After the IT department noticed and started to try to rid their system of it, the ransomware spread across all devices and took them all out of commission. The officials did not report on whether or not the borough paid the ransom. The news is emblematic of how sophisticated ransomware attacks have become.
Data-centric Security for Healthcare Compliance
4. Hackers Find Creative Way to Steal $7.7 Million Without Being Detected by Dan Goodin
KICKICO, a cryptocurrency platform, was hacked for over $7.7M in KickCoin. The technique used by the attackers completely bypassed the security measures of the platform. Attackers were able to go undetected for a while by taking coins from existing users wallets, destroying them, and creating new coins in different wallets. Since the amount of coins never increased - and fake ones were being created, the attack took a while to find. People who owned KICKICO wallets noticed money being taken from their accounts and notified the company. Once the problem was brought to their attention they were able to stop and prevent it from happening.
5. Trump Election Security Meeting Results in No New Measures by By Doug Olenick
With midterm elections coming up in the next 100 days, President Trump had a meeting with top advisors to reiterate the fact that the administration will not tolerate any foreign meddling. While it was made clear that the White House feels strongly about election interference, no new policies or procedures were put in place to truly ensure this does not happen. Many experts have speculated that this is not enough given the climate around the presidential election two years ago. In July Microsoft's Vice President for Customer Security Tom Burt, said the company observed phishing attacks targeting certain politicians' campaign staffers, suggesting there's still some work to be done here.