TL;DR

Weekly TL; DR (Week 42)

The National Cyber Security Centre SK-CERT introduces a new activity, the aim of which is to provide a weekly overview of important information in the field of cybersecurity. Its title is “TL; DR” (Too Long; Didn’t Read) and contains brief information from open sources along with a link to the original article.

In today’s TL; DR, we focus on information about attacks on the healthcare sector, another expansion of the Ryuk ransomware and also a new variant of the Mirai botnet Katana.

Contents

  • Attack on psychotherapy centres in Finland
  • Other malicious applications removed from the Google appstore
  • Ransomware attack – Ryuk on French IT company Sopra Steria
  • A new Mirai botnet Katana
  • Ransomware attack – manufacturer of Steelcase furniture
  • Ransomware group REvil selling a ransomware as a service
  • Theft of Google employees’ private data – a law company Fragomen
  • Fining the insurance company Aetna for 3 data breaches
  • Warning of ransomware attacks on hospitals – FBI
  • Another ransomware attack on energy company Enel Group (Netwalker)

The company Vastaamo, which runs 25 psychotherapy centres in Finland, has been a target of a successful hacker attack. Tens of thousands of patients’ records were compromised. Many customers of centres received e-mails with a demand for 200 euros for the attacker to prevent their private data being made public, and if they didn’t pay, the following day it was 500 euros.

Source: www.vice.com/en_us/rss/section/tech 

https://www.cyberreport.io/news/private-psychotherapy-notes-leaked-in-major-finnish-hack?article=29818

Based on ongoing research by the Czech company Avast, Google banned another 21 malicious applications (in June, Google banned 41 applications with more than 15 million downloads). The applications still contained HiddenAds malware, which disguised itself like games with more than 9 million downloads.

Source: https://blog.avast.com/new-malware-apps-on-google-play-avast 

https://thehackernews.com/2020/10/google-android-malwar.html 

https://blog.avast.com/avast-discovers-47-android-adware-apps-avast 

French IT company Sopra Steria, which has recently become a target of a ransomware attack, confirmed that the attack was executed with a new version of the Ryuk ransomware. The company revealed that the cyberattack was only launched a few days before it was detected, and according to information from the company, it was possible to contain the virus to only a limited part of the infrastructure. “It will take a few weeks for a return to normal.”

Source:https://www.soprasteria.com/docs/librariesprovider2/sopra-steria-corporate/finance/cp-fi/261020_pr-cyberattack-en.pdf?sfvrsn=47dd06dc_3

The Mirai botnet has a new variant called Katana. The botnet has DOS capability, fast self-replication, connection to the CC infrastructure and separate encryption keys for each source. Katana contains several features of Mirai; these include running a single instance, a random process name, and editing the watchdog to prevent the device from restarting. Researchers from the Avira team expect Katana to be active soon.

Source: https://www.bankinfosecurity.com/even-in-test-mode-new-mirai-variant-attacking-iot-devices-a-15246 

A company specializing in the manufacture of Steelcase furniture became a target of the Ryuk ransomware attack. The company shut down temporarily the affected systems and declared that it is not aware of any data loss and does not anticipate financial losses.

Source: https://www.bleepingcomputer.com/news/security/steelcase-furniture-giant-hit-by-ryuk-ransomware-attack/ 

Ransomware REvil group, which runs a ransomware as a service, declares that they made more than 100 million dollars a year. For renting their ransomware, the group takes 20-30% of the attacker’s profit.

The law firm Fragomen announced that it has become a target of a hacker attack. The attackers were able to obtain personal information of former and current Google employees.

Source: https://securityaffairs.co/wordpress/110054/data-breach/fragomen-data-breach.html

A health insurer Aetna was fined 1 million dollars for 3 data breaches. As part of the settlement of a class action lawsuit, the company paid 20.2 million dollars to victims and the state. Data breaches since August 2017 have affected approximately 18 600 customers of the insurance company.

Source: https://www.healthcareinfosecurity.com/aetna-fined-1-million-after-3-data-breaches-a-15264 

FBI issued a warning of the Ryuk ransomware campaign and the TrickBot malware campaign against the healthcare sector. The warning also includes a set of rules and “best practice” on how to prevent / mitigate attacks.

Source: https://us-cert.cisa.gov/ncas/alerts/aa20-302a 

https://thehackernews.com/2020/10/ransomware-attack-hospital.html 

It is the second time that the energy company Enel Group has become a target of a ransomware attack. In the past, it was attacked by SNAKE ransomware, but this time it is Netwalker ransomware. An attacker is demanding 14 million dollars for a key and for not disclosing the stolen information.

Source:https://www.cyberreport.io/news/enel-group-attacked-by-netwalker-demanding-a-whooping-14-million?article=29936 

https://www.bleepingcomputer.com/news/security/power-company-enel-group-suffers-snake-ransomware-attack/


« Späť na zoznam
Current threats
all publications
Links