Les hôpitaux sous le feu des cyberattaques #veille (1er nov 2020)

In Carnet de veille
Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !

Vol / perte de données

Data breach at Finnish psychotherapy center takes a darker turn with extortion attempts – CyberScoop

The response to a data breach at a prominent Finnish psychotherapy practice intensified over the weekend after cybercriminals reportedly posted batches of patient information on the dark web and claimed that individual people could protect their data by directly paying a ransom.

Finnish psychotherapy center fires CEO for suppressing breach details | SC Media

Finnish psychotherapy center Vastaamo, which was blackmailed after experiencing a ransomware data breach, fired its CEO Ville Tapio for holding back information on the hack for close to 18 months. Based on investigations into the incident, it seems probable that the data breach that led to the theft of the customer database took place in November 2018, according to the English translation of a press release issued by Vastaamo.

Hacker is selling 34 million user records stolen from 17 companies

A threat actor is selling account databases containing an aggregate total of 34 million user records that they claim were stolen from seventeen companies during data breaches. On October 28th, a data breach broker created a new topic on a hacker forum to sell the stolen user databases for seventeen companies.

Cyberattaques / fraudes

European ransomware group strikes US hospital networks, analysts warn

An Eastern European cybercriminal group has conducted ransomware attacks at multiple U.S. hospitals in recent days in some of the most disruptive cyber-activity in the sector during the coronavirus pandemic, cybersecurity company FireEye said Wednesday. The group, which FireEye calls UNC1878, has been deploying Ryuk ransomware and taking multiple hospital IT networks offline, said Charles Carmakal, senior vice president of Mandiant, FireEye’s incident response arm.

Hacking group is targeting US hospitals with Ryuk ransomware

In a joint statement, the U.S. government is warning the healthcare industry that a hacking group is actively targeting hospitals and healthcare providers in Ryuk ransomware attacks. Today, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) announced a call with the healthcare industry to warn them of an ‘Increased and Imminent Cybercrime Threat.’

Hacker steals $24 million from cryptocurrency service ‘Harvest Finance’ | ZDNet

A hacker has stolen roughly $24 million worth of cryptocurrency assets from decentralized finance (DeFi) service Harvest Finance, a web portal that lets users invest cryptocurrencies and then farm the price variations for small profit yields. The hack took place earlier today and was almost immediately confirmed by Harvest Finance administrators in messages posted on the company’s Twitter account and Discord channel.

Maze ransomware is shutting down its cybercrime operation

​The Maze cybercrime gang is shutting down its operations after rising to become one of the most prominent players performing ransomware attacks. The Maze ransomware began operating in May 2019 but became more active in November. That’s when the media-savvy operation revolutionized ransomware attacks by introducing a double-extortion tactic.

Sopra Steria confirms it was hit by new strain of Ryuk ransomware, will take weeks to return to normal operations

European IT services group Sopra Steria has shared more details of the cyber attack which hit its offices last week, confirming speculation that it fell victim to a ransomware attack. According to a press release issued by the firm, Sopra Steria first discovered it was under attack on the evening of 20 October, and has since identified that the culprit was a “new version” of the notorious Ryuk ransomware.

Hackers Make Off With Millions From Wisconsin Republicans

The chairman of the Wisconsin Republican Party says hackers stole $2.3 million from an account being used to help re-elect President Donald Trump. According to an AP story, the theft was discovered on October 22 and immediately reported to the FBI.

KashmirBlack botnet behind attacks on CMSs like WordPress, Joomla, Drupal, others | ZDNet

A highly sophisticated botnet is believed to have infected hundreds of thousands of websites by attacking their underlying content management system (CMS) platforms. Also: Best web hosting services Named KashmirBlack, the botnet started operating in November 2019.

Failles / vulnérabilités

Trump Campaign Website Defaced by Cryptocurrency Scam

Hackers claim to have access to classified information linking the president to the origin of the coronavirus and criminal collusion with foreign actors. UPDATE Hackers took over President Trump’s 2020 election campaign website late Tuesday, replacing parts of the site with a cryptocurrency scam before returning it to its original content several minutes later.

Over 100 irrigation systems left exposed online without protection

Security experts from the Israeli security firm Security Joes discovered more than 100 irrigation systems running ICC PRO that were left exposed online without protection. ICC PRO is a top-shelf smart irrigation system designed by Motorola. The ICC PRO systems were deployed with default factory settings, which don’t have a password for the default user’s account.

Réglementaire / juridique

Brit accused of spying on 772 people via webcam CCTV software tells court he’d end his life if extradited to US

A Briton is reportedly fighting extradition to the United States after deploying webcam malware onto hundreds of women’s laptops so he could spy on them undressing and having sex. Christopher Taylor, a 57-year-old labourer, appeared by video link at Westminster Magistrates’ Court to contest an extradition attempt by the US government, according to the Court News UK newswire.


Hacker steal $24M, returnes $2.5M to DeFi protocol Harvest Finance

The DeFi sector has been the favorite target of attackers this year. And why wouldn’t it be as the industry is growing by billions of dollars each month, and that’s why it is attracting not only investors but hackers too. The latest to be targeted by malicious threat actors is the decentralized finance (DeFi) protocol called Harvest Finance.

Spain takes down terrorist cell recruiting online for the so-called Islamic State

On 28 October, Europol supported the CGI of the Spanish National Police (Comisaría General de Información de la Policía Nacional) in arresting three suspects linked to a terrorist cell actively recruiting and indoctrinating young people. The individuals, among which feature the alleged leaders of the cell, were arrested as a result of house searches carried out in San Sebastian and Pasaia in northern Spain.

1 Comment

Comments are closed.

La newsletter