CyberCrime - W/E - 12/20/19
Former Siemens Employee Jailed for Inserting Malicious Code into Computers (12/18/2019)
A Pennsylvania resident and former employee of Siemens has been sentenced in federal court to a six-month prison term on his conviction of intentional damage to a protected computer, the Department of Justice (DOJ) announced. According to information presented to the court, from in and around 2014 and continuing until on or about May 13, 2016, David Tinley intentionally inserted logic bombs into computer programs that he designed for Siemens. Logic bombs are pieces of code that, when certain conditions are met, trigger malicious activity.
A Pennsylvania resident and former employee of Siemens has been sentenced in federal court to a six-month prison term on his conviction of intentional damage to a protected computer, the Department of Justice (DOJ) announced. According to information presented to the court, from in and around 2014 and continuing until on or about May 13, 2016, David Tinley intentionally inserted logic bombs into computer programs that he designed for Siemens. Logic bombs are pieces of code that, when certain conditions are met, trigger malicious activity.
Momentum Botnet Ramps Up Activities with DoS Attacks (12/16/2019)
Malicious activity targeting the Linux platform has been connected to the Momentum botnet in an effort to compromise devices and perform distributed denial-of-service (DoS) attacks. Momentum targets the Linux platform on various CPU architectures such as ARM, MIPS, Intel, Motorola 68020, and more. The main purpose of this malware is to open a backdoor and accept commands to conduct various types of DoS attacks against a given target. The backdoors being distributed by the Momentum botnet are Mirai, Kaiten, and Bashlite variants. Momentum spreads via exploiting multiple vulnerabilities on various routers and Web services to download and execute shell scripts on the target devices. Trend Micro has published its analysis of Momentum.
Malicious activity targeting the Linux platform has been connected to the Momentum botnet in an effort to compromise devices and perform distributed denial-of-service (DoS) attacks. Momentum targets the Linux platform on various CPU architectures such as ARM, MIPS, Intel, Motorola 68020, and more. The main purpose of this malware is to open a backdoor and accept commands to conduct various types of DoS attacks against a given target. The backdoors being distributed by the Momentum botnet are Mirai, Kaiten, and Bashlite variants. Momentum spreads via exploiting multiple vulnerabilities on various routers and Web services to download and execute shell scripts on the target devices. Trend Micro has published its analysis of Momentum.
NJ's Largest Hospital Pays Undisclosed Fee Following Ransomware Attack (12/16/2019)
Hackensack Meridian Health, a $6 billion USD healthcare provider in Edison, NJ, confirmed to NJ.com that it has paid a ransom following a cyber attack that began on December 2 and crippled its IT systems. NJ's largest hospital network was affected for more than five days and did not initially admit that the incident was the result of a ransomware attack. In a statement on December 13, Hackensack Meridian said, "Due to developments in the investigation, and on advice of national experts, we could not disclose that this was a ransomware attack until now." Although the hospital did not reveal how much it paid to have its systems released, the statement explained that Hackensack Meridian has insurance coverage for such emergencies. Approximately 100 elective surgeries had to be rescheduled but hospital officials said that most disruptions were minimal.
Hackensack Meridian Health, a $6 billion USD healthcare provider in Edison, NJ, confirmed to NJ.com that it has paid a ransom following a cyber attack that began on December 2 and crippled its IT systems. NJ's largest hospital network was affected for more than five days and did not initially admit that the incident was the result of a ransomware attack. In a statement on December 13, Hackensack Meridian said, "Due to developments in the investigation, and on advice of national experts, we could not disclose that this was a ransomware attack until now." Although the hospital did not reveal how much it paid to have its systems released, the statement explained that Hackensack Meridian has insurance coverage for such emergencies. Approximately 100 elective surgeries had to be rescheduled but hospital officials said that most disruptions were minimal.
Visa Investigating POS Malware Attacks at Gas Stations in US (12/16/2019)
Visa is warning that point-of-sale (POS) systems for gas station merchants are being targeted by cybercriminal gangs. Between the December warning and an alert from November, Visa said it has investigated at least five incidents in which gas stations have been impacted. Two of the five attacks have been traced back to the FIN8 threat group that has been active since at least 2016 and often targets POS systems from different merchants to harvest payment card data.
Visa is warning that point-of-sale (POS) systems for gas station merchants are being targeted by cybercriminal gangs. Between the December warning and an alert from November, Visa said it has investigated at least five incidents in which gas stations have been impacted. Two of the five attacks have been traced back to the FIN8 threat group that has been active since at least 2016 and often targets POS systems from different merchants to harvest payment card data.