I.T., Blog Deidre Frith I.T., Blog Deidre Frith

Medical Centers impacted by ransomware around the U.S.

Medical Centers around the United States are becoming victims on ransomware. Now, during a time of COVID it’s causing more hardship than ever before. We’ve selected three briefs to share with you about the results and difficulties these circumstances have created for medical facilities.

Greater Baltimore Medical Center Hit by Ransomware Attack

BY MIKE LENNON

The Greater Baltimore Medical Center in Towson, Maryland was hit by a ransomware attack that impacted computer systems and medical procedures, the healthcare provider said Sunday. In late October, the U.S. government warned hospitals and healthcare providers of an “increased and imminent” ransomware threat. The alert warned that threat actors are targeting the healthcare sector with the TrickBot malware in attacks that often lead to ransomware infections, data theft and disruption of healthcare services.

The ransomware attack is the latest of many that have impacted healthcare providers over recent months. In September, a ransomware attack forced the shutdown of more than 250 locations operated by Universal Health Services (UHS). Also in September, an attack shutdown IT systems at a hospital in Duesseldorf, Germany, resulting in the death of a woman after she had to be taken to another city for urgent treatment.

TrickBot has been updated with functionality that allows it to scan the UEFI/BIOS firmwareof targeted system for vulnerabilities, security researchers recently discovered. READ MORE…

UHS Shuts Down Systems in U.S. Hospitals Following Cyberattack

BY IONUT ARGHIRE

In the end of September, 2020, Universal Health Services (UHS) shut down IT networks at multiple hospitals in the United States, after being hit with a cyberattack. A Fortune 500 company operating more than 400 facilities in the United States, Puerto Rico, and the United Kingdom, the healthcare services provider has approximately 90,000 employees and claimed an annual revenue of $11.4 billion for 2019. While many said that patient care wasn’t critically affected, others detailed difficulties in receiving lab results or performing other types of investigations in a timely manner. There was also one unconfirmed report of patients dying due to such delays. Furthermore, Bleeping Computer and TechCrunch report that information from people with knowledge of the incident leads to the conclusion that the Ryuk ransomware was used. READ MORE HERE…

As Hospitals Cope With a COVID-19 Surge, Cyber Threats Loom

BY ASSOCIATED PRESS

The (University of Vermont Medical Center) Vermont hospital had fallen prey to a cyberattack, becoming one of the most recent and visible examples of a wave of digital assaults taking U.S. health care providers hostage as COVID-19 cases surge nationwide.

The same day as UVM’s attack, the FBI and two federal agencies warned cybercriminals were ramping up efforts to steal data and disrupt services across the health care sector.

By targeting providers with attacks that scramble and lock up data until victims pay a ransom, hackers can demand thousands or millions of dollars and wreak havoc until they’re paid.

Ransomware is also partly to blame for some of the nearly 700 private health information breaches, affecting about 46.6 million people and currently being investigated by the federal government. In the hands of a criminal, a single patient record — rich with details about a person’s finances, insurance and medical history — can sell for upward of $1,000 on the black market, experts say. READ MORE…

NEED MORE PROTECTION? LEARN MORE ABOUT CYBER DEFENSE…

Read More
Deidre Frith Deidre Frith

The True Cost of a Low Cost Router

Jetstream routers sold exclusively at WalMart, and Wavlink routers sold on Amazon and eBay, contain suspicious back doors that could lead to attackers having the ability to remote control the router and anything attached to it. These Jetstream routers are part of Walmart’s new line of affordable WiFi routers. What you should do if you own one already.

Thinking about buying a low cost WiFI router?

Be careful. Jetstream routers sold exclusively at WalMart, and Wavlink routers sold on Amazon and eBay, contain suspicious back doors that could lead to attackers having the ability to remote control the router and anything attached to it. These Jetstream routers are part of Walmart’s new line of affordable WiFi routers.

Walmart-exclusive-router-and-others-made-in-China-contain-hidden-backdoors-to-control-devices-750x375.jpg

These routers are easily 1/3rd of the price for comparable performing WiFI routers, but that low price comes with a potential high cost – your security. There are back doors built in, remote code execution vulnerabilities, plus a script built into the firmware to perform a network discovery scan – this functionality isn’t documented. We’re not saying that you will definitely get compromised using these routers, but the pieces are in place for it – pieces which have no value to you, but great value to bad actors. We definitely won’t be buying one of these, and anyone who asks, we will point them to something else. 

