December 11, 2019
You can read in all the Czech media today that the Benesov hospital has collapsed and all devices are offline. The network was harmed during the night by a cryptovirus that made all laboratory instruments inoperative.
This attack was preceded by an huge increase in cryptovirus activity in e-mails. We have seen 300% increase during night. An email campaign consisted of variety of false orders and invoices in English. Similar activity is recorded almost permanently, but not in such a high degree.
Common subjects from this campaign are:
The campaign is very effective and bypasses common spam filters, because attackers do not use botnets (networks of infected computers), but actual user email accounts.
If user uses a weak password or the same password in another compromised service, the attackers is able to log in and send dangerous email messages from mailbox. Unfortunately, the entire databases of email login credentials can be easily purchased online.
The e-mail sent in this way comes with a valid SPF record, sometimes even with a valid DKIM. This means that from the spam filter's point of view, it is a message with all the essentials that reaches the victim's mailbox.
Unfortunately, our long-term experience suggests that the state of IT in some organizations that fall under critical infrastructure is deplorable in terms of security. We notice long-term lack of funding, non-conceptual management and personal need. The infrastructure is then not ready to resist these threats.
E-mail filtering in organizations is beaing boycott by users or management. They argue that they would rather weaken filtering to deliver all emails - including spam. This is as flawed as deliberately reducing the quality of your antivirus solution so that it doesn't accidentally bother users.
As our exposure to digital networks grows and the Internet of Things (IoT) expands to encompass more and more items in our everyday lives,...
In recent years, the threat to digital healthcare systems has grown significantly. It is not isolated to a particular geographical region...
The education sector is one of the most common targets of cybercrime and, despite having been involved in numerous high-profile attacks, it...