Tag Archive for: Showcases

Illinois Hospital Closure Showcases Ransomware’s Existential Threat

/in


An Illinois hospital’s decision to cease operations later this week at least partly because of a 2021 ransomware attack that crippled operations for months is a stark reminder of the sometimes-existential threat that online extortion campaigns can pose.

That’s especially true for resource-strapped small and rural hospitals.

St. Margaret’s Health (SMH) will permanently close its hospitals, clinics, and other facilities at Spring Valley and Peru, Ill. this Friday, June 16, after serving the community for 120 years. Multiple factors led to the decision, including unprecedented expenses tied to the COVID-19 pandemic, low patient volumes tied to social-distancing mandates, and staff shortages that forced the health system to have to rely on temporary staffing agencies.

But the February 2021 ransomware attack on its systems at Spring Valley had a big part to play; they  catastrophically impacted the hospital’s ability to collect payments from insurers for services rendered, and the attack forced a shutdown of the hospital’s IT network, email systems, its electronic medical records (EMR) portal, and other Web operations.

A Contributing Factor

SMH vice president of quality and community services Linda Burt says the attack lasted four months, during which employees had no access to the IT system, including email and the EMR system. 

“We had to resort to paper for medical records. It took many months, and in some service lines, almost a year to get back online and able to enter any charges or send out claims,” Burt says. “Many of the insurance plans have timely filing clauses which, if not done, they will not pay. So, no claims were being sent out and no payment was coming in.”

SMH is the latest to make the list that security analyst and researcher Adrian Sanabria maintains of organizations that were forced out of business because of a cyberattack over the past two decades. The list currently comprises 24 organizations — many of them small — across multiple sectors. Among the names in the list is payment processing firm CardSystems, which closed in 2005 following a data breach that exposed sensitive data associated with some 40 million credit cards; security firm HBGary which went…

Source…

‘BellaCiao’ Showcases How Iran’s Threat Groups Are Modernizing Their Malware

/in


A new malware strain that has been landing on systems belonging to organizations in the US, Europe, Turkey, and India has provided another indication of how Iran’s state-backed cyber-threat groups have been systematically modernizing their arsenals in recent years.

The malware, dubbed “BellaCiao,” is a dropper that Iran’s Charming Kitten advanced persistent threat (APT) group has been using in a highly targeted manner in recent months to gain and maintain unobtrusive initial access on target systems.

A Highly Customized Threat

Researchers at Bitdefender discovered the new malware when investigating activity related to three other recent malware tools associated with Charming Kitten. Their analysis of the malicious code — summarized in a blog post this week — uncovered a couple of features that set it apart from many other malware samples.

One was the specifically targeted nature of the dropper that ended up on each victim’s system. The other was BellaCiao’s unique and hard-to-detect style of communicating with its command-and-control (C2) server.

“Each sample we’ve collected is custom-built for each victim,” says Martin Zugec, technical solutions director at Bitdefender. Each sample includes hard-coded information that is specific to the victim organization, such as the company’s name, public IP addresses, and specially crafted subdomains.

Charming Kitten’s apparent intention in making the malware victim-specific is to blend in on host systems and networks, Zugec says. For instance, the subdomains and IP addresses the malware uses in interacting with the C2 are similar to the real domain and public IP addresses of the victim. Bitdefender’s analysis of the malware’s build information showed its authors had organized victims in different folders with names that indicated the countries in which they were located. The security vendor found that Charming Kitten actors used victim-optimized versions of BellaCiao, even when the target victim was from a noncritical sector.

Unique Approach to Receiving C2 Commands

Zugec says the manner in which BellaCiao interacts with the C2 server and receives command from it is also unique. “The communication between implant and C2 infrastructure is based…

Source…

Phosphorus Showcases Game-Changing Enterprise xIoT Security Management Platform at RSAC 2023

/in


Phosphorus Cybersecurity Inc.

Phosphorus Cybersecurity Inc.

The world leader in xIoT breach prevention is also unveiling the industry’s first Intelligent Active Discovery (IAD) solution that safely and accurately discovers and assesses all IoT, OT, IoMT, and IIoT devices.

