{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
New figures hint at how frequently ransomware victims in the medical sector agree to pay up. NSA researchers say a bug in Ghidra isn't anything to worry about. And a former Yahoo engineer abused his access to invade other people's accounts. This is CyberScoop for Wednesday, September 2.

Just 15% of medical ransomware attacks result in payouts

As the health care sector has grappled with a string of ransomware infections in recent years, there has been a dearth of public data on those incidents, hindering what the sector can learn from them. One researcher, Recorded Future’s Allan Liska, is trying to help fill the void. Data he shared exclusively with CyberScoop on Wednesday challenges assumptions about digital extortion in the medical world. Despite the high value of their data, health care organizations aren’t necessarily more likely to pay the ransom. Out of roughly 120 incidents Liska studied, just 15% of cases had confirmed payouts. While the new dataset may spur more conversations, it is far from complete, he acknowledged. “There is this incentive to minimize the impact of a ransomware attack if you can credibly say, ‘No patient data were interrupted, and so therefore we don’t have to report anything,’” Liska said. Sean Lyngaas had the numbers first.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

Ghidra's stranger danger

The National Security Agency’s open source reverse-engineering tool, Ghidra, is affected by a vulnerability. But security experts — including some Ghidra specialists at the NSA — say it would be difficult to be attacked via that bug. The issue would allow hackers to compromise exposed systems when Ghidra’s experimental mode is running, according to an announcement from the National Institute of Standards and Technology. In theory, this vulnerability would allow hackers to execute arbitrary code against a Ghidra user if a malicious XML plain text file is introduced. But that's unlikely to happen, researchers said, because these files are rare on Ghidra. The solution? Don’t accept files from strangers. Shannon Vavra has more.

A real insider creep

A former Yahoo software engineer has pleaded guilty to hacking into about 6,000 Yahoo accounts for the purpose of finding nude images and videos of the account holders. Reyes Daniel Ruiz, 34, admitted in federal court Monday that he targeted the accounts of younger women, including his personal friends and work colleagues, in order to pull images and videos from the various accounts. Ruiz cracked the accounts by accessing various internal Yahoo systems, and then using that information to access iCloud, Facebook, Gmail, Dropbox and other online services to find more private images and videos. Greg Otto has the indictment.

Chinese hackers get more creative

Over the last several months, Chinese-linked hackers have been targeting a Southeast Asian government with simple spearphishing emails and hundreds of malicious documents with a focus on consistently changing their tactics to avoid detection, according to Check Point research. The most noteworthy part of the hackers’ months-long campaign is their perpetually shifting strategies, one research said. In the past year the group, which Check Point identified as "Rancor," has been consistently able to install PowerShell-based backdoors onto victim machines via spearphishing emails laced with malicious documents. Shannon broke it down.

New analysis of possible Gorgon Group activity

An infamous hacking outfit known as the Gorgon Group may be behind an ongoing, nine-month data-stealing campaign that makes use of multiple trojans, according to analysis released Wednesday by cybersecurity company Prevailion. The hacking tools are cheap, costing under $200, but they appear to be effective, and have been used to steal cryptocurrency, the researchers said. Prevailion attributed the activity with “moderate confidence” to the Gorgon Group, which is thought to be operating out of Pakistan and has targeted both government and private sector organizations. Ryan Olson, VP of threat intelligence from Palo Alto Networks, which also tracks Gorgon Group, could not confirm the attribution but said the campaign bears a number of similarities with past Gorgon Group activity, including the same Pastebin handle that has been used to host payloads connected to the group. Find the details here.

A cyber pact for the skies takes flight

The U.S. Aviation Information Sharing and Analysis Center (A-ISAC) and Eurocontrol, Europe’s intergovernmental aviation organization, just agreed to share cyberthreat data and work on tabletop exercises. The move is the latest indication that government authorities and vendors are more attuned to cyberthreats to the aviation sector, including the threat of hackers compromising the aviation sector’s supply chain. In July, the Department of Homeland Security warned of an insecure networking standard could allow a hacker with physical access to a small aircraft to trick the plane’s equipment into giving false readings of critical flight data. Here's the announcement.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}