project_sauron.jpg This week’s events were led by a state-sponsored malware dubbed "Project Sauron" AKA "Strider, that was successfully hiding out for at least 5 years prior to being discovered, Oracle-owned MICROS experienced a PoS attack that is still under investigation, we are also seeing the effects of ransomware on healthcare with "DarkOverLord". 

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.


APT Campaign

An extremely sophisticated malware dubbed “Project Sauron" was discovered by researchers after it had infiltrated 5 years prior.

Why is this significant?

  • Apparently, “Project Sauron” AKA “Strider” has been active since 2011, and researchers uncovered at least 30 active targets. Once the malware was installed, it acted as a “sleeper” cell, awaiting for awakening. The malware obtained passwords, cryptographic keys, configuration files and data related to encryption software used by the compromised device.
  • “Project Sauron” removed all patterns so that an infection on one machine could not be identified on another machine.
  • “Project Sauron” has characteristics that fit a profile of a state-sponsored attack. For example: modules that exist only in memory without having to  tap into the disk, the ability to steal information from air-gapped networks, the malware had compromised many government devices, spreading to more than one country, and seems to have used 0-day vulnerabilities.

Read the full story on ArsTechnica

POS Malware

A PoS malware attack causes data breach on Oracle-owned MICROS.

Why is this significant?

  • Oracle purchased MICROS in 2011 which serves as a point-of-sale (PoS) payment program deployed on over 330,000 sites that include hotel, retail, food & beverage that spans across 180 countries.
  • This PoS breach is still under investigation, but there seems to be ties between this breach an an Oracle device that had communication with the notorious Russian group “Carbanak Gang”, known for stealing $1 billion from banks, retailers and hotels.
  • “Oracle seems to be saying its systems are encrypted, but that it’s the customer’s on-premise devices where the real danger lies as a result of this breach.” Avivah Litan, a fraud analyst at Gartner Inc.

/** PoS Malware can dramatically affect revenue.  Learn about the cost here  **/

Read the full story on KrebsOnSecurity

Ransomware

30% of July’s 39 reported healthcare breaches were a result of “DarkOverLord” ransomware attacks.

Why is this significant?

  • It is reported that 87% of July breaches were Healthcare providers.  The more shocking report indicates that healthcare providers took an average of 2 years to report an incident and 1 incident lasted 6 years until it was reported.  Although, HIPAA states that a breach must be reported within 60 days after a breach is discovered, there are loopholes that healthcare providers discover that doesn’t constitute to a “definition of a breach”.  Just recently, Congress had to step in and require HIPAA to update their law to indicate that ransomware is indeed a type of breach and should be addressed within he HIPAA laws. Although, the Congressmen did not think that it was necessary to notify patients in ransomware cases due to patient safety not being at risk. 
  • "Hackers actually accounted for 41% of attacks in June, wherein 11 million records were breached,  the most reported to date.”  In June,  the "Dark Overlord” was advertising stolen healthcare records for sale that included a reported 9.2 million patient records on a Dark Web marketplace. The price tag for these patient records that include names, addresses, emails, phone numbers, dates of birth and Social Security Numbers (SSNs) belonging to 9,278,352 Americans was going for 750 Bitcoin (about $477,000). 
  • Ransomware has been hitting headlines more recently in healthcare and we can expect to see the numbers continue to grow, as it doesn’t look like the budget/and or enforcement for healthcare is dedicated enough to stay ahead of the malware ball..


/** Ransomware is a trend that can be prevented, learn how here  **/

Read the full story on Healthcare IT News