Both brands are owned by the same company, Winstars Technology. This isn’t a smoking gun by itself, many companies have multiple brands marketed to different channels. The different brand routers appear to be the same of very similar. You should know by now that China requires Chinese companies to store all of their collected data in country, and make it available to the government. 

WHAT SHOULD I DO IF I HAVE ONE OF THESE ROUTERS?

Our advice matches what the cybernews researchers say –

  1. get a new router;

  2. change all your online passwords (assume they’ve been compromised) AFTER you get the new router;

  3. and, destroy the current device so someone else isn’t a victim. I’d also be looking for malware on the computers connected to it as well.

SOURCE: https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/

Read More
I.T., Blog Deidre Frith I.T., Blog Deidre Frith

DIY Security Awareness Training

As you might imagine, RealTime fields a fair number of questions regarding cybersecurity that range from “How can we be better protected” to “I’m scared that we might be hit like that <insert business name here> was.” As part of answering this real need for our clients, RealTime is now offering an end user training program as part of our Advanced Cybersecurity Services.

By Todd Swartzman
Chief Information Security Officer

diy-learn-large.png

As you might imagine, RealTime fields a fair number of questions regarding cybersecurity that range from “How can we be better protected” to “I’m scared that we might be hit like that <insert business name here> was.” As part of answering this real need for our clients, RealTime is now offering an end user training program as part of our Advanced Cybersecurity Services.

 But, if you aren’t a client (yet) or you’d just like to try this on your own, you can train some of the basics of cybersecurity awareness just by spending a little time online, especially Youtube. This is not intended to replace formalized training, or make you an expert. What these videos can do is help you address some of the most likely threats that the average person encounters just because they use the internet and email in the course of doing their job. These tips are excellent for anyone who just wants to reduce their risks online.

TOOLKIT FOR SMALL BUSINESS

The Global Cyber Alliance is soon releasing a toolkit for small business to better educate and protect themselves from the most common threats in an easy to understand format. RealTime has access to this content early (it will be available to the public soon) and will post about that once it becomes publicly available. For now, here is a compilation we have put together that anyone can use to be better informed and help protect from common cyber threats we all get exposed to on a daily basis at work and at home.

SECURITY AWARENESS VIDEOS

Our Chief Information Security Officer, Todd Swartzman, has watched all of the videos below and recommends taking the the four minutes or less each needed to watch the them for your DIY education.

The links are current as of August 24th, 2020.

  • Phishing explained with some education, by SANS - https://www.youtube.com/watch?v=sEMrBKmUTPE

  •  How to spot a phishing email, report by Fortune Magazine - https://www.youtube.com/watch?v=jfnA7UmlZkE – best tip in this video: If the email looks suspicious, it probably is.

  • If you only watch one video, make it this one – An excellent video spotting phishing scams that is well worth the almost 4 minutes of your time. Loaded with realistic examples and tips - https://www.youtube.com/watch?v=0GwWTjz6txU – best tip: Think before you click.

  • Office 365 phishing attack types with some examples, this is not a video - https://betanews.com/2019/04/03/office-365-phishing-attacks/ Note that these threats are not unique to  Office 365 email – we’ve seen attempts against all web based email systems. Just more confirmation that if something asks you to confirm credentials or enter your logon info to access an attachment – be wary! It’s better to ask questions before you click than after.

RealTime Chief Information Security Officer, Todd Swartzman

RealTime Chief Information Security Officer, Todd Swartzman

 TODD’S TIP

“The best single tip that I can provide to help you avoid being hooked by phishing: Microsoft, Google, Apple, Verizon, Bank of America, SSA, IRS, and thousands of legitimate, big, public businesses just like them will NEVER, ever, send an email to you asking you to confirm your password.” 

