Tag Archive for: tech

We must equip health care professionals with tech resilience

/in


For weeks, a significant portion of our state has been significantly inconvenienced, even put at risk, by an increasingly disturbing trend. For nearly the entire month of August, Eastern Connecticut Health Network and Waterbury Health, which control several state hospitals and medical offices, have been suffering the effects of a cyberattack that have effectively paralyzed their technological capabilities, shutting down their information technology databases.

These are just some of 25 hospitals across the country that have had their operations impacted through this hack, and the significance of 25 hospitals being unable to provide care to their fullest extent cannot be understated. While treatment of patients is ongoing and emergency departments continue to operate, medical professionals are experiencing significant issues due to lack of connectivity through electronic systems. Local hospitals including Manchester Memorial, Rockville General and Waterbury Hospital cannot offer full outpatient medical imaging or blood drawings, with an unclear deadline or end to the outages. Even urgent care centers under the network have been forced to open alternative phone systems for patient contacts.

The continuing advances of technology in our world, and especially medical technology, have provided new opportunities to improve patient health and provide better outcomes for patients in need. In the current times, our dependency on technology also includes increasing access to remote work, electronic or e-consulting services and electronic multidisciplinary teams, almost universal electronic patients’ medical records, online scheduling, electronic radiologic images and other lab tests, robotic surgeries and remote cardiac monitoring among others. Technology has become the single most critical part of outpatient and inpatient services and communications.

Our increasing reliance on technology also poses significant risks. The current situation reinforces that our systems need more safeguards. This includes recognizing that in general, health service personnel have relatively less experience in working remotely, digital literacy and cybersecurity, leaving the sector…

Source…

Ankura CTIX FLASH Update – August 25, 2023 – Fin Tech

/in


29 August 2023


Ankura Consulting Group LLC


To print this article, all you need is to be registered or login on Mondaq.com.

Malware Activity

Whiffy Recon Malware Dropped by Smoke Loader
Botnet

A new piece of malware dubbed Whiffy Recon is a Wi-Fi scanning
payload being leveraged by threat actors to triangulate the
geolocation of compromised devices. Whiffy Recon is being
distributed by the threat actors behind the infamous Smoke Loader
botnet. The Smoke Loader botnet family is a modular backdoor with a
wide range of capabilities, mainly used by threat actors to drop
payloads at scale in the early stages of a compromise. The threat
actors are using Whiffy Recon to triangulate the positions of
infected devices by scanning for nearby Wi-Fi access points, and
then using Google’s geolocation service API to send the
longitude and latitude of the infected devices back to the
attackers. By utilizing the nearby Wi-fi access points, Whiffy
Recon can triangulate the device location even if the device does
not have a GPS system, giving attackers an edge when conducting
region-based attacks. The malware maintains persistence on the
compromised device by creating a “wlan.Ink” shortcut that
points to the Whiffy Recon malware’s location on the system.
Although the motive is currently unclear, Whiffy Recon could
potentially be utilized by threat actors to conduct mass
intimidation campaigns, pressuring victims into meeting the
cybercriminals’ demands. Researchers have stated that based on
the initial POST request to the C2 server, it is likely that the
developers of this malware will be upgrading it over time. CTIX
continues to report on new and interesting attack techniques and
may release an…

Source…

WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams

/in


Aug 19, 2023THNMalvertising / Website Security

Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker that’s engineered to conduct tech support scams.

The sophisticated traffic redirection scheme was first documented by Malwarebytes in January 2020, leveraging JavaScript embedded in compromised websites to perform anti-bot and web traffic filtering checks to serve next-stage JavaScript that redirects users to a browser locker (aka browlock).

This redirection mechanism, in turn, makes use of steganographic tricks to conceal the JavaScript code within a PNG image that’s served only when the validation phase is successful. Should a user be detected as a bot or not interesting traffic, a decoy PNG file without the malicious code is used.

WoofLocker is also known as 404Browlock due to the fact that visiting the browlock URL directly without the appropriate redirection or one-time session token results in a 404 error page.

The cybersecurity firm’s latest analysis shows that the campaign is still ongoing.

Cybersecurity

“The tactics and techniques are very similar, but the infrastructure is now more robust than before to defeat potential takedown attempts,” Jérôme Segura, director of threat intelligence at Malwarebytes, said.

“It is just as difficult to reproduce and study the redirection mechanism now as it was then, especially in light of new fingerprinting checks” to detect the presence of virtual machines, certain browser extensions, and security tools.

A majority of the sites loading WoofLocker are adult websites, with the infrastructure using hosting providers in Bulgaria and Ukraine that give the threat actors stronger protection against takedowns.

The primary goal of browser lockers is to get targeted victims to call for assistance to resolve (non-existent) computer problems and gain remote control over the computer to draft an invoice that recommends affected individuals to pay for a security solution to address the problem.

“This is handled by third-parties via fraudulent call centers,” Segura noted back in 2020. “The threat actor behind the traffic redirection and browlock will get paid for each successful…

Source…

Follow these tech tips to help avoid malware, ensure cybersecurity

/in


If you're getting a new printer, Kim Komando recommends a factory reset it to erase the details of what you’ve printed over the years.

You need a timer and you need it fast. Do a Google search for “timer” and one appears right there for you to use. There’s a stopwatch option too. Easy, right?

Here’s another smart tech tip I’m surprised so many people mess up. Most people fill in the email recipient section before writing the message. That’s a mistake. Make that your very last step – that way, there’s a much lower chance you’ll send an email before it’s truly ready to send.

Don’t stop there. Let’s dive into easy, quick tech tips you’ll use all the time.

Cybersecurity 101: After you download a PDF file online, look at the file extension. You’re looking for .pdf. If the filename ends with .exe, delete it – it’s likely malware.

Source…