Ransomware Activity Targeting the Healthcare and Public Health Sector (CISA Alert AA20-302A)
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.
CISA, FBI, and HHS have released AA20-302A Ransomware Activity Targeting the Healthcare and Public Health Sector that details both the threat and practices that healthcare organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats. The advisory references the joint CISA MS-ISAC Ransomware Guide that provides a ransomware response checklist that can serve as a ransomware-specific addendum to organization cyber incident response plans.
It is suspected that the attacks are being launched by Eastern European hackers that targeted U.S. hospitals, media reported Wednesday. Experts said the likely group behind the attacks was known as Wizard Spider or UNC 1878. They warned that such attacks can disrupt hospital operations and lead to loss of life. Federal authorities said the recent attacks include incidents in Oregon, California, and New York.
CISA, FBI, and HHS are sharing this information in order to provide a warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats. CISA encourages users and administrators to review CISA’s Ransomware webpage for additional information.
October is National Cybersecurity Awareness Month
October is National Cybersecurity Month (NCSAM), a time for us to focus on how cybersecurity affects all Americans and to remind us of our shared responsibility. NCSAM is a collaborative effort between the U.S. Department of Homeland Security (DHS) and its public and private partners, including the National Cyber Security Alliance, to raise awareness about the importance of cybersecurity and individual cyber hygiene.
Now in it's 17th year, Cybersecurity Awareness Month has grown exponentially, reaching consumers across the nation.
For more information on Commonwealth sponsored events throughout the month, please visit the MassCyberCenter webpage.
Tyler Technologies Ransomware
Tyler Technologies, the nation’s largest provider of software and technology services for the public sector, has reportedly been the victim of a ransomware attack. Notably, the company is responsible for the development of software used to display state and local election results.
Though initially hesitant to discuss the exact nature of the disruption, Tyler Technologies released the following public statement Wednesday afternoon:
“Based on the evidence available to-date, all indications are that the impact of this incident is limited to our internal corporate network and phone systems, and that there has been no impact on software we host for our clients. Our hosted environment is separate and segregated from our internal corporate environment.”
The company, based out of Plano, Texas, employs some 5,300 employees and brought in a reported annual revenue of more than $1 billion for fiscal year 2019. It sells a broad range of services to state and local governments, including appraisal and tax software, integrated software for courts and justice agencies, enterprise financial software systems, public safety software, records/document management software solutions and transportation software solutions for schools.
By Tuesday, Tyler Technologies’ normal landing page was replaced with notice saying the site was offline. At the time of the original change, the message contained no further details regarding the breach. Tyler’s Chief Information Officer Matt Bieri provided a statement to popular security blog KrebsOnSecurity only after markets that day closed, stating
“Upon discovery and out of an abundance of caution, we shut down points of access to external systems and immediately began investigating and remediating the problem. We have since engaged outside IT security and forensics experts to conduct a detailed review and help us securely restore affected equipment. We are implementing enhanced monitoring systems, and we have notified law enforcement.”
Tyler Technologies has thus far declined to state how the intrusion might be affecting its customers. Several IT staffers affiliated with state and local governments throughout the nation have reported interruptions of various natures, with one anonymously stating that the outage has disrupted the ability of people to pay their water bills or court payments.
Depending on how long it takes for Tyler Technologies to recover from this incident, it could have a broad impact on the ability of many states and localities to process payments for services or provide various government resources online.
Bipartisan Digital Identity Legislation introduced in Congress
A draft bipartisan bill designed to modernize the country’s lagging digital identity infrastructure has been introduced in Congress.
The Improving Digital Identity Act of 2020 would help to bolster secure methods of validating identities in government agencies' digital infrastructure. In its current form, the bill would utilize a three-pronged approach:
- It would establish a task force to bring together key federal agencies with state and local government representatives to develop secure methods for government agencies to validate identity attributes to protect the privacy and security of individuals and support reliable, interoperable digital identity verification tools in the public and private sectors.
- It would direct the National Institute of Standards and Technology (NIST) to create a new framework of standards to guide government agencies when providing digital identity verification services – placing an emphasis on privacy and security.
