Oh what a tangled web we weave…. Back in October, DataBreaches reported that Snatch Team had listed Kenosha Unified School District in Wisconsin on its dedicated leak site. By the end of the day, however, the listing had been removed without any data having been leaked. Then in November, REvil listed KUSD on their leak…
Category: Commentaries and Analyses
Most of the 10 largest healthcare data breaches in 2022 are tied to vendors
Jessica Davis reports: Ninety percent of 10 largest healthcare data breaches reported this year were caused by third-party vendors, much like in 2021. The fallout for many of these cyberattacks resulted in impacts for multiple connected providers, with two of these vendor incidents affecting hundreds of providers. These incidents should serve as a warning to…
AirAsia’s parent company told to supply documents; government probes Daixin ransomware attack
John Bunyan reports: The Ministry of Communications and Digital has ordered Capital A, the parent of AirAsia, to submit supporting documents and data for the investigation into the breach of the airline’s networks that exposed the personal information of millions of passengers and staff. Communications and Digital Minister Fahmi Fadzil said the security breach affecting…
HC3: Analyst Note: Royal Ransomware
December 07, 2022 TLP:CLEAR Report: 202212071400 Executive Summary Royal is a human-operated ransomware that was first observed in 2022 and has increased in appearance. It has demanded ransoms up to millions of dollars. Since its appearance, HC3 is aware of attacks against the Healthcare and Public Healthcare (HPH) sector. Due to the historical nature of…
New Ransom Payment Schemes Target Executives, Telemedicine
Brian Krebs has an interesting write-up about some of the goings-on involving ransomware groups targeting the healthcare sector. Krebs cites Alex Holden of Hold Security, a Milwaukee-based cybersecurity firm. Holden’s team reportedly gained visibility into discussions among members of two different ransom groups: CLOP (a.k.a. “Cl0p” a.k.a. “TA505“), and a newer ransom group known as Venus. Readers…
HoHoHo Holiday routines…
RedSense has issued a new paper that starts with a reminder: Holidays Routine 2022/23: Not Novel Naughty or nice, there’s a few things in cyber circuits that won’t change in this year’s Holiday Season. 1. Threat actors are financially motivated, driven by human needs, and the holidays are expensive 2. Threat actors stereotypically choose simple…