Tag Archive for: Numbers

Nuspire Q4 2022 and Year in Review Threat Report: Cyber Threat Numbers Make History

/in


Nuspire’s latest threat report, which provides an analysis on the cyberthreat landscape for both Q4 and FY 2022, revealed what many have come to believe: 2022 was the most active year in history for cyber threats. Nuspire’s threat intelligence pros, Josh Smith and Justin Heard, recently presented on their findings, offering their thoughts on why we’re continuing to see an upward trajectory of attacks as well as actionable recommendations on how organizations can protect themselves. Read on to get the highlights.

Malware: Year-over-year activity grew despite decrease in Q4

Q4 By the Numbers
2,415,119 total
590 unique variants detected
201,259 detections per week
28,751 detections per day
-34.56% decrease in total activity from Q3

Malware saw a decline in Q4 2022 activity, with CoinMiner being supplanted by Malicious Excel payloads. According to Josh, this increase appears connected to Microsoft’s blocking of VBA macros by default, which has forced threat actors to leverage different methods to spread their malware.

“When Microsoft blocked VBA macros, it made it much harder for threat actors to enable them for their phishing campaigns, and we saw adversaries experimenting with new ways to manipulate Excel files,” Josh said.

Nuspire also identified an increase in the use of JavaScript to drive phishing campaigns. In this case, JavaScript is used to redirect victims to phishing forms or malicious sites.

2022 Year in Review
Despite the significant dip in malware activity in Q4, Nuspire still saw a 6.85% increase in activity over 2021.

“Organizations should expect attackers to continue launching phishing campaigns in 2023, as it is one of the most effective methods they have to gain initial access,” said Josh. “It’s a relatively easy method – threat actors can broadly send a phishing campaign and only need one user to bite in order to gain the access they’re looking for.”

Botnets: Activity jumped over 30% in 2022

Q4 By the Numbers
741,166 total
30 unique botnets detected
61,763 detections per week
8,823 detections per day
-66.35% decrease in total activity from Q3

Botnets took a plunge in Q4, with activity reducing by more than 66%. Much of this decline was fueled by a…

Source…

Social security numbers exposed in N.J. school district data breach

/in


The social security numbers of Bridgewater-Raritan school district employees were exposed when someone hacked into the district’s computer system in December, officials said.

In addition to social security numbers, an “unauthorized actor” had access to insurance enrollment information for employees s and “other individuals,” the Somerset County district said in a statement.

The district didn’t say how many employees were affected by the computer breach, which took place between Dec. 10 and Dec. 12.

District officials learned of the breach Dec. 12 when they noticed “suspicious” activity on the computer network.

The school district sent letters to the affected employees Jan. 27 and offered them free membership to identity monitoring services.

Anyone impacted with questions can call a call center at 877-869-4553 from 9 a.m. to 9 p.m., Monday through Friday.

The school district “takes privacy and confidentiality very seriously and continues to take steps to enhance the security of its computer systems and the data it maintains,” Bridgewater-Raritan school officials said in a statement.

Bridgewater police and district officials couldn’t immediately provide additional information.

Our journalism needs your support. Please subscribe today to NJ.com.

Jeff Goldman may be reached at [email protected].

Source…

CentraState hack stole data from 617,000, including some Social Security numbers

/in


FREEHOLD TOWNSHIP – CentraState Healthcare System is notifying 617,000 patients that information including names, addresses and Social Security numbers were part of a cyberattack that hit the hospital network in December, company officials said Friday.

The hacker obtained a copy of an archived database that also included dates of birth, health insurance information, medical record numbers and patient account numbers. No financial account or payment card information was involved, officials said.

CentraState, which largely serves western Monmouth and Ocean counties, said in late December that it discovered unusual activity in its computer system, forcing it to temporarily divert ambulances to other hospitals and halt outpatient care.

It joined a lengthy list of hospitals nationwide that have been targeted by hackers. The reason: The health care industry has lots of information that can affect the health of its patients, experts say.

CentraState cyberattack: Why are hospitals so vulnerable to hackers?

CentraState Medical Center in Freehold Township is shown Tuesday, April 14, 2020.

CentraState Medical Center in Freehold Township is shown Tuesday, April 14, 2020.

CentraState said it immediately took steps to contain the breech. It brought in a forensics firm to investigate and reported the incident to the FBI. The investigation found that an unauthorized person on Dec. 29 obtained a copy of the database.

In addition to the personal information, the database included information related to care, including physician names, diagnoses and treatment plans, the health system said.

A CentraState spokeswoman said Friday company’s computer system has been restored.

‘Highlight of my career’: Saxophonist who survived COVID plays for hospital that saved him

CentraState said it began mailing letters Friday to patients affected by the incident. It said it would provide credit monitoring and identity theft protection services to patients whose Social Security numbers were taken, And it encouraged patients to review statements from their health providers and insurers and report to them any inaccuracies.

“CentraState deeply regrets any concern this incident may have caused and is continually enhancing the security of its electronic systems and the patient data it maintains to help prevent…

Source…

167,000 stolen credit card numbers Exposed via PoS Malware

/in


Cybercriminals are increasingly targeting credit card payment terminals to steal sensitive information, reveals new research from Group-IB Botnet Monitoring Team.

The team’s head Nikolay Shelekhov and the company’s analyst, Said Khamchiev, shared details of how cybercriminals used a PoS (point-of-sale) malware to steal over 167,000 payment records from 212 compromised devices. Almost all of the affected users were based in the USA.

The campaign was discovered in April 2022, but researchers believe the campaign occurred between February 2021 and September 8, 2022.

Researchers blamed a poorly configured C2 server for PoS malware MajikPOS. The configuration allowed them to assess the server. They discovered that the server hosted a separate C2 administrative panel for a unique POS malware variant identified as Treasure Hunter (first detected in 2014). This malware also collects compromised card data.

For your information, MajikPOS and Treasure Hunter malware infect Windows POS terminals. For infecting a store, MajikPOS (first detected in 2017) scans the network for open or poorly secured RDP and VNC remote-desktop services. It then brute forces into the network or purchases access to the systems’ credentials.

Both malware can scan the devices and look to exploit the card when the device is reading card data. The malware then stores the information in plain text in memory. Moreover, Treasure Hunter can perform RAM scraping, which pores over the memory of all running processes on the register to locate freshly swiped magnetic stripe data from a shopper’s bank card. Conversely, MajikPOS can scan infected PCs for card details. The information is then sent over to the attacker’s C2 server.

During their month-long investigation, Group-IB assessed around 77,400 card dumps from MajikPOS and 90,000 from Treasure Hunter panels. Around 75,455 or 97% of MajikPOS compromised cards were issued by US banks, and the rest were from banks worldwide. Regarding Treasure Hunter, 96% or 86,411 cards were issued in the USA. They also detected eleven victim firms in the USA.

Further probe revealed that cybercriminals used two POS malware strains to steal details of…

Source…