- It would establish a grant program within the Department of Homeland Security to allow states to upgrade the systems they use to issue drivers’ licenses and other types of identity credentials, and to support the development of secure, interoperable state systems that enable digital identity verification in accordance with the framework developed by NIST.
Bill to improve the federal government's use of IoT devices reaches House floor
After languishing in Congressional limbo for nearly a year and a half, the IoT (Internet of Things) Cybersecurity Improvement Act (H.R. 1668) will finally reach the House floor.
The bill would task NIST (the National Institute of Standards and Technology) with the development of standards for agencies’ use of IoT devices and their handling of vulnerabilities in those devices.
The Internet of Things describes the network of physical objects—"things"—that are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet.
NIST is one of the nation's oldest physical science laboratories, tasked with promoting "promote innovation and industrial competitiveness".
Third annual CISA National Cybersecurity Summit begins on Wednesday
Subject matter and discussion dates for the Third Annual National Cybersecurity Summit have been announced.
The event, in its third year, brings together infrastructure stakeholders from around the world and provides a forum for meaningful conversations and collaboration on cybersecurity.
The 2020 Cybersummit will be held virtually as a series of webinars every Wednesday for four weeks beginning September 16 and ending October 7. Each series will have a different theme that focuses on CISA’s mission to “Defend Today, Secure Tomorrow,” with presentations from targeted leaders across government, academia, and industry.
This year’s themes are:
- Sept 16: Key Cyber Insights
- Sept 23: Leading the Digital Transformation
- Sept 30: Diversity in Cybersecurity
- Oct 7: Defending our Democracy
The event is facilitated by the Cybersecurity and Infrastructure Security Agency (CISA), a federal agency within the US government with its operational component under Department of Homeland Security (DHS) oversight.
Spyware Labeled ‘TikTok Pro’ Exploits Fears of US Ban
Researchers have discovered a new Android spyware campaign pushing a “Pro” version of the TikTok app that is exploiting fears that the popular social media app is on the cusp of being banned in the United States. The malware can take over basic device functions as well as uses a phishing tactic to steal victims’ Facebook credentials.
Malicious actors urge users via SMS and WhatsApp messages to download the spyware version of the application, called TikTok Pro, from a specific web address, said Zscaler CISO and VP of security Shivang Desai in a report published Tuesday.
Desai warned Android users not to trust unknown links received in SMS or other messages and to only install apps from official stores like Google Play.
How a Teenager Hacked One of the Largest Social Media Platforms in America
After months of digital reconnaissance, 17-year-old Florida resident Graham Ivan Clark managed to convince a Twitter employee he was co-worker. Prosecutors say this ultimately allowed him to hack the accounts of numerous high profile people including former President Barrack Obama and Tesla CEO Elon Musk.
Despite what you may have recently seen on your Twitter feed recently, dozens of notable, high-profile Americans including former President Barrack Obama, Tesla CEO Elon Musk, and Amazon CEO Jeff Bezos are not in fact, giving away tens of thousands of dollars in cryptocurrency to random Americans.
The tweets were allegedly sent by 17-year-old Florida native Graham Ivan Clark. After months of digital reconnaissance, the high school aged hacker was able to convince an employee of Twitter, one of the world's largest social media platforms, that he was a co-worker who worked in the company's IT department.
He was charged with compromising more than 100 social media accounts and scamming both the Twitter account holders, and the approximately 400 people from whom Mr. Clark allegedly received money in a scam. Two others were also charged—Mason Sheppard, of Bognor Regis, U.K., and Nima Fazeli, 22, of Orlando, Fla.—in connection with the hack.
Cyber Actor Spoofing COVID-19 Loan Relief Webpage
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently warned that a ‘malicious cyber actor’ is targeting the Small Business Administration (SBA) webpage used to generate loans to businesses during the COVID-19 pandemic.
“The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.”
CISA reminds users to remain vigilant and exercise caution when opening email attachments, even if the attachment is expected and the sender appears to be known.
Twitter Says It Was The Victim Of A 'Coordinated Social Engineering Attack'
Barack Obama, Joe Biden, Elon Musk, Apple and others appear to be part of a widespread hacking operation affecting several major companies and highly-visible individuals. Impacted users appeared to be offering to double any bitcoin set to them.
