Skip to main content
Category

Cyber Attacks

evolvemga
In Cyber Attacks

Hackers stole $400 million from cryptocurrency exchange Coincheck

Evolve | Hackers stole $400 million from cryptocurrency exchange Coincheck

There has already been a large number of high profile security breaches in 2018, but the recent cyber attack on Coincheck, one of the largest Japanese cryptocurrency exchanges, resulted in over $400 million worth of NEM coins (a popular cryptocurrency) stolen from their platform and transferred to an illicit hacker account.

Since the attack, Coincheck has stopped all deposits and withdrawals from their platform, which will most likely result in a HUGE business interruption and reputational harm financial loss. Additionally, Coincheck hired a forensic investigation team to track the location of where the NEM coins were sent and recently reported that they are evaluating different options to pay back the $400 million that was stolen from their customers.

EvolveMGA’s cyber risk insurance (or hacker insurance) covers policyholders in the event their cloud data is hacked, lost, or stolen. Contact us!

If you’d like to read more about this most recent cryptocurrency data breach, click here.

evolvemga
In Cyber Attacks

Malicious Malware is Targeting Universities and Government Agencies

Evolve | Malicious Malware is Targeting Universities and Government Agencies

A new, sophisticated, cyber virus has been discovered that has been targeting large entities with its malicious malware. Security researchers have been able to track this malware and found that it has targeted five universities, 23 private companies, and several government agencies.

Comodo Threat Research Labs are credited with exposing this malware, which according to the researchers, the developers behind the malware camouflaged their malicious payload in several layers. Rather than deploying the malware through the usual email attachments, the hackers tried to build a “complicated chain to bypass technical security means and deceive human vigilance”.

These types of phishing emails are designed to fool individuals into clicking on a link from a what’s thought to be a trusted email address. In this specific case, the hackers sent out emails from FedEx that includes a message telling the user that they have a package that cannot be delivered so they need to click on a link to download and print out an attached label that needs to be submitted in order to receive their mail.

Once downloaded, this sophisticated malware deciphers the infected computers operating system, infiltrates applications, and goes to work by stealing private data (targeting the user’s login credentials via web browser activity, messenger apps, and email).

It’s important for businesses to stay ahead of these cyber attacks by educating employees, who are typically the first line of defense for their organizations. As malware attacks like these get smarter and more difficult to detect, end-users need to pay attention to the source of attachments they are clicking and downloading.

Evolve MGA’s cyber risk insurance (or hacker insurance) covers policyholders in the event their cloud data is hacked, lost, or stolen. Contact us about buying a policy before an event happens to your business.

To read more about this new-sophisticated malware, click here.

evolvemga
In Cyber Attacks

Anyone Interested in Playing Hide and Seek? This New Botnet does…

Evolve | Hide and Seek | New Botnet

Anyone interested in playing hide and seek? A newly discovered botnet appeared earlier this month that is using peer-to-peer communication tactics to target and infect mobile devices. Hide and Seek (HNS) received its name after it appeared on January 10th only to disappear soon after and then reappear as a newly designed and more improved Trojan virus. Botnets like Hide and Seek, typically are used by cyber criminals to breach the security of several users’ computers, take control of each computer, and organize all of the infected machines into a network of bots that hackers can remotely manage.

According to Bitdefender, “the HNS botnet communicates in a complex and decentralized manner and uses multiple anti-tampering techniques to prevent a third party from hijacking/poisoning it,” which since its reemergence, has infected over 20,000 devices. Additionally, once a device is infiltrated, HNS has the ability to exfiltrate data, execute code, and interfere with the device’s operations.

Since the reemergence, the malware has been spreading from device to device using a worm-like mechanism to generate IP addresses that are associated with the infected device, and then it attacks the associated devices keylogging tactic. Fortunately, researchers have been able to figure that if a device is affected by Hide and Seek, a simple reboot of the device will remove the malware from the device.

Although HNS appears to be a standard DDoS attack on surface, further digging into this Trojan virus indicates that its potential is far greater than what has been typically seen by this style of attack.