NASHVILLE, Tenn., April 11, 2023 (GLOBE NEWSWIRE) — Phosphorus, the leading provider of proactive and full-scope breach prevention for the xTended Internet of Things (xIoT), is bringing cyber-physical security innovation to RSAC 2023 with its groundbreaking Enterprise xIoT Security Management Platform and the industry’s first and only Intelligent Active Discovery (IAD) solution for IoT, OT, IoMT, and IIoT devices. Phosphorus is also a proud supporting sponsor of IoT Village in the RSAC Sandbox and will be hosting several interactive hacking and security demonstrations of vulnerable xIoT devices throughout the conference.

After more than six years of research spanning millions of production devices, Phosphorus has determined that 68% of xIoT devices have high-risk or critical CVEs, device firmware is on average six years old, and password compliance is at a dismal 1%. These problems are exacerbated by the lack of effective industry solutions, as traditional tools and approaches developed for IT systems are unable to directly communicate with xIoT devices in order to safely and effectively discover, assess, and remediate them. Most also cannot provide continuous drift monitoring and detection and response capabilities.

This is one of the reasons why Phosphorus has found that 80% of corporate security teams cannot identify the majority of their xIoT devices – let alone secure them.

xIoT is an enormous attack surface that grows bigger every year and these risks are not properly addressed with traditional security solutions, which are IT-centric and lack the capability to safely and effectively interact with xIoT devices,” said John Vecchi, Chief Marketing Officer of Phosphorus. “Attackers are constantly evolving their tactics and Cyber-Physical Systems are the next big target. Enterprises and organizations are now clamoring for best-of-breed, prevention-based platforms that can accurately and safely discover, assess, remediate, monitor,…

Source…

VMM-268 Showcases MV-22 Versatility, Strengthens Relationships on 6,100 Mile Trans-Pacific Flight > United States Marine Corps Flagship > News Display

/in


KAILUA, HAWAII —

 U.S. Marines with Marine Medium Tiltrotor Squadron 268 concluded their deployment with Marine Rotational Force – Darwin by executing a 6,100 mile transpacific flight from Australia to Hawaii, September 13-18, 2022. The occasion marks the second time this year that MV-22 Ospreys from Marine Aircraft Group 24 successfully completed long-range maritime self-deployments. Earlier this year, VMM-363 executed a similar mission, flying approximately 5,000 miles from Hawaii to the Philippines for Exercise Balikatan 22.

The monumental journey began in Darwin on September 13 as two VMM-268 MV-22s and one KC-130J from Marine Aerial Refueler Transport Squadron 152 departed for Royal Australian Air Force Base Amberley. Over the next several days, the Marines would land in Fiji, American Samoa, and the Republic of Kiribati before completing the final leg to Marine Corps Base Hawaii Kaneohe Bay.

“The MV-22s are capable and versatile aircraft for operations in the Pacific,” said Capt. John Wilkinson, a pilot assigned to VMM-268.

“It’s important to remember that flights of this magnitude wouldn’t be possible without the dedication and support of our Marines and our allies and partners.”  Capt. John Wilkinson, a pilot assigned to VMM-268

While transiting the islands of the South Pacific via a path resembling the Corps’ island-hopping campaign of World War II, they prioritized their interactions with local leaders and communities along the way. In Fiji, the Marines welcomed airfield support staff onboard for a tour and later came together to share a meal and exchange tokens of appreciation for support.

In American Samoa, the Marines had several memorable interactions. Sergeant Tyrone Travers, a native of the island, embraced his sister for the first time in six years. Colonel Manlee Herrington, MAG-24 commanding officer, met with two retired Marines; Sgt. Maj. Tusipasi Suiaunoa, whose last assignment was as the Headquarters and Support Battalion Sergeant Major at U.S. Marine Corps Forces, Pacific; and Cpl. Ketsemame Meaole, a veteran of the war in Vietnam.

While in the Republic of Kiribati, the Marines delivered humanitarian aid supplies to the community,…

Source…