HERE ARE SOME OTHER THREATS WE FEEL EVERYONE SHOULD BE ABLE TO RECOGNIZE:

  

 

Read More
I.T., Blog Deidre Frith I.T., Blog Deidre Frith

Wisconsin Republican Party had their cyber security compromised due to Phishing attack

There have been more than 800 attempted phishing attacks for financial gain targeting the Wisconsin Democratic Party this campaign cycle, but none has been successful, said party spokeswoman Courtney Beyer. The Wisconsin Republican Party, however, was not so lucky.

Hackers stole millions from Wisconsin Republican Party

Original Article By Scott Bauer
October 29, 2020
AP News

PHISHING ATTACK STOLE MONEY; NO DATA.

The Wisconsin Republican Party had a suspected phishing incident that couldn’t have come at a worse time. An estimated $2.3 million was stolen by cybercriminals from the party’s reelection fund after at least one staffer interacted with a phishing email, impacting operations just as the races were coming down to the wire. The FBI and local officials are investigating the incident.

There have been more than 800 attempted phishing attacks for financial gain targeting the Wisconsin Democratic Party this campaign cycle, but none has been successful, said party spokeswoman Courtney Beyer. The Wisconsin Republican Party, however, was not so lucky.

Hackers manipulated invoices from four vendors who were being paid for direct mail for Trump’s reelection efforts as well as for pro-Trump material such as hats to be handed out to supporters. Invoices and other documents were altered so when the party paid them, the money went to the hackers instead of the vendors, Republican Party Chairman Andrew Hitt.

(AP Photo/Morry Gash, File) In this Sept. 17, 2020 file photo President Donald Trump throws a hat to the crowd after speaking at a campaign rally at the Central Wisconsin Airport in Mosinee, Wis. Hackers stole $2.3 million from the Wisconsin Republi…

(AP Photo/Morry Gash, File) In this Sept. 17, 2020 file photo President Donald Trump throws a hat to the crowd after speaking at a campaign rally at the Central Wisconsin Airport in Mosinee, Wis. Hackers stole $2.3 million from the Wisconsin Republican Party's account that was being used to help reelect President Donald Trump in the key battleground state, the party's chairman told The Associated Press on Thursday, Oct. 29.



It appears the attack began as a phishing attempt and no data appears to have been stolen, said party spokesman Alec Zimmerman. The party noticed the suspicious activity on Oct. 22 and contacted the FBI on Friday after it was discovered that an invoice was generated that shouldn’t have been there.

The alleged hack was discovered less than two weeks before Election Day, as Trump and Democratic rival Joe Biden made their final push to win Wisconsin and its 10 electoral votes. Trump won the state by fewer than 23,000 votes in 2016 and was planning his third visit in seven days on Friday. Biden also planned to campaign in Wisconsin on Friday. Polls have consistently shown a tight race in the state, usually with Biden ahead by single digits and within the margin of error.

REALTIME CYBER SECURITY SOLUTIONS

The most dangerous attack is used to do everything from steal money to deploy malware; more than just compromising data. Our Chief Information Security Officer, Todd Swartzman, can meet with you personally and do a gap assessment on your business to see where you could use extra protection. Learn more now about our Cyber Defense program…

RealTime IT is located in Dothan, Alabama and services the entire Wiregrass area and across the U.S.

Read More
Deidre Frith Deidre Frith

Microsoft Foils Russian Ransomware Group Planning Election "Chaos and Mistrust'

Microsoft took legal action on Monday to disrupt a botnet called Trickbot, “one of the world’s most infamous botnets and prolific distributors of ransomware,” which many feared was preparing to cast doubt on the results of the U.S. presidential election.

St. Basil’s Cathedral, Moscow. Photo by America_rugbier via Flickr

St. Basil’s Cathedral, Moscow. Photo by America_rugbier via Flickr

By Nancy Bilyeau | https://thecrimereport.com

Microsoft took legal action on Monday to disrupt a botnet called Trickbot, “one of the world’s most infamous botnets and prolific distributors of ransomware,” which many  feared was preparing to cast doubt on the results of the U.S. presidential election.

“Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust,” said Microsoft in a statement.

The company obtained an order from a federal judge in the Eastern District of Virginia that gave Microsoft control of the Trickbot botnet, a global network it describes as the largest in the world. Botnets are networks of computers secretly infected by malware that can be controlled remotely.

CONTINUE READING

Read More