Evolve MGA’s cyber risk insurance (or hacker insurance) covers policyholders in the event their cloud data is hacked, lost, or stolen. Contact us about buying a policy before an event happens to your business.

To read more about Hide and Seek, check out IBT.

evolvemga
In Cyber Attacks

Allscripts Ransomware Attack a Reminder of Cloud Risks

Evolve | Allscripts Ransomware attack

Allscripts, a cloud based software company specializing in healthcare, was hit with a #ransomware attack, called #SamSam, late last week.

Allscripts has yet to release a detailed statement regarding the extent of the breach, but did announce that the #cyberattackaffected only a “limited number” of applications, which may contain Electronic Health Records (#EHR). Their services are used by 45,000 physician practices, 180,000 physicians, 2,500 hospitals, and 40,000 in-home clinicians.

It is extremely important to note that once the extent of the breach is released, the hospitals and/or physician practices can be held liable for all of the lost data consequences. The cloud industry’s standard contractual practice is to be held harmless of any liability once data is lost or stolen. In addition, state legislation will often deem the original business responsible for collecting the data as the “data owner,” even if that data has been lost or stolen, once outsourced to a 3rd party (aka the cloud provider).

We can expect a post breach strategy to include the following: data breach attorneys, computer forensic experts, and PR consultants, all billing at an hourly rate. Depending on their findings, notification and credit monitoring costs could follow. Lastly, if medical records were exposed, then a complete security risk assessment may be conducted by the Office of Civil Rights (#OCR) under the federal #HIPAA legislation.

Evolve MGA‘s cyber policy protects businesses in the event they experience a similar hack attack. Contact us!

Check out Data Breach Today to read more about this cyber attack.

evolvemga
In Cyber Attacks

Ghost Team Malware is Used to Steal Facebook Passwords

Evolve | Ghost Team Malware is Used to Steal Facebook Passwords

Security researchers have recently discovered malware, dubbed Ghost Team, in 56 mobile applications in the #GooglePlay Store that, once downloaded, steal your Facebook login credentials and aggressively spam users with pop ups.

According to the report, the apps themselves do not contain malware, but once installed, it first confirms if the device is not an emulator or a virtual environment and then accordingly downloads the malware payload, which prompts the victim to approve device administrator permissions to gain persistence on the device.

Once a user logs into Facebook, the app prompts the user to reverify their credentials, which is when the #phishing attack occurs and the hacker group gains access to the user’s credentials.

It’s important to note the likelihood that individuals are using the same passwords for #Facebook as they are for their emails, bank accounts, and business accounts. If hackers get ahold of your FB credentials, what else from your personal life or professional life will they also have access to? #hackerinsurance

Evolve MGA cyber risk insurance covers policyholders in the event their cloud data is hacked, lost, or stolen. Contact us about buying a policy before an event happens to your business.

If you’d like to read more from The Hacker News, click here.

evolvemga
In Cyber Attacks

Oklahoma State University Breach Impacts Nearly 280k Medicaid Patients

Evolve | Oklahoma State University Breach Impacts Nearly 280k Medicaid Patients

The Oklahoma State University Health Sciences Center reported a devastating cyber attack this past week that they recently discovered. According to school officials, on November 7th, third-party hackers infiltrated the network server and gained access to confidential folders that provided medicaid billing information of roughly 280,000 patients.

This hack attack resulted in the hospital having to address the data breach to the press, as well as all of the patients who were effected. Additionally, the hospital hired a forensic investigating firm to help gain insights into how the unauthorized individual or group were able to access and expose the sensitive folders.

Due to the magnitude of this breach, the hospital most likely has taken a HUGE business interruption and reputational harm financial loss. It’s important to note that if this hospital had a strong cyber policy, they would have been able to mitigate lost profits and lost customers. #hackerinsurance

Evolve MGA’s cyber liability insurance policy protects businesses in the event they experience a similar hack attack. Contact us if you want us to reach out to provide information about how you can sell our industry leading cyber policy.

evolvemga
In Cyber Attacks

Cyber attack knocks Jones Memorial Hospital offline for a week

Evolve | New York Hospital Cyber Attack

University of Rochester’s Jones Memorial Hospital experienced a daunting cyber attack on Dec. 28th that has left the hospital operating at downtime standards since the event.

The hospital has reported that although they are experiencing difficulty accessing their data systems, they don’t believe any medical or financial data was compromised during the cyber attack.  Although it wasn’t publicized, the hospital most likely has taken a HUGE business interruption and reputational harm financial loss. It’s important to note that if this hospital had a strong cyber policy, they would have been able to mitigate lost profits and lost customers. #hackerinsurance

Evolve MGA‘s cyber policy protects businesses in the event they experience a similar hack attack. Comment or LIKE if you want us to reach out to provide information about how you can sell our industry leading cyber policy.

evolvemga
In Cyber Attacks

FruitFly Writer Allegedly Spied on Computers for 13 Years

For 13 years, a #hacker has been spying on thousands of people’s activity on their Apple computers using a #malicioussoftware called FruitFly. Phillip R. Durachinsky, 28, of North Royalton, Ohio was indicted and charged with 16 counts in federal court, including violating the Computer Fraud and Abuse Act, plus wire fraud, aggravated identity theft, illegal wiretapping and child pornography.

Durachinsky’s FruitFly software was described as a swiss army knife of #malware that probably used some style of #keylogging attack to spy on his victims.  Although it’s not entirely clear what Durachinsky’s motives were by launching FruitFly, the article states that the defendant used his access to collect and save personal data from #Fruitfly victims including tax records, medical records, photographs, internet searches performed, banking records and potentially embarrassing communications and data In addition to accessing unauthorized personal computers, he also had access to the Department of Energy, a police department in Ohio, multiple schools, and other businesses worldwide.

Evolve MGA cyber policy covers policyholders in the event their cloud data is hacked, lost, or stolen. Contact us about buying a policy before an event happens to your business.

evolvemga
In Cyber Attacks

Carphone Warehouse Breach: ‘Striking’ Failures Trigger Fine

Evolve | Carphone Warehouse Breach

Britain’s biggest cyber watchdog laid down the law on mega retailer, The Carphone Warehouse, after they neglected to update a WordPress installation on one of its websites, which resulted in unauthorized access to the personal data of 3.3 million customers and 1,000 employees. Additionally, the U.K. Commissioners Office reported that the compromised customer data included names, addresses, phone numbers, birthdates, marital status and – for more than 18,000 customers – historical payment card data.

Carphone Warehouse employees, meanwhile, saw their name, phone numbers, and car registration numbers get exposed. Carphone Warehouse was slapped with a $675,000 fine for their cyber security negligence and for putting their customer and employee data at risk. Although it wasn’t noted, it’s likely Carphone Warehouse paid out additional fees to investigate this cyber attack and protect their data post-breach.

Evolve MGA cyber policy covers policyholders in the event their cloud data is hacked, lost, or stolen. Contact us about buying a policy before an event happens to your business.

Click here to read more of this article.

evolvemga
In Cyber Attacks

Phishing Exposed Medicaid Details for 30,000 Floridians

Evolve | Phishing Exposed Medicaid Details for 30,000 Floridians

Fishing is a year round activity in the state of Florida, but unfortunately a “phishing” attack on a government employee potentially exposed 30,000 medicaid recipients in Florida this past week. Phishing attacks target individuals via email in the attempt to steal personal information, like credit card numbers, social security numbers, and in this case, account numbers and passwords.

Post breach, the following experts are involved: data breach attorneys, computer forensic experts, and PR consultants, all billing at an hourly rate. Depending on their findings, notification and credit monitoring costs could follow. Lastly, if medical records were exposed, then a complete security risk assessment may be conducted by the OCR under the HIPAA legislation.

Evolve MGA cyber policy covers policyholders in the event their cloud data is hacked, lost, or stolen. Contact us about buying a policy before an event happens to your business.

If you’d like to read more of this article, click here.

Close Menu