On 12 May 2017, the cryptoworm WanaCrypt0r 2.0, also known as WannaCry, infected hundreds of thousands of computers around the world. Our investigation into this ransomware reveals some worrying trends.

Read More

Suggestions

Several Vietnamese airports appear to have been the target of a large-scale cyber attack on 29 July.

All the display systems of two international airports, Noi Bai International Airport in Hanoi and Tan Son Nhat Airport in Ho Chi Minh City were hacked to display insulting messages, while loudspeakers broadcast pre-recorded content.

Read More

Suggestions

IT security professionals have been sounding the alarm for several years now about the risks surrounding the digitalisation and dematerialisation of healthcare data. We have in our minds the image provided by those documentaries that are always on television, which show hackers accessing poorly protected medical lists from their home, instilling fears of violations of the private lives of “private individuals”. This is how, in March 2015, hackers from Rex Mundi published 40,000 tests from the Labio laboratory.

In reality, low-level attacks such as this make us view healthcare data theft through an outdated framework.

To understand the real dangers to healthcare data, three factors need to be taken into account. First, the new profile of attackers, which has gone from simple cybercriminals to all-powerful intelligence services. Second, the fact that the concentration of healthcare data means it is easily possible to keep records on an entire population. Finally, the immutable intrinsic quality that enables an attacker to exploit them long-term.

Read More

Suggestions

We learned recently in cybersecurity news that a small dermatology practice in Lewisville, Texas had suffered the theft of medical data concerning its patients. By stealing a laptop belonging to one of the doctors, the thief made off with the medical files of 1,500 of the practice’s patients. Accustomed to dealing with computer hacking, we can sometimes forget the fact that a large proportion of data thefts result from physical thefts of computers.

The highly-esteemed Verizon Report on Data Breaches concludes, however, that in 2015 approximately 15% of security incidents result from thefts of equipment containing data. Furthermore, 55% of such thefts are committed in the workplace and 22% in business vehicles. Among the effective counter-measures, the report’s authors mention disk encryption, protection by password and the ability to delete data remotely.

Another interesting fact contained in the Report is that the theft of computers containing data has a disproportionate effect on the health sector, where the level of equipment theft among all security incidents is well above 15%.

Read More

Suggestions

On 9 September, the American insurance company Excellus BlueCross BlueShield announced that it suffered the theft of data concerning more than 10 million clients.

The hackers are thought to have penetrated the company’s systems in December 2013, stealing several categories of personal information, including names, social security numbers, addresses, dates of birth and (possibly) medical and financial data.

In addition to Excellus clients, those of all the schemes offered by BlueCross Blueshield are thought to have been included in this leak of data.

The insurer stated that its clients’ data were encrypted, suggesting that the hackers used a conventional privilege escalation to gain administrator rights on the network and thus find and exploit the encryption keys used.

Read More

Suggestions

Two US companies, American Airlines and Sabre, are believed to have suffered an IT attack from Chinese hackers.

American Airlines is a large carrier, while Sabre is a major actor managing billions of flight and hotel bookings in the United States.

The attack against them is thought to have been the work of APT, which was also responsible for operations against the Office of Personnel Management and Anthem. Although the intrusion was confirmed, no personal data appear to have been stolen.

According to experts, the aim of the hackers would be to cross-reference data from different IT intrusions in order to find the occupations and habits of targets of high added value.

This announcement follows in the wake of the revelation, late in July, of an intrusion into United Airlines, another air transport company, in which the same hackers stole flight reports.

Read More

Suggestions

IT researchers have uncovered a Chinese network of VPN services, which they have called “TerraCotta VPN” and is believed to be used to attack American companies, among others.

The VPN’s in TerraCotta are in part based on infected machines used as VPN exit nodes. The infected servers used as relays for the attacks include machines owned by law firms, a State university, a hotel chain and a Fortune 500 engineering company.

The VPN services of TerraCotta are employed by cybernauts without malicious intent wishing to avoid being blocked by the firewall implemented by the government (gamblers, activists, journalists), but are also used by Chinese hackers seeking to camouflage their activities in legitimate VPN traffic.

Read More

Suggestions