The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Friday Five: 4/3

by Amanda Brown on Friday April 3, 2020

Contact Us
Free Demo
Chat

Ryuk ransomware continues to target hospitals, the personal information of five million hotel guests gets breached, and Italy's social security website gets hacked - catch up on the week's news with the Friday Five.

1. Best Buy Gift Cards, USB Drive Used to Spread Infostealer by Doug Olenick

A cybercriminal gang has started an attack campaign that is based on sending victims an actual paper letter mailed through the U.S. Postal Service. The letter contains a socially engineered message that thanks the victim for being a Best Buy customer and provides them with $50 Best Buy gift card and a USB drive. In order to entice recipients to insert the USB drive into their computer, the cybercriminals claim the drive contains a list of products that can be purchased with the card. According to researchers, the USB is said to be programmed to emulate a USB keyboard, and once inserted, a payload is injected and additional code is downloaded. If the USB is allowed to download JavaScript and register the infected device with the command-and-control server, the info-stealing software is able to obtain a great deal of information, including username, hostname, domain name, computer model, operating system information, and much more. Although it’s hard to pass up a seemingly free gift card in the mail, industry experts are reminding everyone to be extremely cautious, especially if it involves receiving a mysterious USB drive.

Read more

2. Personal Details for the Entire Country of Georgia Published Online by Catalin Cimpanu

Over the weekend, personal information such as full names, home addresses, dates of birth, ID numbers, and mobile phone numbers of more than 4.9 million Georgians was published on a hacking forum. Under the Breach, a data breach monitoring and prevention service, spotted the 1.04 GB MDB (Microsoft Access database) file on the site and found that it contained almost five million records, including those of deceased citizens, as Georgia’s current population is estimated at 3.7 million. It is unclear exactly where this data came from, and if the forum user who shared the data was the one who obtained it. It was initially reported that the leak came from Georgia’s Central Electric Commission (CEC) but in a statement to ZDNet, one of the individuals sharing the data on the hacking forum clarified it was not from CEC, but declined to say where it was from. Georgian authorities and cybersecurity professionals are now investigating this breach.

Read more

3. Ryuk Ransomware Targets More Hospitals During Coronavirus Pandemic by Duncan Riley

Amid the global COVID-19 crisis, some cybercriminal groups, such as Maze Ransomware, are publicly promising to refrain from attacking essential healthcare organizations. Ryuk ransomware, on the other hand, is continuing to target hospitals and other medical providers, and it is said that the group targeted 10 health organizations over the past month. Those 10 targets included two independent hospitals and another healthcare provider that has a network of nine hospitals throughout the United States. According to an infosecurity analyst, a U.S. healthcare provider had just been targeted by Ryuk ransomware last week. Unfortunately, Ryuk is not the only group to take advantage of this uncertain time, as a health service district in Illinois and a hospital in the Czech Republic were hit with different types of ransomware earlier this month. Colin Bastable, chief executive officer of security awareness training firm Lucy Security AG, said it best when he told SiliconANGLE, “Healthcare is the richest target for hackers, who are never going to let the proverbial crisis go to waste.”

Read more

4. Marriott Reports Data Breach Affecting Up to 5.2 Million Guests by Sergiu Gatlan

Marriott International suffered a data breach, detected at the end of February, that revealed the personal information of over five million hotel guests. The company believes the activity started in mid-January of this year, and that the guest information may have been accessed using the login credentials of two employees. Marriott has stated that there is no “reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.” Immediately after discovering the breach, the company disabled the login credentials, began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests. Guests can determine whether their info was involved in the data breach and what categories of personal data was involved through Marriott’s self-service online portal. Possible categories of guest information involved in the breach includes contact details, loyalty account information, additional personal details, partnerships and affiliations, and room preferences. The company is offering a free, one-year personal information monitoring service to all affected individuals.

Read more

5. Italy’s Social Security Website Hit by Hacker Attack by Angelo Amante, Crispian Balmer and Philippa Fletcher

Italy’s social security website, which houses the application Italians can use to apply for coronavirus benefits, was forced to shut down on Wednesday following a cyberattack. Pasquale Tridico, the head of the welfare agency, said the service had received over 300,000 applications for the 600 Euro (EUR) in benefits when the hackers compromised access to the site. Italy, like many other countries, is in the middle of a nationwide lockdown to contain the coronavirus outbreak, and the restrictions have brought much of the Italian business world to a halt. Self-employed or seasonal workers are able to apply to the entity - Istituto Nazionale della Previdenza (INPS) - for a special payout, but users who tried to log into the agencies site reported severe disruptions and were unable to place their request. The personal data of other people was even displayed on some users’ screens as they tried to complete their application. The Italian Democratic Party has tasked the national security services with finding those responsible for the hacks and fixing the issue.

Read more

Tags: Data Breach, Ransomware, hacking, Cybersecurity

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.