Intel 471 took a look back at law enforcement attempts to disrupt ransomware groups and at the recent Operation Cronos. Their timeline begins in 2021. The report looks at the immediate impact of disruptions and then the long-term impact. Do disruptions really make a significant — and lasting — dent in the problem, or are…
Category: Commentaries and Analyses
Two recent NYS audits of k-12 districts’ information technology security
The NYS Comptroller’s Office recently released more audits of school districts. Here are two of them: Whitney Point Central School District – Information Technology (IT) (Broome County) Audit Period July 1, 2021 – February 24, 2023. We extended our audit period to August 31, 2023 to review backup restoration results and November 16, 2023 to…
Consulting Radiologists LTD notifying 583,824 patients about February attack
Two ransomware groups claimed to have attacked Consulting Radiologists. The notification is silent about any ransom demands. Consulting Radiologists LTD. (“CRL”)” in Minnesota is a physician-owned practice. On February 12, 2024, they detected suspicious activity on their network. An investigation revealed that an unauthorized actor had accessed certain files and data. Those files contained patient…
Social Engineering Tactics Targeting Healthcare & Public Health Entities and Providers
June 24, 2024 TLP:CLEAR SUMMARY The Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used in a social engineering campaign targeting healthcare, public health entities, and providers. Threat actors…
Cyber Attack on Synnovis Pathology Lab Traced to Longstanding Known Weaknesses at London Hospitals
Scott Ikeda writes: A cyber attack on London hospitals that has unfolded over the course of June has had a devastating impact on the city’s blood supply, and has caused hundreds of operations to be postponed. New reporting from Bloomberg indicates that the city’s hospitals have long known that Synnovis, the pathology lab at the center of…
BreachForums back online — or it is a honeypot? (UPDATED)
On June 12, BreachForums reappeared on clearnet and Tor. The owner — or someone with access to the forum owner’s account — interacted a bit in the ShoutBox and posted an announcement: Hello BreachForums users! Some wild stuff has gone down recently. First off, Spamhaus has blacklisted our SMTP host. Then, we ran into more…