Tag Archive for: MONTHS

Cyberthreat healthcare alert came months before HSE hit by hackers

/in


The National Cyber Security Centre warned of potential ransomware attacks on the health service in October 2020, more than four months before the Health Service Executive was targeted by hackers, it has been revealed.

The health service was hit by a massive cyberattack earlier this year which caused chaos in hospitals, delayed patient care and and led to expected costs of almost €100 million.

A malicious file attached to a phishing email opened on March 18th led to a shutdown of the HSE’s computer systems once the Conti ransomware was “denotated” on May 14th.

The criminal gang behind the attack – believed by several observers to be most likely based in Russia – demanded $20 million (€17.7 billion) in Bitcoin.

The Government said no ransom would be paid and on May 20th the hackers posted a link to a key that decrypted files which had been encrypted by the ransomware.

Source…

PNB customers’ data exposed for seven months due to server vulnerability: Report

/in


A vulnerability in the server of Punjab National Bank allegedly exposed the personal and financial information of its about 180 million customers for about seven months, according to cyber security firm CyberX9.

CyberX9 has claimed that the vulnerability provided access to the entire digital banking system of PNB with administrative control.

Meanwhile, the bank has confirmed about the glitch but denied any exposure of critical data due to the vulnerability.

PNB said “customer data/applications are not affected due to this” and “server has been shut down as a precautionary measure.”

“Punjab National Bank kept severely compromising the security of funds, personal and financial information of over 180 million (all) its customers for about the last 7 months. PNB only woke up and fixed the vulnerability when CyberX9 discovered the vulnerability and notified PNB through CERT-In and NCIIPC,” CyberX9 founder and MD Himanshu Pathak told PTI.

He said CyberX9 research team discovered a very critical security issue in PNB which was leading to admin access to internal servers hence exposing a massive number of banks’ systems nationwide open for cyber-attacks for the last about seven months.

Pathak said that vulnerability was found in an exchange server which is interconnected with other exchanges and shares all access — including access to all email addresses which results in access to all email addresses.

“The vulnerability which we discovered was leading to the highest level of admin privilege in PNB’s exchange servers. If you gain access to Domain Controller through an exchange server then the doors very easily open to make any computer accessible in the network.

“These computers even include those that are being used in their branches and other departments,” Pathak said.

When contacted, PNB said the server in which the vulnerability was found had no sensitive or critical data.

“The server wherein the vulnerability was reported, was being used as one of the multiple Exchange Hybrid servers used to route emails from On-prim to Office 365…

Source…

Twitch downplays this month’s hack, says it had minimal impact

/in


Twitch downplays this month's hack, says it had minimal impact

In an update regarding this month’s security incident, Twitch downplayed the breach saying that it had minimal impact and only affected a small number of users.

“We’ve undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly,” Twitch said.

The company also stated that no login credentials or full credit card numbers/payment data belonging to users or streamers were exposed following last week’s massive data leak.

“Twitch passwords have not been exposed. We are also confident that systems that store Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH / bank information,” Twitch added.

Data exposed in the incident and leaked on the 4chan imageboard primarily contained documents from Twitch’s source code repository and a subset of creator payout data.

As explained in previous updates issued after the attack, the attackers could gain access to data due to a faulty server configuration change that exposed it to the Internet.

125 GB of source code and payment reports stolen

Although Twitch hasn’t revealed what servers were misconfigured, the unknown individual behind the leak said the data was allegedly stolen from roughly 6,000 internal Twitch Git repositories.

“Their community is also a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories,” the anonymous poster said.

Image: BleepingComputer

According to the 4chan user, the archive leaked on the imageboard contained the following Twitch info:

  • The entirety of twitch.tv, with commit history going back to its early beginnings
  • Mobile, desktop, and video game console Twitch clients
  • Various proprietary SDKs and internal AWS services…

Source…

Record 304.7 Million Ransomware Attacks Eclipse 2020 Global Total in Just 6 Months

/in


  • Ransomware showed massive year-to-date spikes in the U.S. (185%), U.K. (144%)

  • Ryuk, Cerber, SamSam top families of the year, making up 64% of all ransomware volume

  • Government, education, healthcare, retail verticals increasingly targeted by ransomware

  • Up 59% year-to-date globally, IoT malware continues growth since 2018

  • Cryptojacking malware remains a key threat, up 23% year-to-date globally and up 22% in the U.S.

  • SonicWall’s patented RTDMI™ finding more never-before-seen malware than ever, posting a 54% year-to-date increase over the first half of 2020

MILPITAS, Calif., July 29, 2021 /PRNewswire/ — In the first half of 2021, ransomware attacks skyrocketed, eclipsing the entire volume for 2020 in only six months, according to the mid-year update to the 2021 SonicWall Cyber Threat Report published today. In a new paradigm for cybercrime, SonicWall is analyzing how threat actors are using any means possible to further their malicious intents.

SonicWall (PRNewsfoto/SonicWall)

SonicWall (PRNewsfoto/SonicWall)

Ransomware showed massive year-to-date spikes in the U.S. (185%), U.K. (144%)

With high-profile attacks against established technology and infrastructure, ransomware is now more prevalent than ever. Through the first half of 2021, SonicWall recorded global ransomware volume of 304.7 million, surpassing 2020’s full-year total (304.6 million) — a 151% year-to-date increase.

“In a year driven by anxiety and uncertainty, cybercriminals have continued to accelerate attacks against innocent people and vulnerable institutions,” said SonicWall President and CEO Bill Conner. “This latest data shows that sophisticated threat actors are tirelessly adapting their tactics and embracing ransomware to reap financial gain and sow discord. With remote working still widespread, businesses continue to be highly exposed to risk, and criminals are acutely aware of uncertainty across the cyber landscape. It’s crucial that organizations move toward a modern Boundless Cybersecurity approach to protect against both known and unknown threats, particularly when everyone is more remote, more mobile and less secure than ever.”

Ransomware running rampant
After posting record highs in both April and May, SonicWall recorded another…

Source…