Tag Archives: hacker

City of Durham, NC Hit With Ryuk Ransomware

Another city—Durham, North Carolina—has become the victim of a ransomware attack stemming from a Russian hacker group following a successful phishing scheme. After falling victim to the ransomware attack last weekend, the city shut down its network, including disabling access to the network by the Durham Police Department, the Sheriff’s Office and the communications center. … Continue Reading

Ransomware Attacks Predicted to Occur Every 11 Seconds in 2021 with a Cost of $20 Billion

Confirming what we are seeing in the field, cybersecurity firm Cybersecurity Ventures has predicted that, globally, businesses in 2021 will fall victim to a ransomware attack every 11 seconds, down from every 14 seconds in 2019. That figure is based on historical cybercrime figures. It is estimated that the cost of ransomware to businesses will … Continue Reading

Ransomware—to Pay or Not to Pay and Should We Get a Bitcoin Wallet Just in Case?

There’s nothing worse than paying criminals. And paying a ransom for data is just that—paying criminals for a criminal act. All you get out of the payment is access to your data. It doesn’t fix the vulnerability or the root problem. Let the record reflect that the FBI does not recommend paying ransoms to cyber … Continue Reading

States and Municipalities on High Alert for Iranian Originated Cyber-Attacks

The Department of Homeland Security (DHS) is warning critical infrastructure operators to be on high alert for Iranian backed cyber-attacks because of the vulnerability of state and municipal computer systems, they are at high risk for attack from Iranian-based hackers. We have seen states and municipalities get hammered with ransomware in the past year. Now … Continue Reading

LifeLabs Pays Ransom to Retrieve Patient Data

It is being reported that LifeLabs, a Canadian lab company that is the largest provider of laboratory diagnostics and lab testing services in Canada, recently paid an undisclosed ransom to hackers who compromised its computer system that housed patient lab data. The hackers apparently compromised the system, exfiltrated data and demanded that the company pay … Continue Reading

British Member of “The Dark Overlord” Hacking Organization Extradited to Face Conspiracy and Identify Theft Charges in the United States

Beginning in 2016, the computer hacking organization known as “The Dark Overlord,” began to target victims in the St. Louis, Missouri area, including various health care providers, several accounting firms, and a medical records company.  By remotely accessing these victims’ computer networks without authorization, The Dark Overlord was able to obtain sensitive records and information, … Continue Reading

Privacy Tip #217 – Law Enforcement Warns of Juice-Jacking Scam

If, like me, you travel a lot, listen up—the Los Angeles District Attorney’s Office has issued an advisory as part of its fraud education campaign warning travelers not to use free USB charging stations offered in airports, hotels and other public places.  According to the warning, “juice jacking” occurs when hackers have loaded malware into … Continue Reading

Introducing the New York SHIELD Act

The New York “Stop Hacks and Improve Electronic Data Security Act” (SHIELD Act), N.Y. Gen Bus. Law§ 899-bb, requires businesses that collect private information on New York residents to implement reasonable cybersecurity safeguards to protect that information. While this is a new law in the State of New York, it is simply joining other states, … Continue Reading

Click2Gov Portal Compromised in Eight Cities

Many cities in the United States utilize a self-pay portal for residents to pay bills online, known as Click2Gov. Click2Gov was compromised in 2017 and 2018, when hackers were able to access over 300,000 payment cards and reportedly made more than $2 million in the heist. It is being reported this week by security researchers … Continue Reading

Colleges and Universities at Risk for Cyber-Attacks as School Year Starts

It’s a busy time for colleges and universities as the fall semester starts and campuses are bustling with activity. It’s also the perfect time for cyber criminals to create mayhem for institutions of higher education with a cyber-attack. That is exactly what happened to Regis University in Denver, Colorado. The university had to shut down … Continue Reading

Florida Municipalities Getting Hammered with Ransomware

Security researchers have warned municipalities repeatedly about how they are being targeted with ransomware, that they are at high risk, and the need to make data security a high priority. Municipalities are unfortunately only taking heed now that recent ransomware campaigns are in the news and bringing some municipalities to their knees [view related posts … Continue Reading

Hackers Indicted for Involvement in 2015 Anthem Data Breach

Earlier this month, a federal grand jury returned an indictment charging a Chinese national and another individual as part of an extremely sophisticated hacking group operating in China that targeted large businesses in the United States, including health insurer Anthem. The indictment stemmed from an investigation by the FBI in which Anthem cooperated, earning praise … Continue Reading

Privacy Tip #191 – Trying to Protect Your Medical Information—Let’s Ask Questions About Data Security

In the top three of the list of highly sensitive personal data to be concerned about is our medical information. It’s so sensitive because it is so personal. It used to be that our medical information was located in paper charts at our doctor’s office, the hospital, the pharmacy and our health insurer. Now it’s … Continue Reading

The WhatsApp Hack – Practice Good Phone Hygiene and Update Your Apps

WhatsApp, the popular instant messaging app announced a hack and the exposure of a security flaw this week. The flaw injected malware onto users’ phones, potentially exposing their otherwise encrypted data and messages. WhatsApp allows users to instant message and make phone calls throughout the world. The app features described on its website include simple, … Continue Reading

Closing The Door Behind Your MFA Implementation

I came across an article last week that indicated there was a successful attack on Microsoft’s Office 365 and Google’s G Suite environments that was able to bypass multi-factor authentication (MFA). However, after reading the article it was immediately clear the attack leveraged an old protocol, IMAP (Internet Message Access Protocol), which does not support … Continue Reading

Fortnite Players Sue for Alleged Exposure of Payment Information for Vbucks

Players of the popular Fortnite video game have filed a proposed class action suit against the video game’s owner, Epic Games Inc. (“Epic”) alleging that Epic failed to protect players’ accounts, allowing hackers access to their payment details in a 2018 data breach. According to the suit, the players gave Epic their payment information in … Continue Reading

2.6 Million Atrium Health Patient Records Compromised by Vendor AccuDoc

Atrium Health and its vendor, AccuDoc Solutions, released a joint announcement this week that AccuDoc’s database of 2.6 million billing records of Atrium Health’s patients has been compromised by a hacking incident. The information contained in the database included patient names, addresses, dates of birth, health insurance information, account balances, dates of service and some … Continue Reading

Office 365 Migration

Many companies are migrating their email systems to Microsoft Office 365 (O365). The majority of security incidents in which we have been engaged in over the past six months involve a hacker successfully phishing an employee of the company (most of the time someone who is an executive in the company) and then spoofing the … Continue Reading
LexBlog