Twitter acted quickly by locking down accounts, compromised or not.
As Twitter investigates what appears to be the largest and most coordinated hack in Twitter's history, the company has vowed to examine what "other malicious activity" the hackers may have committed. The company admits that internal tools were compromised and likely used in the attack, which may explain how malicious actors gained access to the accounts that presumably have enhanced security protections.
"We all feel terrible this happened", said Jack Dorsey, Twitter CEO. "We're diagnosing and will share everything we can when we have a more complete understanding of exactly what happened."
Hacking attacks on hospitals for patient data increase during coronavirus pandemic
During "normal" times, hospitals are often targeted with 80% of medical practices reporting that they have been victims of cyberattacks, according to a national survey. The situation has only gotten worse during the COVID-19 pandemic. Between March and April, IBM saw a 6,000% increase in spam attacks on information technology systems, leveraging COVID-19, many of them at health care facilities, outlines Wendi Whitmore, a cybersecurity expert and vice president of IBM X-Force, a commercial security research team. She goes on to describe the situation as a continuous “cat and mouse” game between criminals and institutions.
Electronic health records are often the target, and according to the FBI, can “be used to file fraudulent insurance claims, obtain prescription medication, and advance identity theft.” Health record theft also is more difficult to detect, taking almost twice as long to recognize as normal identity theft, the report found.
Colin Zick, a partner and co-chair of the privacy and data security practice at Foley Hoag, has some practice advice for patients. Zick requests his medical file periodically to be sure he has access to his own records if they were ever permanently lost. And he said if he saw a provider acting carelessly with his data – such as not using two-factor authentication – he would offer them some free advice.
Apple’s next iPhone update adds new privacy protections — and you won’t be able to miss them
The next version of iOS for iPhones will give new visual notifications when apps are accessing the device’s microphone, camera, clipboard, or other sensitive data.
DDoS Activity Targeting State of Minnesota Resources
A cyberattack temporarily disabled certain Minnesota systems and websites last week. The cyberattack comes amid protests over the police killing of George Floyd last week.
“Keeping our communications systems secure during times of crisis is critical to protecting the Minnesotans that we serve, and we work to meet the challenging and evolving threat to those systems every day. At this time, these attacks have not successfully disrupted the state services that Minnesotans depend upon, and MNIT is working in close coordination with partners at the Department of Public Safety and with the federal government to share intelligence and stay proactive on cyber threats."
Nationwide Unemployment Scam Targets Massachusetts Claimants
Criminal enterprises in possession of stolen personal information from earlier national data breaches have been attempting to file large amounts of illegitimate unemployment claims through the Massachusetts Department of Unemployment Assistance (DUA) system. This is part of a national unemployment fraud scheme.
The Department of Unemployment Assistance (DUA) has begun implementing additional identity verification measures that will temporarily delay the payment timeframe for many unemployment claims in Massachusetts.
For more information, please visit https://www.mass.gov/info-details/report-unemployment-benefits-fraud.
Be aware of a recent increase in scam blackmail emails
Reports of Bitcoin blackmail scams have taken a big jump in the last few weeks. The emails say they hacked into your computer and recorded you visiting inappropriate websites. They threaten to tell others, unless you pay into their Bitcoin account. To complicate matters, they claim to know one of your password - and they include it in the message to prove it.
These e-mails are fake and are a scam. You are likely receiving one because your account and password were involved in a recent data breach. You should take precautions to update the password associated with that account, and others as well.
Students create a bot that tells you when a grocery delivery slot opens up
Having a hard time getting a time slot for grocery delivery? A computer science student at Georgetown University created a simple computer program that automatically notifies you when an Amazon Fresh or Whole Foods delivery slot opens up, letting you place your order. But, he's not the only one. Another developer had their website shut down after getting a cease-and-desist order from Instacart for claiming the site could automatically hunt for delivery slots.
Face ID doesn’t work when you’re wearing a mask—Apple’s about to address that
This week, Apple released the third beta of iOS 13.5, the next major feature release for its mobile operating system. Among other things, the release introduces new Face ID behavior when users are wearing protective masks.
