Tag Archive for: remain

Medical Institutions Remain One of the Most Vulnerable Sectors to Ransomware Attacks


London, United Kingdom, July 30, 2023 –(PR.com)– Experts weigh in on why the health is sector so vulnerable.

The healthcare sector experienced 64 ransomware attacks last year alone, according to research by NordLocker.

According to recent data, the belief that ransomware attacks only target wealthy organizations is a myth. In 2022, healthcare companies with annual profits ranging from $25-50 million experienced four ransomware attacks, while medical companies with profits between $11-25 million encountered 14 attacks. Medical institutions with profits of $1-5 million were not exempt because they also suffered four attacks. It is crucial to highlight that ransomware poses a greater threat to institutions with lower profits because cyberattacks can often lead to severe financial repercussions, including bankruptcy.

Ransomware attacks target large public hospitals and small private practices alike. The report reveals that even one-person private consultation offices are not immune to these attacks. In the year prior, healthcare institutions with 1,000-5,000 employees experienced four attacks, while those with 1-11 and 11-50 employees encountered 13 attacks.

It is important to note that ransomware attacks extend beyond hospitals and healthcare facilities. Biotech companies, pharmaceutical companies, social services, medical factories, and other organizations in the healthcare sector are also susceptible to such attacks.

As usual, most attacks target American businesses — 61% of all attacks are against the US healthcare sector. Spain and Canada are the other countries most affected by ransomware attacks, with almost 8% and 4.7% of attacks retrospectively.

Why is the health sector so vulnerable?

Experts agree that there are a variety of different reasons why healthcare is such a lucrative industry for cybercriminals.

“In general, hospitals and other medical institutions are a great target due to outdated systems, and lack of choice in solution providers because not all vendors can offer solutions for the medical field. Lack of investment is another factor,” says Aivaras Vencevicius, head of product for NordLocker.

The health care sector is also particularly vulnerable because of the…

Source…

8Base ransomware gang activity explodes, but they remain mysterious


The 8Base ransomware group has been detected since March 2022, but has suddenly become much more active in the past month than before. The hacker collective uses known cybercrime methods, but is suddenly operating at lightning speed with victims in many industries. VMware warns in a blog of the danger the group presents.

8Base describes itself as a group of “simple pen-testers”, short for “penetration testers.” This can in principle be a legitimate service. With this group, it is patently not, owing to the fact it demands a ransom after hacking their supposed ‘customers’. Like other cybercriminals, 8Base maintains a “leak site,” where victims’ data becomes available if people are unwilling to pay a ransom.

Interestingly, security experts have not yet figured out the malicious actors’ exact methodology, motivation and identity. What is clear, however, is that the group operates quickly and efficiently.

What VMware discovered

VMware’s analysis shows that 8Base’s communication style is strikingly similar to that of RansomHouse, another criminal organization. That group came into the crosshairs of cyber experts earlier this year, when it was revealed to have carried out a giant hack on AMD with 450GB of financial data and research data. However, it is not entirely clear whether we can call this collective a proper ransomware gang, as VMware describes that it buys stolen data and tries to extort companies on that basis.

The statistics regarding 8Base activity are pretty clear: in June, the ransomware gang went from having the fewest detections in more than a year to the most by far.

Source: VMware

The targets vary widely, from business-oriented service providers to financial services, manufacturing, IT and healthcare. For that reason, VMware characterizes the choice of victims as “opportunistic.”

Unlike more brutal organizations such as RagnarLocker, 8Base tries to maintain a tinge of authenticity. Under the guise of the aforementioned “pen tester” excuse, it claims to serve affected companies. On top of that, they have a full-fledged FAQ, Terms of Service and offer assurances about course of action after payment.

Unclear…

Source…

Recent legal developments bode well for security researchers, but challenges remain


Despite the hoodie-wearing bad guy image, most hackers are bona fide security researchers protecting users by probing and testing the security configurations of digital networks and assets. Yet the law has often failed to distinguish between malicious hackers and good-faith security researchers.

This failure to distinguish between the two hacker camps has, however, improved over the past two years, according to Harley Geiger, an attorney with Venable LLP, who serves as counsel in the Privacy and Data Security group. Speaking at Shmoocon 2023, Geiger pointed to three changes in hacker law in 2021 and 2022 that minimize security researchers’ risks.

“Over the past couple of years, these developments have changed the sources of greatest legal risk for good faith security research,” he said. Specifically in the US, the Computer Fraud and Abuse Act (CFAA), the most controversial law affecting hackers, the Department of Justice’s (DOJ’s) charging policy under the CFAA, and the Digital Millennium Copyright Act have evolved in favor of hackers. However, laws at the US state level affecting hackers and China’s recently adopted vulnerability disclosure law pose threats to security researchers and counterbalance some of these positive changes.

Computer Fraud and Abuse Act changes

The CFAA was enacted in 1986 as an amendment to the Comprehensive Crime Control Act and was the first US federal law to address hacking. “The CFAA has been the boogeyman for the community for quite a long time,” Geiger said. “It’s maybe the most famous anti-hacking law. This is a criminal law and a civil law, and that’s important to remember. You can be prosecuted under the CFAA criminally, and you can also be threatened with private lawsuits.”

The CFAA prohibits several things, including accessing a computer without authorization and exceeding authorized access to a computer. “That phrase, exceeding authorized access to a computer, is really important,” Geiger said. “It used to mean that if you were authorized to use a computer for one thing, but then you used it for another purpose, something that you weren’t authorized to do on the computer that you were allowed to use, then that may…

Source…

aiims: AIIMS ransomware attack: Servers remain paralysed for 4th day; key patient data at risk of leakage – The Economic Times Video


With the All India Institute of Medical Sciences (AIIMS), New Delhi, still struggling to get its servers up and running after a massive ransomware attack earlier this week, cyber-security researchers on Saturday said the most reported attacks in the healthcare industry, which rose during the pandemic, involve the leak or sale of databases on the Dark Web. The exploited databases contain Personally Identifiable Information (PII) of patients and healthcare workers, as well as administrative information such as blood donor records, ambulance records, vaccination records, caregiver records, login credentials, etc.

Source…