Forbid ransomware payments, says a Canadian hospital.
Welcome to Cyber Security Today. It’s Monday, November 20th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
 |
 |
 |
The CEO of one of five southwestern Ontario hospitals hit by a ransomware attack says Canadian governments should forbid cyber attack victims from paying threat actors. David Musyj MOOS-EEj told reporters on Friday the group thought about giving in to the Daixin Team ransomware gang. But, he said, the hospitals had no assurance the gang would destroy data it copied. And, of course, he said, as long as money goes to crooks data theft will continue. Some of the hospitals still haven’t been able to restore full service to patients since the October 23rd attack on hospital IT provider TransForm Shared Service Organization.
The Canadian Psychological Association has acknowledged what it says was a recent attempted ransomware attack. In a statement the association said the October 27th attack was stopped. Earlier this month the Medusa ransomware gang said it hit the association. The association says there is no evidence that members’ personal information was breached. On the other hand, the Medusa website is offering what it says it is stolen data from the association. It doesn’t say what kind of data it has.
A Kentucky man has been charged with hacking into U.S. and Canadian-based service providers to the Marriott hotel chain. But according to Forbes.com the man also told the FBI he broke into the death registration systems of several U.S. states. In one state he allegedly registered his own death. In another state the FBI was told the accused also had a death certificate registered there as well. Why do that? Possibly to evade police, who might think ‘The attacker couldn’t be so-and-so. He’s dead’. The accused allegedly told the U.S. Department of Justice he sold personal information he accessed to people around the world. The accused told investigators one company was compromised because he got the login credentials of application developers based in India. It helped that those developers reused their passwords. None of the accusations have been proven in court.
A U.S. judge has sentenced an Israeli man to over six years in prison for running an international hacking-for-hire spearphishing company. Aviram Azari ran what was called an intelligence firm in Israel. Clients hired the company to get intelligence on certain individuals and groups. In turn Azari’s company hired hackers to send phishing messages to those targets. They included climate change activists and financial firms that were part of German payment processing companies. In one case stolen documents from infected computers were leaked to the press that outlined U.S. state investigations into Exxon Mobile Corporation. Prosecutors estimated Azari was paid about US$4.8 million over five years by customers.
The number of people impacted by the theft of data from MOVEit file transfer servers has jumped by over 1.6 million. This comes after Welltok, a medical services provider to a number of American health plans, acknowledged its MOVEit server was hacked. At the time held data of four organizations. According to statistics compiled by Emsisoft, so far the MOVEit servers of over 2,600 organizations have been hacked involving the data of over 77 million people.
It’s taken almost a year but over 27,000 lawyers registered with the New York Bar Association are being notified of a data breach that happened last December. The association says after an extensive investigation it determined last month that sometime in December, 2022 some of its files with lawyers’ names and payment card numbers were copied.
The city of Long Beach, Calif., has declared a local emergency after a cyber attack on the municipality last week. The proclamation allows the city more options to respond to the attack, including raising the authority of the city manager to spend up to US$1 million on equipment and special services. Among other problems, residents temporarily can’t pay utility bills. Public safety and emergency services are not affected.
Finally, the U.S. telecom regulator is forcing cellphone providers to toughen their policies so they won’t be suckered by threat actors trying to steal customers’ cellphone numbers. The Federal Communications Commission said providers have to adopt secure ways of authenticating a customer before allowing a phone or SIM card number to be shifted to another device. SIM card swap scams are one way hackers access company networks. The new rules require providers to immediately notify customers if a requested change is made to their accounts.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
