Tag: takes | SpinSafe

Groundbreaking cybersecurity network takes root – Sentinel and Enterprise

April 21, 2024/in Internet Security

The list of organizations that the ransomware group Play has hacked as found on the dark web. Play allegedly hacked Lowell’s municipal network on April 24, and released 5GB of data on May 11. (Courtesy Brett Callow)

Sophisticated cyberattacks targeting the state’s municipalities and health-care systems have demonstrated the need for a coordinated approach to mitigate the damage caused by these incapacitating hacks.

It was just a year ago that Lowell’s municipal computer network was compromised.

The online ransomware group Play claimed responsibility for the massive cyberattack, boasting that it had released 5 gigabytes of data from that theft and posted it to the dark web.

Five months later, Lowell still hadn’t fully recovered from this network breach, which had left city government without phone service, email, access to financial, human resources, asset management and revenue systems, as well as other ancillary services like dog, business and marriage licenses.

In the interim, city departments faced the daunting prospect of rebuilding servers and networks, installing new equipment, creating secure user access portals and training employees in cybersecurity.

Even by September, Lowell police reported that critical functions could not be conducted from patrol car computers, forcing officers to log on at neighborhood precincts or police headquarters to complete their shift work — a tedious, time-consuming process.

And more recently, a far-reaching hack of a health-care payment service continues to inflict serious financial pain on the state’s health providers.

As reported by the State House News Service, the debilitating February cyberattack on Change Healthcare has cost the Massachusetts health-care system about $24 million a day, forcing care providers to seek financial relief from health insurers.

The Massachusetts Health and Hospital Association pegged the average daily costs stemming from the attack at $24,154,000, based on a survey that reflects responses from 12 hospitals and health systems.

“Depending on how long it lasts, it’s just like a snowball effect,” Karen Granoff, MHA’s senior director of managed care, told the…

Source…

Cyber attack takes Frontier Communications systems offline, affecting millions of broadband customers

April 19, 2024/in Internet Security

US telecom provider Frontier Communications was forced to shut down a number of its internal systems after detecting an unauthorized third party in its IT environment, shuttering internet access for millions.

Frontier Communications said it first detected the unauthorized access on 14 April 2024, before reporting the incident to the SEC on 15 April. The company said it had taken its systems down as part of its incident response protocols in an effort to contain the breach.

Frontier reported it believes it has contained the incident, with its core IT environment already restored, adding that it has also begun efforts to restore normal business operations, but this process is still ongoing.

Frontier serves customers in 25 US states, with 3 million broadband subscribers and a fiber optic network consisting of 5.2 million locations, as threat actors continue to target critical national infrastructure organizations to maximize the impact of their attacks.

Frontier says the third party, which it believes was likely a cyber crime group, was able to gain access to personally identifiable information (PII), among other information.

The telecom provider was unable to provide any further information on the specific types of sensitive information accessed by the attackers, or whether the PII pertained to customers or employees.

Some customers took to social media to voice their concern after being without internet for three days since Frontier took its systems down, reporting they cannot access technical support through Frontier’s app, website chat, or their phone line.

Frontier announced it was experiencing technical issues with its internal support systems and provided a phone number for those who require assistance.

Hackers target telecoms industry as ISPs become increasingly viewed as critical-national infrastructure

This incident comes hot on the heels of a series of high-profile cyber incident affecting telecom companies.

A huge cache of AT&T customer data was published on the dark web on 30 March 2024, with the personal…

Source…

OODA Loop – Ransomware Group Takes Credit for Attack on Boat Dealer MarineMax

March 22, 2024/in Internet Security

The Rhysida ransomware group has claimed responsibility for a recent cyberattack on boat dealer MarineMax and is offering to sell allegedly stolen data from the company for a significant sum, starting at 15 bitcoin ($950,000). MarineMax, one of the largest retailers of recreational boats and yachts globally, reported being targeted in a cyberattack that caused some disruption, as disclosed in an SEC filing. Although MarineMax has not provided extensive details about the incident, screenshots of financial documents and spreadsheets have been published by the cybercriminals to demonstrate the theft of valuable data. However, MarineMax stated in its regulatory filing that sensitive data is not stored in the compromised environment. The Rhysida ransomware group, known for targeting various sectors including government, IT, manufacturing, healthcare, and education, encrypts files on compromised systems and demands ransom. Despite researchers developing a decryption tool for Rhysida in February 2024, it is uncertain if the cybercriminals have since updated the malware to render the tool ineffective. The extent of file encryption or data theft in the MarineMax attack remains unclear, and further information from the company is awaited.

Source…

Researcher takes on ransomware and the products for stopping it

March 8, 2024/in Internet Security

Ransomware, one of the most troublesome forms of cyber attacks, is in the crosshairs of a leading cybersecurity research outfit. The researchers at the MITRE Corporation’s Ingenuity program recently called for industry to help find out the effectiveness of cybersecurity products designed to help stop. For the answers, the Federal Drive with Tom Temin spoke with William Booth, the general manager of MITRE’s evaluations program.

Tom Temin And just a brief word on the ingenuity program, which is one of the major channels of MITRE’s work. And then tell us a little bit about the program that you specifically run for evaluating software.

William Booth Yeah. So I run a tech evaluations, which is born out of and based on either attack framework, which is really a way of describing cybersecurity tactics and techniques used in the real world. And we take that knowledge base and we apply it through evaluations to all the leading cohort of cybersecurity products.

Tom Temin In other words, you try to make sure that the products out there actually match and can take on what you know to be the real threats.

William Booth Yes. And that people have insights and a reference for performance on how they’re doing, both on the detections and on the protection side.

Tom Temin All right. And now the latest call out for industry to join with you, you’re looking at specifically what problem and what types of software?

William Booth We’re mostly focused this time on ransomware continues to be a leading issue both for private and for government. And so we’re tackling that through slightly different than before where we chose a single adversary. Here we’re using an amalgamation of multiple very prevalent and relevant ransomware attacks. And in addition to that, we’re also for the first time, introducing Mac OS, which is going to be focused on the DPR case activity. Recently, there’s a lot of products out there that cover Windows and Linux and also have Mac, but that’s kind of unknown right now on performance and where the benchmark is. And so we’re hoping to set that.

Tom Temin So the North Korea then is going after Macs for ransomware. And are they generally going after…

Source…

Tag Archive for: takes