Tag Archive for: crooks

Ransomware crooks steal 3m+ patients’ medical records, personal info • The Register

/in


Several California medical groups have sent security breach notification letters to more than three million patients alerting them that crooks may have stolen a ton of their sensitive health and personal information during a ransomware infection in December.

According to the Southern California health-care organizations, which include Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical, the security breach happened around December 1, 2022. 

“After extensive review, malware was detected on some of our servers, which a threat actor utilized to access and exfiltrate data,” according to a notice posted on Regal’s website and filed with the California Attorney General’s office [PDF]. 

The medical outfit said it hired third-party incident responders to assist and worked with security vendors to restore access to its systems and determine what data was impacted.

Judging from the filings with various state and federal agencies, the news wasn’t good. 

Extortionists stole, among other things, from the medical groups: patients’ names, social security numbers, addresses, dates of birth, diagnosis and treatment information, laboratory test results, prescription data, radiology reports, health plan member numbers, and phone numbers.

And according to the US Department of Health and Human Services, which is investigating the database breach, it affected 3,300,638 people. 

“Regal is taking steps to notify potentially impacted individuals of this breach to ensure transparency,” the company’s notification stated, adding it notified law enforcement and regulatory agencies about the ransomware attack.

Regal did not immediately respond to The Register‘s questions, including who is responsible for the attack and how they gained entry, how much money the crooks demanded and whether the health network paid the ransom.

As is typically the case in these types of incidents, the medical groups say they will pay for affected customers to receive one year of Norton LifeLock credit monitoring. They also urged patients to register a fraud alert with various credit bureaus, and closely monitor account statements as well as explanation of benefit…

Source…

Crooks can hack your Honda’s key fob signal to unlock or steal your car

/in


When a manufacturer releases a defective product, it can volunteer to recall it. If the risk is significant enough, the government will step in and enforce it. Either way, the consumer may not know about the recall until later.

Regarding cars, problems with the mechanical parts, safety issues or software upgrades are the usual culprits. We compiled a list of the latest recalls affecting thousands of Fords, Nissans, Hyundais and Hondas. Tap or click here to see if your car is on the list and what you need to do about it.

No matter the fault, the line between cybercrime and the real world is becoming blurrier by the day. A technological trick is exposing Honda vehicles to criminals. The worst part is that the scheme is almost as old as some of the affected models, but luckily there is something you can do about it.

Here’s the backstory

When you park your car and walk away, how sure are you that the familiar beep from the vehicle indicates that it’s locked? You might hear the right sounds, but you’ll never know unless you go back to check.

In a research paper detailing how the Rolling-PWN attack works, the authors from Star-V Lab explain that the vulnerability has been known for some time. The research team tested 10 Honda vehicles ranging from 2012 to 2022 models, and guess what? All the tested vehicles failed.

Activating the key fob sends an electronic code to lock the car. The same code must be transmitted from the fob to unlock it. Each time you press the button, the rolling code system ensures that it increases the synchronizing counter. But criminals figured out a way to send the codes in a consecutive sequence, resynchronizing the counter.

“This weakness allows anyone to permanently open the car door or even start the car engine from a long distance,” researchers explained.

RELATED: Feeling pain at the pump? Check out these top 5 bestselling electric vehicles

Honda’s letting it go

This isn’t the first time that the problem has come to light. Two years ago, computer scientist Blake Berry and researcher Ayyappan Rajesh ran similar tests with the same results.

The pair tested 2016-2020 Honda Civic (LX, EX, EX-L, Touring, Si, Type R) models, while the Star-V Lab team…

Source…

Cyber Security Today – A new ransomware gang emerges, bad news for cyber crooks and pensioners information exposed

/in


A new ransomware gang emerges, bad news for cyber crooks and pensioners’ information exposed.

Welcome to Cyber Security Today. It’s Wednesday December 23rd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:

 

There’s another sign that ransomware is paying off for cybercriminals: A new group has emerged, according to the Bleeping Computer news site. The gang calls itself Hades, and one of its first victims is a large American freight transportation firm called Forward Air Corporation. The attack occurred on December 15th but the firm only filed a report with the U.S. Securities and Exchange Commission on Monday.

Meanwhile a group of tech companies including Microsoft, McAfee, Rapid7 and Citrix are banding together to fight ransomware. To be called the Ransomware Task Force, it will officially start next month. Its goal is to assess the effectiveness of existing anti-ransomware solutions and create a road map of concrete objectives and actionable milestones fighting ransomware. It hopes to include representatives of government, law enforcement, nonprofits, cybersecurity insurance, and international organizations.

There is another organization of largely European security vendors and police called No More Ransom. It’s a three-year-old project that hosts a number of decryption tools for IT security professionals to use in case their firm is attacked.

Some good news: Police in Europe and the FBI have taken down three websites that offered protected web hosting and virtual private networking encryption often used by criminals for ransomware and other scams. Among crooks these are called bulletproof hosting services, because they ignore complaints about suspicious activity and don’t care who uses them. After taking down the sites police identified and alerted over 250 companies who were being spied on by criminals using the services.

In another move the European police co-operative called Europol announced the launch of a platform to help police unscramble encrypted information lawfully seized in criminal investigations. Police in 24 countries will be able to use the service. Not included is the United…

Source…

Crooks have acquired proprietary Diebold software to “jackpot” ATMs

/in
A warning appears on the screen of a Diebold ATM.

Enlarge (credit: Shannon Prickett / Flickr)

Diebold Nixdorf, which had sales of $ 3.3 billion from ATM sales and service last year, is warning stores, banks, and other customers of a new hardware-based form of “jackpotting,” the industry term for attacks that thieves use to quickly empty ATMs.

The new variation uses a device that runs parts of the company’s proprietary software stack. Attackers then connect the device to the ATM internals and issue commands. Successful attacks can result in a stream of cash, sometimes dispensed as fast as 40 bills every 23 seconds. The devices are attached either by gaining access to a key that unlocks the ATM chassis or by drilling holes or otherwise breaking the physical locks to gain access to the machine internals.

In previous jackpotting attacks, the attached devices, known in the industry as black boxes, usually invoked programming interfaces contained in the ATM operating system to funnel commands that ultimately reached the hardware component that dispenses cash. More recently, Diebold Nixdorf has observed a spate of black box attacks that incorporated parts of the company’s proprietary software.

Read 8 remaining paragraphs | Comments

Biz & IT – Ars Technica