Tag Archive for: attackers

Ransomware attackers threaten to send SWAT teams to patients of hacked hospitals

/in


Losing important work documents or albums with photographs of your family because you have unsuspectingly clicked on a malicious e-mail attachment can be very damaging and stressful. Now imagine that you have lost not only your data but also the very sensitive data of thousands of other people.

This is a threat that hospitals around the world are facing each day, with some of them ultimately falling victim.



Cybercriminals employing ransomware as part of their hacking campaigns are extorting users, demanding a hefty ransom in the form of cryptocurrency. They promise to give you a decryption key to recover your data, but you can never be certain whether the criminal will keep this promise. While some user may get lucky, others will not only lose their data but also their money.

Experts usually recommend not paying the ransom, as this also encourages the hackers to continue targeting more potential victims. The decryption keys for some ransomware variants are later made public, for example, thanks to authorities and their investigation. So even if you don’t pay the ransom, your chances of getting the data back are not completely over.

But in the case of hospitals or businesses, making the right decision can be much more difficult. Especially when the ransom is much higher and on top of that, the hackers are trying to improve their odds by other malicious activities.

Some hackers are threatening the hospitals with swatting, as The Register reports. A specific example is Seattle’s Fred Hutchinson Cancer Center which was hacked in November. The hospital confirmed for The Register that it “was aware of cyber criminals issuing swatting threats”, and that FBI and local police started an investigation.

Swatting is the tactic of contacting police with a false report, ultimately triggering a SWAT team to come to the targeted location, for example, the house of an innocent victim.

In a different case at Oklahoma’s Integris Health, the patients were targeted and threatened with having their data sold on the dark web.

These are just some of the extreme…

Source…

Samsung Galaxy S23 Hacked By Million Dollar Zero-Day Attackers

/in


It was the best of times; it was the worst of times for Samsung. Across four days ending October 27, the Samsung Galaxy S23 was successfully hacked by elite security researchers using zero-day exploits. Four times. The iPhone 14 and Pixel 7 were left unscathed. However, it’s not all bad news, as the zero-day exploits have been handed over to Samsung to fix. Samsung now has 120 days to do so before the exploit methodologies are disclosed publicly.

Who Just Hacked The Samsung Galaxy S23?

The takedown of the Samsung S23 smartphone happened during the annual Pwn2Own hacking event organized by Trend Micro’s Zero Day Initiative. This consumer-oriented event, held in Toronto, Canada, took place between October 24 and 27. Although four smartphones were in scope for the hackers taking part, only the Samsung Galaxy S23 and Xiaomi 13 Pro were successfully exploited. The Apple iPhone 14 and Google Pixel 7 remained undefeated.

MORE FROM FORBESiLeakage Hackers Can Read Gmail On All 2020 Or Later iPhones And MacsBy Davey Winder

With regard to the Samsung Galaxy S23, hackers from Pentest Limited, STAR Labs SG, Interrupt Labs, and ToChim were all able to execute successful zero-day exploits against the device across the four days of competition.

There was, in fact, a fifth successful hack against the Samsung Galaxy S23 by Team Orca from Sea Security, but it used a previously known exploit.

Meanwhile, researchers from NCC Group and Team Viettel were also able to execute successful zero-day exploits against the Xiaomi 13 Pro smartphone.

What Zero-Day Exploits Were Used To Hack The Samsung Galaxy S23?

As already mentioned, the full technical details of the successful zero-day exploits will not be made public until such a time that Samsung has had an opportunity to distribute a patch to fix the vulnerabilities. ZDI gives vendors a 120-day window within which to produce and distribute such a patch. In the meantime, ZDI has released a very brief outline of the exploit types on X, formerly known as Twitter.

Pentest Limited executed an Improper Input…

Source…

A New Polyglot Attack Allowing Attackers to Evade Antivirus

/in


MalDoc in PDF

Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file.

The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023.

“A file created with MalDoc in PDF can be opened in Word even though it has magic numbers and file structure of PDF,” researchers Yuma Masubuchi and Kota Kino said. “If the file has a configured macro, by opening it in Word, VBS runs and performs malicious behaviors.”

Such specially crafted files are called polyglots as they are a legitimate form of multiple different file types, in this case, both PDF and Word (DOC).

This entails adding an MHT file created in Word and with a macro attached after the PDF file object. The end result is a valid PDF file that can also be opened in the Word application.

Put differently; the PDF document embeds within itself a Word document with a VBS macro that’s designed to download and install an MSI malware file if opened as a .DOC file in Microsoft Office. It’s not immediately clear what malware was distributed in this fashion.

Cybersecurity

“When a document is downloaded from the internet or email, it’ll carry a MotW,” security researcher Will Dormann said. “As such, the user will have to click ‘Enable Editing’ to exit Protected View. At which point they’ll be learn [sic] that macros are disabled.”

While real-world attacks leveraging MalDoc in PDF were observed a little over a month ago, there’s evidence to suggest that it was being experimented (“DummymhtmldocmacroDoc.doc“) as early as May, Dormann highlighted.

The development comes amid a spike in phishing campaigns using QR codes to propagate malicious URLs, a technique called qishing.

“The samples we have observed using this technique are primarily disguised as multi-factor authentication (MFA) notifications, which lure their victims into scanning the QR code with their mobile phones to gain access,” Trustwave said last week.

MalDoc in PDF

“However, instead of going to the target’s desired location, the QR code leads them to the threat actor’s phishing page.”

One such campaign targeting the Microsoft credentials of users has witnessed an…

Source…

Ransomware attackers steal personal info of over 600K Medicare beneficiaries

/in


  • Employees at the Office of Personnel Management will soon see changes to their in-office requirements. All eligible employees with telework agreements at OPM are expected to report to the office at least two days per week, starting this fall. The change will take place in a phased approach, beginning in September, and will be fully implemented by October. OPM is the latest in a long series of agencies to announce new in-the-office requirements, after the Office of Management and Budget told agencies to start ramping up in-person work after the COVID-19 pandemic.
  • The Centers for Medicare and Medicaid Services (CMS) is responding to a major data breach at one of its contractors. CMS confirmed Maximus Federal Services was one of many organizations swept up by a ransomware attack on the MoveIT file transfer software in late May. CMS said the hackers were able to steal personal information on more than 600,000 Medicare beneficiaries. None of CMS’s internal systems was impacted by the attack. The agency and Maximus are sending letters to affected individuals.
  • Two lawmakers want to change how the federal employment process views marijuana. A new bipartisan bill in the House would prohibit agencies from denying someone a job or security clearance over current or past marijuana use. The bill was introduced by Rep. Jamie Raskin (D-Md.) and Rep. Nancy Mace (R-S.C.) last week. It would also require agencies to establish a process for reviewing any decision dating back to 2008 that denied someone a federal job or clearance due to marijuana use. The legislation is the latest effort to loosen restrictions around federal employment and pot. Current policies still prohibit feds from using weed whether they are on or off the clock.
  • The FDIC has outlined its plan to better manage its cloud services. The Federal Deposit Insurance Corporation will close three holes in how it manages its cloud computing services over the next year. The FDIC CIO told the agency’s inspector general that it will establish an enterprisewide catalog of data by February. It…

Source…