Security Leftovers

posted by Roy Schestowitz on Aug 20, 2023

• Linux Malware: What To Know About the Malware Threat [Ed: Projecting Windows issues onto "Linux"]

  Linux is often praised for its enhanced security compared to other operating systems. Nevertheless, IT professionals must never assume that Linux is immune to threats.

  Due to widespread adoption in critical infrastructure, Linux has drawn the attention of advanced persistent threat (APT) groups aiming to breach its security. Additionally, Linux finds use in various IoT devices. One of the largest cyberattacks in history involved the “Mirai” malware, which exploited vulnerabilities in devices running Linux.

• Tesla notifies employees of data breach

  Tesla has started notifying current and former employees who were affected by a data breach that occurred in May. The company conducted an investigation and found that two former employees had misappropriated confidential information in violation of Tesla’s IT security and data protection policies. As a result, Tesla has filed lawsuits against the former employees and has seized their electronic devices containing the stolen information.

  To prevent further use or dissemination of the data, Tesla has obtained court orders prohibiting the former employees from accessing or sharing the information, subject to criminal penalties. Additionally, Tesla discovered that the two former employees had shared the stolen data with a German newspaper, Handelsblatt. However, Handelsblatt assured Tesla that they will not publish the information and are legally prohibited from using it inappropriately.

• Snatch Team starts really detailing their attacks and ups the ante for those who don’t pay up

  Snatch Team has recently been exploring some novel uses of Telegram. Unlike other groups that use Telegram mainly to list new leaks, Snatch is providing commentaries and analyses of their breaches and more educational materials for readers.

  Some of their commentaries on specific incidents can be fodder for any lawsuits against the companies or entities they breached because they point out security failures that plaintiffs’ lawyers will appreciate. And some of CyberSnatch’s comments seem designed to help insurers avoid having to reimburse clients, which is a somewhat novel approach.

• After cyber breach, Point32Health suffers financial losses

  A crippling cyber attack at the state’s second-largest insurer not only interrupted operations for months but also pummeled the insurer’s financials.

  For the six months ending in June, Point32Health reported a $102.7 million operating loss on $4.8 billion in revenue. Those results compare to a $25.8 million operating loss on $4.9 billion in revenue in the same period the previous year. The most recent earnings capture nearly the full timespan of the ransomware attack and cyber security breach that hamstrung operations at one of Point32′s insurers, Harvard Pilgrim Health Care, from mid-April through much of July.

• Two more attacks involving sensitive data: a plastic surgery center in Brazil and a psychiatric hospital in Lithuania

  This week, DataBreaches spotted a listing for data from a Brazilian plastic surgery practice. The seller, who calls himself “TheSnake,” claims to have 1.3 TB of files from RobertoPolizzo.com.

  [...]

  A sample of files was uploaded as proof of claims. DataBreaches notes that all the files appeared to be password-protected. DataBreaches sent an email inquiry to Dr. Polizzi yesterday about the claimed attack but received no reply.

• May 2023 Data Security Incident Public Notice

  Bunker Hill Community College (“BHCC”) confirmed today that the college experienced a data incident in May 2023 and will issue notices to affected individuals and relevant state and federal agencies about the incident.

  On May 23, 2023, BHCC detected irregular activity on certain BHCC systems that was consistent with a ransomware attack. BHCC immediately responded to the situation by taking the affected systems offline, engaging data security and privacy experts, contacting law enforcement, and simultaneously beginning an investigation. BHCC personnel were able to stop the unauthorized activity from spreading and contained the incident to a limited number of BHCC systems. BHCC’s backups were not affected by the incident, and BHCC personnel were able to restore BHCC’s network from those backups without any data loss. As a credit to the existing safeguards that BHCC had in place, BHCC personnel successfully and safely restored BHCC’s network, enabling BHCC to continue with its academic calendar without any delay.

  Due to the complexity of the unauthorized activity, BHCC’s investigation is still ongoing; however, out of an abundance of caution, BHCC is providing this notice. Based on the information BHCC generally collects and maintains for students, applicants, and personnel, data including names, addresses, dates of birth, social security numbers, education records, and other personal information may potentially be involved. However, BHCC’s investigation is ongoing and specific details as to what categories of information were involved are not yet available. Note that this describes general categories of information collected and maintained by BHCC, and it likely includes categories that are not relevant to each individual. As soon as BHCC is able, individual notification letters will be mailed to affected individuals with further details. If you do not receive a letter, this indicates that your information was not involved in the incident.

• Real estate markets scramble following cyberattack on listings provider

  Home buyers, sellers, real estate agents, and listing websites throughout the US have been stymied for five days by a cyberattack on a California company that provides a crucial online service used to track home listings.

  The attack, which commenced last Wednesday, hit Rapottoni, a software and services provider that supplies Multiple Listing Services to regional real estate groups nationwide. Better known as MLS, it provides instant access to data on which homes are coming to the market, purchase offers, and sales of listed homes. MLS has become essential for connecting buyers to sellers and to the agents and listing websites serving them.

• Haggling With Hackers: Surprising Lessons From 50 Negotiations With Ransomware Gangs

  The prevailing wisdom from cybersecurity experts is that trying to negotiate with ransomware hackers is a bad idea, but on December 30, 2020, one victim broke the rules and gave it a shot.

  "Help?" they typed into one of the compromised computers.

  "Hello," one of the hackers replied. "Are you ready to negotiate? Your network and all of your data were encrypted by [the] CONTI team. Besides the encryption process, we've downloaded a large pack of your internal documents and files that will be published in case our negotiations fail. The recovery price is $8,500,000.”

• Health Data and Investigations: Between a Rock and a Hard Place

  Demands for medical records can stem from a variety of investigations, which can involve a myriad of sources. The most recent example driving headlines is an investigation involving Vanderbilt University Medical Center (“VUMC”). VUMC disclosed records concerning treatment of transgender patients to the Tennessee Attorney General. According to the Attorney General, an investigation of alleged billing irregularities was launched. The investigation stemmed from allegations of improper coding practices that were purportedly revealed by a VUMC clinician on social media posts.