More Than 82% of Public-Facing Exchange Servers Still Vulnerable to Actively Exploited Critical Flaw
On February Patch Tuesday, 2020, Microsoft released a patch for a critical vulnerability affecting Microsoft Exchange Servers which could potently be exploited by threat actors to take full control of a vulnerable system. Despite Microsoft warning that the flaw would be attractive to hackers, patching has been slow. An analysis conducted by cybersecurity firm Rapid7 revealed more than 82% of public-facing Exchange servers remained vulnerable and had not been patched. The firm’s scan identified 433,464 public-facing Exchange servers, and at least 357,629 were vulnerable to an attack exploiting the CVE-2020-0688 vulnerability. Exchange administrators may not have prioritized the patch as the vulnerability is a post-authorization flaw; however, attacks could take place using any stolen email credentials or by using brute force tactics to guess weak passwords. Several proof-of-concept exploits for the flaw have been published on GitHub, and there have been reports of nation state Advanced Persistent Threat groups attempting to exploit the flaw using brute force tactics to obtain...
INTERPOL Issues Warning Over Increase in Ransomware Attacks on Healthcare Organizations
INTERPOL has issued an alert to hospitals over continuing ransomware attacks during the 2019 Novel Coronavirus pandemic. While some ransomware gangs have publicly stated they will be stopping attacks on healthcare providers that are on the front line dealing with COVID-19, many are still conducting attacks. Further, those attacks have increased. Attempted Ransomware Attacks on Healthcare Organizations Increased over the Weekend Last weekend, INTERPOL’s Cybercrime Threat Response (CTR) team detected a significant increase in attempted ransomware attacks on hospitals and other organizations and infrastructure involved in the response to the coronavirus pandemic and issued a ‘Purple Notice’ alerting police forces in all 194 member countries of the increased risk of attacks. “As hospitals and medical organizations around the world are working non-stop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients,” said INTERPOL Secretary General...
FBI Warns of Increase in COVID-19 Related Business Email Compromise Scams
The Federal Bureau of Investigation has issued a warning following a rise in Business Email Compromise (BEC) attacks that are taking advantage of uncertainty surrounding the COVID-19 pandemic. BEC is the term given to an attempt to fool individuals responsible for performing legitimate transfers of funds into sending money to a bank account controlled by the attacker. This is achieved by impersonating an individual within a company that the victim usually conducts business with. A typical attack scenario will see an email sent to an individual in the finance department requesting a change to bank account information for an upcoming payment. Several attacks have recently been reported to the FBI’s Internet Crime Complaint Center (IC3) that have a COVID-19 theme and municipalities are being targeted that are purchasing personal protective equipment (PPE) and other essential supplies to use in the fight against COVID-19. In the alert, the FBI offered two recent examples of COVID-19 BEC scams. The first involved a scammer impersonating the CEO of a company and requesting that a...
PHI Exposed in Phishing Attacks on Healthcare Resource Group and Confido
The pharmacy benefits consulting firm Confido has started notifying 3,600 of its clients’ employees, members, and their dependents, that some of their personal information has potentially been accessed by an unauthorized individual who gained access to an employee’s email account. The email account breach was detected on December 12, 2020 and an investigation was launched to determine the scale and scope of the breach. Assisted by a third-party security firm, Confido determined on January 17, 2020 that an unauthorized individual had access to the email account for a period of two weeks between November 29, 2019 and December 12, 2019. It was not possible to determine if information in the email account was downloaded, but the possibility could not be ruled out. A comprehensive review of the email account revealed it contained names, dates of birth, health insurance information, Social Security numbers, prescription information, treatment information, and clinical information such as diagnoses and provider names. Individuals affected by the breach were notified on February 10, 2020....
Kwampirs APT Group Continues to Attack Healthcare Organizations via the Supply Chain
An Advanced Persistent Threat (APT) group known as Kwampirs, aka OrangeWorm, is continuing to attack healthcare organizations and infect their networks with the Kwampirs Remote Access Trojan (RAT) and other malware payloads. The threat group has been active since at least 2016, but activity has increased recently with the FBI now having issued three alerts about the APT group so far in 2020. Symantec was first to report attacks on healthcare organizations via the supply chain in a report published in April 2019. A variety of industries are being targeted by the APT group, including healthcare, energy, engineering, and software supply chain. The attacks on the healthcare sector are believed to have occurred through vendor software supply chain and hardware products. The FBI reports that the attacks have been very effective. The APT group has compromised a large number of hospitals throughout the United States, Europe, and Asia, ranging from local hospital associations to major transnational healthcare companies. The campaigns have included locally infected machines and enterprise...



