Here are the top stories of recent weeks:
- Ransomware Attack Halts Two Cancer Radiation Treatment Centers
- Cloud Based Storage Bucket Exposed with Over 750,000 Users’ Applications
- A Massive Trove of Email Addresses and Passwords Left Online Without Any Protection
- Microsoft Warns Other Organizations of Threat Actor Group, Gallium
- Gas Station PoS Systems Under Attack in North America, Visa Warns
On November 5th, two cancer radiation treatment centers affected by ransomware attack in Oahu, where clinicians had to seize all ongoing radiation treatment because they were unable to access computers, patient records, etc. The Cancer Center of Hawaii claims that patient and employee records were not compromised, however, a full investigation has been launched by the FBI since to determine whether that is the case. Voulgaridis, the executive director of The Cancer Center of Hawaii has declined to answer any questions about the security breach, if any ransom was paid and what kind of patient information could have been compromised.
An unsecured Amazon Web Services (AWS) storage bucket opened in 2017, has been used to compile upwards of 750,000 birth/death certificate applications. The undisclosed company has been entrusted with applicants’ personal information, such as names, dates of birth, current home addresses, email addresses, phone numbers, and historical personal information. The bucket has been updated daily for the past two years and in some instances the company was adding 9000 applications a week. Amazon asserts that the company failed to password protect the storage bucket and anyone with the easy to guess URL web address had access to the data.
Close to three billion email addresses were left exposed on the web and accessible to anyone with access to a web browser. Nearly half of the email addresses also contained associated passwords in plaintext. This massive list of uncovered emails was part of the “Big Asian Leak” from January of 2017, where a dark web vendor was selling the records along with the passwords. The 1.5 TB of data was only exposed for a week, however, that was more than enough time for malicious actors to download it and disperse it in the deep web.
Gallium, a hacker group with malware infrastructure in Hong Kong and China has been targeting telecommunications companies. Microsoft coined the threat actor group after a series of attacks from 2018 to mid-2019. Hackers were successfully infiltrating vulnerable web servers using cheap and disposable tools in order to cover their tracks and malicious intent. Microsoft asserts that Gallium actors modify off-the-shelf malware tools in order to evade anti-malware detections. In recent months the group has been quiet, and the company hopes that it can prevent further attacks by sharing the group’s tactics.
Over the summer of 2019, three threat actors were observed attempting to scrape payment card data in North American fuel dispensers, according to the Visa Payment Fraud Disruption. The malicious actors targeting the magnetic stripe point-of-sale systems at these popular gas stations have been continuously attempting to execute attacks this fall, and Visa warns that they are not slowing down. According to a recent study, fuel dispenser merchants are prime targets for threat groups. As such, Visa is providing merchants with a series of mitigation tactics to combat these threat actors.
To learn about cloud access security brokers (CASBs) and how they can protect your enterprise from data leakage, malware, and more, download the Top CASB Use Cases below.