How Organizations Should Respond to Hackers

But so seldom do. Electronic medical records locked down as cyber-hackers target hospitals. This is about an Australian medical group.

The IT system across Eastern Health, which manages hospitals such as Box Hill and Maroondah, has been the target of a mystery cyber attack.
The security threat was immediately detected two weeks ago – and electronic medical records were locked down to prevent any breach of patient data.

The threat was identified, contained, and there was no impact to the clients. So props to Eastern Health. At least for today.

For the other side of the equation consider the aircraft-parts manufacturer hit 2 weeks ago. Asco closure after cyber-attack to last another week.

Asco, the Zaventem-based company that makes aircraft parts, will now remain closed at least until 28 June, following a cyber-attack two weeks ago.

Rebuilding/restoring systems “is taking longer than foreseen.” Now this might be in part to the forensic analysis that is ongoing.


UK Forensic Lab Hit With Ransomware

And they do computer forensic work. Or they did before they got sidelined. Police suspend work with major forensics firm after cyber-attack.

And once again, they are not saying what flavor of ransomware.

Police have halted all work with the UK’s largest private forensics provider after a ransomware attack, in the latest crisis to hit the forensics sector.

Eurofins, which carries out DNA analysis, toxicology, ballistics and computer forensics work, detected a breach of its system on 2 June. It has emerged that police have suspended all work with the company, thought to amount to more than 50% of outsourced case work.

It’s obviously slowing down police work, but it is also disrupting trials.

The company processes more than 70,000 cases each year, including murders and terrorism offences. Other private providers do not have the capacity to take on all this extra casework, which could mean significant delays in forensic testing and court cases.

Encryption is alteration of data, of a fairly obvious nature. So has any of the data been altered in less-obvious ways?

Riviera Beach, FL Agrees to Pay Hackers $600,000

And there is no guarantee they will unlock the files, or that some other entity won’t do the same thing next week. engadet: Florida city gives in to $600,000 bitcoin ransomware demand

This has disrupted city operations.

Aside from locking down the files, the attack took down the city email network, forced Riviera Beach to pay employees and contractors by check instead of direct deposit and made it so 911 dispatchers couldn’t enter calls into their systems. The city says there was no delay in response time despite the technological barrier.

Since the unnamed “security consultants” are telling them to pay up, and they’ve apparently made little headway in restoring systems since May 29th, you have to assume that their backups are either non-existent or were also corrupted.

On top of the $600,000 for bitcoin ransom, they are also going to pay $941,000 for new hardware. Hopefully they will budget some money for support.

A part of me hopes they pay the ransom and don’t get their files back. Paying just encourages more of this crap.

It seems that the problem faced by Riviera Beach may be our old friend WannaCry. Palm Beach Post: Florida city agreed to pay $600,000 in ransom to hackers. It isn’t 100 percent clear that WannaCry is the culprit, it could be that is the only bit of ransomware that the “journalists” at Palm Beach Post have ever heard of. They never seem to have asked anyone. The Palm Beach Post seems more interested in providing (or repeating) excuses for why a city can’t be expected to do things like manage critical infrastructure, or update systems in the face of vulnerabilities than in asking hard basic questions.

In case you don’t remember, WannaCry hit 2 years ago. They’ve probably been ignoring the situation in IT for longer than 2 years.

What’s The Cost of Poor Cyber Security?

It can be the company. Collections Firm Behind LabCorp, Quest Breaches Files for Bankruptcy.

Now bankruptcy doesn’t mean the end, but at a guess, they will be much smaller if they survive.

A medical billing firm responsible for a recent eight-month data breach that exposed the personal information on nearly 20 million Americans has filed for bankruptcy, citing “enormous expenses” from notifying affected consumers and the loss of its four largest customers.

Unless corporations, large and small, feel some pain for their poor security, it will never get fixed.

Privacy Is SUCH a 20th Century Concept

An online payment system owned by PayPal has security problems? Say it ain’t so! Millions of Venmo transactions scraped in warning over privacy settings.

“There’s truly no reason to have this API open to unauthenticated requests,” he told TechCrunch. “The API only exists to provide like a scrolling feed of public transactions for the home page of the app, but if that’s your goal then you should require a token with each request to verify that the user is logged in.”

You want a Modern Tech Company™ to spend time and resources on YOUR privacy? There is no privacy. (F*c*book’s lawyer said so!)

What Happens When There Are Millions of Unpatched Mail Servers?

Well if there’s a known vulnerability, they get hacked. Millions of Exim Mail Servers Are Currently Being Attacked.

Millions of mail servers running vulnerable Exim mail transfer agent (MTA) versions are currently under siege, with attackers gaining permanent root access via SSH to the exploited machines according to security researchers.

The patch was issued in February. It was raised to critical a week or so ago. People are clueless.

The only people who will find this to be “unexpected” will be “executives.”

People are all about Windows, or Mac, Android vs iOS, but the most prevalent OS running the internet is Unix, in one of its many incarnations. And Exim, is one of the most popular email server packages running on Unix.

My initial post on this vulnerability is from the 9th of June.

Do You Think The NSA Will Get Their Attention?

I don’t. Even the NSA is urging Windows users to patch BlueKeep (CVE-2019-0708).

After Microsoft warned Windows users on two separate occasions to patch a severe security flaw known as BlueKeep, now, the US National Security Agency has echoed the OS maker’s warning in the hopes of avoiding another WannaCry-like incident.

The NSA’s alert, authored by the agency’s Central Security Service division, is about the security flaw known as BlueKeep (CVE-2019-0708).

After WannaCry (and associated ransomware) cost corporations 100s of Millions of Dollars, and was in the news for MONTHS, you would think people might get the idea that they need to update their systems. They didn’t. (You want to spend HOW much updating systems? They work just fine today!)

I haven’t seen that any exploits are in the wild, but several have been developed by white-hat hackers, and not released. Though some “suspicious” port scanning was detected almost from the moment the bug was made public. When, not if, an exploit is released, denizens of Mahogany Row will say, “This is so unexpected!”