U.S. senators to introduce privacy bill for COVID-19 contact tracing
A group of U.S. senators said they would introduce legislation to address consumer privacy concerns surrounding technology companies’ building contact tracing apps to fight the coronavirus outbreak.
The bill would allow technology companies to develop “platforms that could trace the virus and help flatten the curve and stop the spread – and maintaining privacy protections for U.S. citizens.”
Apple says 'no evidence' iPhone mail flaw used against customers
The default Mail app on Apple's iPhones may be vulnerable to sophisticated email hacks, according to a report Wednesday from The Wall Street Journal.
The vulnerability, which was detected by cybersecurity firm ZecOps, reportedly lets hackers install malicious software on an iPhone by sending a specially crafted email, the Journal reported.
Apple acknowledged the vulnerability existed in its software for email on iPhones and iPads and said the company had developed a fix that will be introduced in a forthcoming update. The company also indicated it has found “no evidence” a flaw in its email app has been used against customers, and that it believes the flaw does “not pose an immediate risk to our users”.
Google moves to open up its Healthcare API to making it easier to share health info
As of Monday, health care providers can build new systems using the new Google Healthcare API to translate and convert data stored in different types of systems, from imaging systems to medical records software. It also said it will offer a range of other services to help health care organizations during the Covid-19 pandemic.
500,000 Hacked Zoom Accounts Given Away For Free On The Dark Web
More bad news for Zoom...
The good news? This wasn't a hack on Zoom but rather a case of users repurposing passwords. This is a great reminder to use a unique password for each account. Sites such as have i been pwned can also be helpful in seeing if your accounts have been involved in a data breach.
Is 5G Cell Phone Technology Linked to the Cause of Coronavirus?
FEMA has started a webpage to discuss this and other COVID-19 rumors. Do your part to the stop the spread of disinformation by doing three easy things:
- Don’t believe the rumors.
- Don’t pass them along.
- Go to trusted sources of information to get the facts about the federal (COVID-19) response.
Apple and Google Team Up to ‘Contact Trace’ the Coronavirus
The technology giants said they would embed a feature in iPhones and Android devices to enable people to track the virus. With the tool, infected people would notify a public health app that they have the coronavirus, which would then alert phones that had recently come into proximity with that infected person’s device.
Be Alert: Phone scammers are taking advantage of the coronavirus pandemic
The FCC has received reports of scam and hoax text message campaigns and scam robocalls offering free home testing kits, promoting bogus cures, selling health insurance, and preying on virus-related fears. Coronavirus scam audio samples can be found on the FCC website. If you think you've been a victim of a coronavirus scam, contact law enforcement immediately.
A Must For Millions, Zoom Has A Dark Side — And An FBI Warning
Teams, WebEx, GoToMeeting, Zoom....If you are working from home, collaboration tools are a must. As we all adapt to a new normal, so are cyber criminals. In the midst of a world-wide pandemic, a new technique entitled "zoom-bombing" has been getting national attention (NPR).
Instagram Draws Surge in Offers of Coronavirus Masks With Potential Risks
As more medical experts recommend wearing masks in public, it's no surprise that social media sites are struggling to keep up with ads and users claiming to sell medical masks. Social Media Researchers found at least 10,450 accounts on Instagram that have popped up in the past few months selling masks, some of which appear to be scams and most of which aren’t vetted for safety or price concerns. Always remember to validate companies before making a purchase. If it seems too good to be true, it likely is. Note: A subscription is required to read the complete WSJ article. However, the complete report is available for free.
Scammers are creating Netflix lookalikes to target people staying at home, study finds
While it is not surprising that the pandemic has resulted in Netflix’s subscriber growth, the brand has been used as part of various web-based fraud schemes. The cybersecurity firm, Check Point recently reported an increase in fake steaming services spinning up. The complete article can be found on USAToday.
Coronavirus surveillance poses long-term privacy threat, U.N. expert warns
From facial recognition to phone tracking, governments are turning to technology to trace Covid-19 infections and keep tabs on the population as they enforce lockdowns and quarantines. China, South Korea and Israel are among the countries rolling out such technologies and experts say the effects could long outlast the current crisis.
Boston, MA 02108