HEALTHCARE'S GRIM CYBER PROGNOSIS REQUIRES SECURITY BOOSTER BY ROBERT LEMOS
The healthcare sector is increasingly vulnerable to cyberattacks, particularly ransomware, with 66% of organizations experiencing attacks in the past year, up from 60%. Emerging threats like the Trinity ransomware group are raising alarms, with cyberattacks like theirs disrupting services, exposing sensitive patient data, and affecting patient outcomes. Legislation is being introduced to impose stricter cybersecurity measures, including jail time for executives who mislead authorities about their security infrastructure. The healthcare industry's reliance on outdated technology and third-party providers, combined with attackers' focus on critical operations and willingness to pay ransoms, exacerbates the issue. Improving backups, monitoring, and cybersecurity practices are essential, but progress remains slow due to regulatory challenges.
14,000 MEDICAL DEVICES ARE ONLINE, UNSECURED AND VULNERABLE BY CHRISTIAN VASQUEZ
A recent report reveals that nearly half of 14,000 exposed medical devices, healthcare login portals, and databases worldwide are in the U.S. The decentralized U.S. healthcare system contributes to this, with over 6,800 devices found online. In contrast, the U.K. has only 200 devices due to its centralized system. Vulnerabilities in U.S. healthcare devices, such as outdated Digital Imaging and Communications in Medicine (DICOM) protocols, lack of firewalls, and weak credentials, make the sector a prime target for cyberattacks. The report highlights the need for stronger security, including multi-factor authentication, to protect sensitive data on exposed platforms like Electronic Medical Records (EMRs).
DOJ, MICROSOFT DISRUPT RUSSIAN HACKERS TARGETING CIVIL SOCIETY ORGS BY DAVID DIMOLFETTA
Microsoft's Digital Crimes Unit and the U.S. Justice Department seized around 100 website domains used by the Russia-backed hacking group Star Blizzard, which has targeted civil society organizations globally. Microsoft reportedly took down 66 sites, while the DOJ seized 41 more. Also known as Seaborgium and Callisto, Star Blizzard is linked to Russia’s Federal Security Service and has been active since 2019, attacking government organizations, NGOs, academia, and the U.S. Department of Energy. Specializing in phishing attacks and credential theft, the group has targeted 82 Microsoft customers since January 2023, exploiting high-value individuals through personalized phishing emails.
MICROSOFT: CREATIVE ABUSE OF CLOUD FILES BOLSTERS BEC ATTACKS BY ELIZABETH MONTALBANO
Threat actors are enhancing business email compromise (BEC) campaigns by combining social engineering with legitimate cloud-based services like Dropbox, OneDrive, and SharePoint. These trusted platforms are used to share malicious files and links, bypassing traditional security measures. Microsoft warns that attackers exploit users' familiarity with these services to steal credentials and conduct further malicious activities such as financial fraud or data exfiltration, with a commonly observed attack involving compromising one user and then sharing a file with their trusted contacts. Microsoft recommends using extended detection and response (XDR) systems to detect suspicious activity related to these sophisticated BEC campaigns.
MAMBA 2FA CYBERCRIME KIT TARGETS MICROSOFT 365 USERS BY TARA SEALS
The Mamba 2FA phishing-as-a-service (PhaaS) kit is targeting Microsoft 365 users with adversary-in-the-middle (AiTM) tactics. Sold for $250 per month on cybercrime forums, it mimics login pages for services like OneDrive and SharePoint, dynamically reflecting the branding of targeted enterprises. Mamba 2FA is reportedly able to bypass two-factor authentication (2FA) using one-time codes and app notifications, and it supports various Microsoft account types. Once compromised, users' credentials and cookies are sent to attackers via Telegram. The kit, active since November 2023, has gained attention on Telegram since the shutdown of ICQ, where it was previously sold.
