Breach Guide

How to address IoT security risks in the healthcare industry

Source: Tahawultech.com By: Cyber Resilient Group 14August2019

* There has been a surge in the number of cyber-attacks on the healthcare industry in the past five years affecting more than 100 million people worldwide such as Anthem medical, NHS-UK and last year Singapore government's health database.
* IoT vulnerabilities are scanned by cybercriminals at a frenetic pace than ever before. As per one of the AT&T experts there has been a dramatic 458 percent increase in IoT vulnerability scans against devices.

A cybercriminal covered all his tracks-and then he verified his PayPal account

Source: Quartz By: Justin Rohrlich 15August2019

* At the beginning of May, a San Francisco-based tech firm called Scale AI contacted the FBI after discovering its internal computer network had been compromised. Roughly $40,000 had been drained out of its accounts, $140 at a time.
* Law enforcement is under constant pressure to keep up with fast-changing technologies and the corresponding strategies hackers use to get past the latest safeguards and protections. Yet, with just about every aspect of modern life networked together in one way or another, it is extremely difficult to carry out a cybercrime today without leaving clues.

700,000 Choice Hotels records leaked in data breach, ransom demanded

Source: ZDNet By: Charlie Osborne 15August2019

* 700,000 records belonging to Choice Hotels have reportedly been stolen with hackers demanding payment for their return.
* According to Choice Hotels, the bulk of the records was only test information, including the payment card, password, and reservation fields; however, 700,000 records were genuine and contained information on guests such as names, email addresses, and phone numbers.

Cyber criminal collaboration intensifies

Source: ComputerWeekly.com By: Warwick Ashford 14August2019

* The level of cooperation between high-profile cyber threat groups has shifted up a gear, enabling a higher level of automation and making attribution more difficult, research shows.
* Closer relationships between these groups has resulted in a greater degree of sharing tools, which in turn is making it more difficult to identify which group is behind any particular cyber attack, according to the latest Cyber threatscape report from professional services firm Accenture.

How phishing attacks trick our brains

Source: MIT Technology Review By: Patrick Howell O'Neill 8August2019

* It's simple and effective: getting someone to click a malicious link in an email and enter private information such as a password is the most important skill in many hackers' toolkits. Phishing is the most common form of cyberattack and still growing.
* And the reason it's so effective, according to research being done at Google and the University of Florida, is that it takes advantage of how the human brain works-and, crucially, how people fail to detect deception, depending on factors like emotional intelligence, cognitive motivation, mood, hormones, and even the victim's personality.

These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer

Source: Vice By: Joseph Cox 10August2019

* It looks like an Apple lightning cable. It works like an Apple lightning cable. But it will give an attacker a way to remotely tap into your computer.
* "It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable," the security researcher known as MG who made these cables told Motherboard after he showed me how it works at the annual Def Con hacking conference.

Zero-day flaw found in building control system

Source: ITProPortal By: Michael Moore 12August2019

* McAfee warns the vulnerability could allow full access to building systems.
* Hackers could be able to hack into an entire building due to a worrying security flaw in a popular management software, researchers have revealed.
* According to new analysus from McAfee, a vulnerability in a commonly used Delta industrial control system that could allow criminals to gain complete control and gain access to all a building's services.

UN probing 30 North Korean cyber attacks in 17 countries

Source: The Straits Times
By: FNU LNU
Published: August 14, 2019

* UN experts say they are investigating at least 30 instances in 17 countries of North Koreans using cyber attacks to raise money for weapons of mass destruction programmes - and they are also calling for sanctions against ships providing petrol and diesel to the isolated country.
* Last week, The Associated Press (AP) quoted a summary of a report from the experts which said North Korea illegally acquired as much as US$2 billion (S$2.77 billion) from its increasingly sophisticated cyber activities against financial institutions and cryptocurrency exchanges.

Security warning for software developers: You are now prime targets for phishing attacks

Source: ZDNet
By: Danny Palmer
Published: August 13, 2019

* Cybercriminals targeting the technology industry commonly direct their phishing campaigns at software developers
* Software developers are the people most targeted by hackers conducting cyberattacks against the technology industry, with the hackers taking advantage of the public profiles of individuals working in the high-turnover industry to help conduct their phishing campaigns.

Recent Phishing Attack on ProtonMail Accounts of Bellingcat Journalists Linked to Russia

Source: CPO Magazine
By: Scott Ikeda
Published: August 13, 2019

* Investigative news outlet Bellingcat has focused much of its eight years of work on high-level government controversies and cover-ups, particularly on issues in Russia in the past two years.
* It would appear that someone in the country has taken an interest in them.
* The ProtonMail email accounts of several Bellingcat journalists were targeted by a phishing campaign, which was ultimately not successful but provided leads that indicate Russian hacking groups backed by the government were involved.