gozi_malware.jpg

This week we saw Gozi malware making a comeback, a huge increase in C & C servers using SSL cloaking malware, and Banner Health was compromised with 3.7M patients being affected.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.


Malware

1. A new version of Gozi malware is at it again, by targeting financial institutions in Europe and APAC as a trial prior to launching in the US.

why is this signficant?

  • First detected in 2007, Gozi malware was known to evade detection and slip by antivirus solutions.  This new version of Gozi is making a comeback and it seems that the companies sticking with the traditional cyber-security defense systems are at the highest risk due to the malware's ability to "quickly refine and update itself".
  • Gozi detects when a user at a financial institution is attempting to transfer money, sending a real time notification via the C&C server to intercept the legit transfer, to transfer funds to a "money mule" account. 
  • To add to the avoidance of detection, on the more valuable targets, Gozi has the ability to record biometrics of the innocent financial institution user's behavior and replicate for example keystrokes to swiftly move funds to the threat actor's mule account. 
/** enSilo protects out-of-the-box against the Gozi strains **/

Read the full story on Credit Union Times

 

2. A new report shows an increase of 200 times of command and control servers using SSL to hide malware communication.

why is this signficant?

  • An increase of malware is using SSL to bypass network solutions in order to successfully exfiltrate data.
  • The use of SSL by malware escapes the eyes of traditional barriers such as DLP and network security solutions.
  • If a network security solution does want to look into the actual traffic, it requires decryption keys to open up that traffic, not only exposing enterprise interaction but also causing further key management challenges.

/**enSilo protects against exfiltration, and is inherently agnostic to content and encryption. Why? Learn how enSilo works **/

Read the full story on SC Magazine

 

Breach

Banner Health data breach impacts 3.7 million victims stretching across AZ., AK., CA., CO.

why is this signficant?

  • July 7 - It is reported that Banner Health was infiltrated through their card processing system found in Banner Health cafeterias, possibly a PoS malware.
  • July 13- The forensics team discovered that the threat actors went after more than just credit card information and compromised patient data
  • The reported breach looks to be initially a PoS malware that blew open the door to 3.7M victims' data. 
  • Currently, there is a doctor that has filed a class-action lawsuit following the breach due to  The doctor is stating that millions of people are affected by this breach and a “It’s not enough to offer a skimpy 'fix'.
  • On the same note, prices of healthcare settlements has reached a record high of $5.55M. Advocate Health Care Network operating out of IL, will pay a settlement fee of $5.55M ,to U.S. Health & Human Services Department, after they settled in court following their breach.

/** Understand the underlying costs of PoS Malware here **/

Read the full story on BankInfoSecurity