<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

Author Archives:Ofir Ashman

Recent Posts

LAZARUS GROUP ALMOST STOLE COVID-19 VACCINE RESEARCH

While vaccines are slowly being distributed around the world, COVID-19 is still on the loose, and the in many ways – the world is still at a halt. Researchers at Kaspersky have recently discovered attacks against COVID-19-related entities, probably attempting to get their hands on vaccine research. The perpetrators behind this sneaky and specialized attack are none other than the mysterious Lazarus Group, a cybercrime group with strong links to North Korea, and known for some large cyberattacks over the last decade, such as the WannaCry attacks, Sony breach, and more. While tracking the group’s activity over a variety of industries, the Kaspersky researchers spotted two COVID-related attacks – one on a pharmaceutical company, and the other on a government ministry involved in COVID-19 response.

Read More

Share this:

The IT/OT Challenge - Understanding Convergence Risks

As we have discussed in previous articles on our blog, smart technologies are advancing at a precedential speed. New technologies and IoT devices allow operational technology infrastructures to connect to the information technology (IT) realm, receiving data and controls from Internet-connected devices. While this creates amazing opportunities and technological advancement, such as simplified process control, real-time visibility, and decreased unplanned downtime, connecting OT devices to the Internet makes them vulnerable to an additional world of threats and attack types. Companies and facilities must strictly protect their industrial control system (ICS) and SCADA networks, since a breach can cause damage to an electrical grid, an oil rig, or even to emergency services systems during a crisis.

Read More

Share this:

WHEN RANSOMWARE HITS CLOSE TO HOME

Last Friday’s family dinner started like any other. My grandmother stealthily running around the kitchen adding some finishing touches to her amazing dishes, while her children and grandchildren gradually arrive. Meeting once a week (or two) for a Friday dinner is customary for traditional Israeli families (and let’s face it, Israel is so small that no matter where you live – it’s still no more than a few-hour drive from your family). As we started moving delicious-smelling food from the kitchen to the dining room, my family asked me excitedly (and a bit worriedly) – “Did you hear about the Shirbit cyber attack? They got attacked with a ransom malware, have you heard of those?”.

Read More

Share this:

Are You Prepared For 5G?

5G is here, and it is definitely changing 21st century technology. The fifth generation of wireless connectivity marks a new era for devices of all kinds, serving as critical infrastructure to promote the digitization, automation and connectivity of machines, robots, smart appliances, transport solutions and more. In addition to advanced infrastructure technologies - smartphones, computers and Internet-of-Things devices are extremely prevalent in every home - and they’re getting smarter. With the increased demand for connectivity and 5G-enabled IoT devices, vendors are rushing their products to be the first on the market, trying to beat out the competition on the way. According to Statista, there will be a whopping 74 Billion connected devices by 2025. Even last month’s Black Friday deals on next generation smartphones and smart devices may very well have equipped another couple million Americans with 5G-compatible devices. But despite the excitement and hype around smart technologies, this race-to-market is creating a gaping hole where strong security and advanced technology must meet. Vendors are sacrificing security testing, allowing potential vulnerabilities to remain hidden in the backend of devices.

Read More

Share this:

Watch out for Phishing this (online) Holiday Season

Winter holidays are a glowing delight, filled with cozy warm drinks, great food, decorations, family traditions, and of course – presents. Families know the feeling of December creeping in, and the burst of joy filled with urgency that comes with it. People rush to shopping malls by the handfuls, making a day (or days) of purchasing gifts for their friends and loved ones. But the Covid-19 pandemic has reshaped the holiday shopping experience, migrating holiday shoppers from mall trip extravaganzas to multi-platform online shopping. Probably the last thing buyers are thinking about when deliberating between a blue bike or a green scooter is the plethora of cyber attackers just waiting for them to make one mistaken make one wrong click, and fall victim to a phishing scam that can drain all the money (and holiday joy) from your stocking.

Read More

Share this:

Pop Stars Hacked during Spotify Wrapped 2020

For 320 million Spotify users around the world, December kicked off with some fun statistics in Wrapped, the streaming service’s yearly review: Most streamed artist, most played song, top podcasts... But it’s 2020, "the Year to Forget", and no parade can go on for long without some rain. During Spotify’s Wrapped 2020, the most popular streaming service in the world suffered a pretty wild security breach that targeted both popular musicians and their music labels.

Read More

Share this:

RANSOMWARE THREATENS TO SHUT DOWN ONLINE LEARNING – AT ENORMOUS COSTS

Universities have become a popular target for ransomware attacks, so much so that earlier this year, three universities fell victim to a ransomware attack in the same week. With the urgency of shifting to online learning, many education institutions have found themselves extremely ill prepared in the face of cyber attacks. Distance learning has massively opened up a huge attack surface - we are using unhardened collaboration applications like Zoom and at the same time, machines are now remote, removing control over updating and patching from the organization, says Andrew Homer, vice president of security strategy at Morphisec. Yet cybercriminals aren’t getting any slower at deploying attacks, and higher education has become one of the most targeted industries for ransomware attacks over the last few years.

Read More

Share this:

Getting Phished by a Prestigious University? New Attack Campaigns Use a Clever Trick

2020 has been a crazy year for everyone – including higher education institutions. While the world scrambled to keep health care systems afloat AND hold on to flailing economies over the summer, universities and colleges dealt with a different challenge – taking an extremely social experience, the education system, and putting it online. There’s no doubt that online learning saves facility expenses and time, but it has made Higher Ed institutions – and their students and staff – much more vulnerable to cyber attacks. University systems and networks need to be accessible to students from home, and in a time when online study life and online personal life merge, students may very well be putting the institution’s systems at risk as well.

Read More

Share this:

United Health Systems: All US Sites Impacted in Ransomware Attack

Last week, Universal Health Services, confirmed that the ransomware attack on their networks on September 27th affected computers at all of their US care sites and hospitals. The ransomware that hit UHS, one of the largest health systems in the US, is the infamous Ryuk, which has been wreaking havoc in targeted ransomware attacks since 2018. During the attack, the Ryuk began shut down systems in the emergency department, as well as additional systems causing some ambulances had to be diverted, and lab test results became delayed. Technicians at some UHS-owned facilities described reverting to pen-and-paper during the attack.

Read More

Share this:

Coffee Machine Hacked – and THIS IS Just The Beginning

The alarming concept of IoT cyber attacks sends us straight to a dystopic vision of crashing automatic cars, and smart elevators stuck in place with evil music playing in the background. Looming over the excitement for next generation technology is a cloud of worry about the cyber implications of connecting everyday devices to the internet. While we’re sure that a hospital whose critical scanning machines are being held captive by ransomware will pay up, we don’t tend to stop and think about our small day-to-day actions that may be affected as well. If your printer was held hostage by ransomware before a critical meeting, and you had to pay $100 to free it – would you?

Read More

Share this:

ARCHIVES

see all

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter