Universities have become a popular target for ransomware attacks, so much so that earlier this year, three universities fell victim to a ransomware attack in the same week. With the urgency of shifting to online learning, many education institutions have found themselves extremely ill prepared in the face of cyber attacks. Distance learning has massively opened up a huge attack surface - we are using unhardened collaboration applications like Zoom and at the same time, machines are now remote, removing control over updating and patching from the organization, says Andrew Homer, vice president of security strategy at Morphisec. Yet cybercriminals aren’t getting any slower at deploying attacks, and higher education has become one of the most targeted industries for ransomware attacks over the last few years.Read More
Last week, Universal Health Services, confirmed that the ransomware attack on their networks on September 27th affected computers at all of their US care sites and hospitals. The ransomware that hit UHS, one of the largest health systems in the US, is the infamous Ryuk, which has been wreaking havoc in targeted ransomware attacks since 2018. During the attack, the Ryuk began shut down systems in the emergency department, as well as additional systems causing some ambulances had to be diverted, and lab test results became delayed. Technicians at some UHS-owned facilities described reverting to pen-and-paper during the attack.Read More
Less than three weeks have passed since we released our ransomware-themed newsletter to our subscribers, and we’ve already come across endless new headlines about big-name ransomware attacks. And we all know - when the attacks are big, the ransom prices are high!Read More
The Japanese manufacturing giant revealed that it had been hit with ransomware on Monday June 8, 2020, forcing it to shut down a number of manufacturing facilities and disrupting its global operations. Honda was left with no choice but to halt operations in Japan, North America, the U.K., Turkey and Italy. Furthermore, the ransomware attack caused disruptions to the company’s customer service and financial services.Read More
Managed Service Providers (MSPs) seem to be a huge target for ransomware lately. MSPs in both government and the private sector have been under attack, causing the U.S. Secret Service to issue a special warning about this phenomenon.Read More
So much about good, basic Security comes down to proper access control. Information security, physical security, personal security, (probably even financial security?) – all security, it seems, works better when there’s proper control over who has access to what and when.
ThreatSTOP’s platform has historically allowed two levels of user access: Admin and Reporter. In this simple scheme, Admins could access everything, like creating a custom DNS Firewall policy, or whitelisting an IP across all their firewalls, while lowly Reporters got read-only access to look at reports. Two extremes of access control for what was a simpler time.
In the years since, things have really evolved in Security. It's gotten scarier outside – there are more threats, nastier ones, more sophisticated attackers, and shrewder methods. DDoS for hire, and turn-key ransomware. The myth of companies “too big to take down” or “too small to be targeted” got busted. It has gotten crazy out there.Read More
The beginning of June saw a sudden surge in University-targeting ransomware attacks. Michigan State University, UCSF and Colombia College were all hit with ransomware from the NetWalker family within the same week. While each institution dealt with their network’s compromise differently, this “University Ransomware Week” was certainly eye-opening for higher education institutions who may need to rethink the security solutions and measures they have implemented.Read More
Since the beginning of the Coronavirus epidemic, threat actors have been exploiting the panic around the deadly virus to deploy cyber attacks. Every day, more and more Coronavirus-related campaigns are spotted, and we are seeing a surge in the number of suspicious domains registered in relation to the virus every day.
To combat these prevalent attacks, our Security Research Team has curated a blocklist including thousands of malicious Covid19-related domains, integrated from our threat intelligence sources and supplemented with additional IOCs found by our team through manual analysis.
We highly recommend adding the Covid-19 domain target to your policy in order to protect yourself from these threats. You can do so by enabling the COVID19 Fake Domains – Domains target, or by enabling our Phishing bundle.Read More
This is an opportunistic time for cyber attackers. While people are in a frenzy to buy food and masks, to figure out how they are going to work from home or how to cope with the loss of their job, cyber attackers show no mercy in taking advantage of the situation to deploy a grandiose variety of Coronavirus-themed attacks.Read More
When security personnel think of email attacks, usually the first word that comes to mind is “phishing." While phishing is a very common (and sadly, very successful) attack vector, many threat actors take a different approach to gaining access to victims’ accounts. Breaching an email mailbox is a critical first step, creating a doorway to endless exploitation possibilities.
In this blog post, we will outline five different ways that cyber attackers can breach your email account and steal personal information.Read More