Tag Archive for: increase

Researchers spot an increase in Jupyter infostealer infections

/in


Infections involving the Jupyter infostealer have increased over the last two weeks, in particular targeting organizations in the education and healthcare sectors, researchers said Monday.

VMware’s Carbon Black Threat Analysis Unit published a report on Monday highlighting a wave of new incidents involving the malware, which was first seen in late 2020. It allows hackers to steal credentials and exfiltrate data.

“New Jupyter Infostealer variants continue to evolve with simple yet impactful changes to the techniques used by the malware author. This improvement aims to avoid detection and establishes persistence, enabling the attacker to stealthily compromise victims,” the researchers said.

“This malware continues to be one of the top ten infections we’ve detected in our clients’ network primarily targeting the Education and Health sectors.” The report does not mention specific victims.

The malware has evolved to target the Chrome, Edge, and Firefox browsers while the hackers using it have also exploited search engines to get people to download malicious files with the malware attached, Carbon Black said.

In the most recent incidents, the researchers found the infostealer posing as legitimately signed files, using “a valid certificate to further evade detection” and allow initial access to a victim machine.

Common delivery methods for the malware include “malicious websites, drive-by downloads, and phishing emails,” as well as “malicious ads,” they said.

The researchers shared samples of infected files, including generalized how-to documents as well as more specific files. One example was a copy of the U.S. government’s budget for 2024.

In another instance, Carbon Black saw hackers exploiting a signed Autodesk Create Installer. Autodesk is a popular remote desktop application frequently exploited in past cyberattacks.

The report does not attribute Jupyter to a specific hacking group, but past research by other companies has suggested Russia as a point of origin.

Hackers are constantly evolving their efforts to deliver powerful infostealing malware. Last week, cybersecurity researchers at Bitdefender uncovered a campaign that saw hackers use Facebook ads…

Source…

Ransomware attacks might increase in-hospital mortality by up to 35%

/in


A recent working paper found that during ransomware attacks, in-hospital patient mortality increased by 20% to 35%, NPR reported Oct. 20. 

The research analyzed Medicare data and is currently limited to patients 65 and older who are in the hospitals during a ransomware attack.

Cyberattacks can disrupt care for weeks and cost hospitals millions. Attacks have more than doubled between 2016 and 2021, exposing tens of millions of patients’ health information and forcing facilities to divert and delay care. Within the first week of an attack, hospital volume falls by 17% to 25%, the research found.

The findings confirm hospitals’ worst fears, NPR said, but they might push the industry and government to make substantial changes. Some advocates are asking policymakers to set minimum cybersecurity requirements for hospitals and offer financial assistance to smaller or more rural facilities that may not have the resources to comply.

Source…

Cisco IOS XE Hack: Researchers Find Another ‘Sharp Increase’ In Affected Devices

/in


Security News


Kyle Alspach


One of the most serious network device attacks in recent memory continues to widen, according to Censys researchers.

ARTICLE TITLE HERE


Compromises of Cisco IOS XE devices jumped by 8,000 on Wednesday, bringing the total number of affected systems to nearly 42,000, according to the latest data from cybersecurity firm Censys.

There’s no patch available for the critical vulnerability that’s being exploited in the attacks, although Cisco has provided mitigations that it’s said are effective at thwarting the compromises. IOS XE is a widely used Cisco networking software platform, with estimates suggesting that more than 140,000 devices in total are potentially vulnerable.

[Related: Why Cisco IOS XE Attacks Are Setting Off Alarm Bells]

Censys researchers had previously found 34,140 Cisco devices compromised, but on Wednesday said they had “found a sharp increase in infections” with the tally climbing to 41,983.

In response to a CRN inquiry Wednesday, Cisco said it did not have any new information to share.

Cisco said in an advisory Monday that the zero-day privilege escalation vulnerability—which is tracked as CVE-2023-20198—warrants the maximum severity rating, 10.0 out of 10.0.

Exploitation of the critical vulnerability can allow a malicious actor to acquire “full control of the compromised device and [allow] possible subsequent unauthorized activity,” Cisco’s Talos threat intelligence team said in a blog post Monday.

The attacks are one of the most serious network device hacks in recent memory, experts have said.

“The last few weeks have seen their fair share of potential sky-crumbling advisories,” Censys researchers said in a post. Those have included a vulnerability in Exim mail servers, “which amounted to much of nothing,” and an HTTP/2 attack that turned out to have a very narrow impact.

“But this time, Apollo, I think we have a problem,” the Censys researchers wrote, referring to the Cisco IOS…

Source…

Moveit Hack a Lesson as Digital Threats Increase

/in


Art by Karlotta Freier

A recent data breach known as the Moveit hack has affected more than 2,000 organizations and at least 60 million people, according to the latest tracking by KonBriefing. That list will likely keep growing.

Among those hit were millions of retirement plan participants, in large part due to a breach at Pension Benefit Information, a data vendor working with numerous large recordkeepers and state-run pension systems.

In short: The hackers got access to participant data via some of the largest and most respected institutions in the industry. Lawsuits are coming, targeting not just PBI, but the firms who used it as a vendor.

What, then, is a plan fiduciary to do?

Experts have a number of suggestions that, while they may not be able to stop future breaches, will help a fiduciary be covered should they occur. Suggestions often start with following the Department of Labor’s April 2021 guidance on cybersecurity for the retirement industry, but they also include baking in a regular system of assessment when procuring and working with vendors, participating in mock data breach exercise, and being ready for audits, should they occur.

Information for Sale

In many cybersecurity cases in recent years, hackers used a method known as ransomware, in which they locked up a company’s data and demanded a ransom to release it. More recently, hackers are going straight after personal data, such as the participant information available held with Moveit, a file transfer software company owned by Progress Software Corp. Hackers then sell that information on the “dark web” in batches to criminals, says Marc Bleicher, chief technology officer at Surefire Cyber.

Bleicher says the data tends to have a “shelf life” of about three months as companies start notifying participants of the breach and providing identity theft solutions. A person’s Social Security number, he says, can “fetch $2 to $5” per account, and other personal identifiable information such as financial accounts or passport numbers can be as high as $1,000 per account.

“I would assume that any transactions for [the Moveit data] would have gone pretty quickly,” Bleicher…

Source…