10 replies to this topic

[AplusWebMaster]

FYI...

Anthem ...
- http://www.nytimes.c...-to-others.html
Feb 6, 2015 - "After an online attack on Anthem, by far the largest breach in the industry, security experts warned on Friday that more attacks on health care organizations were likely because of the high value of the data on the black market. Anthem, one of the country’s largest health insurers, said the hackers did not appear to have stolen information about its customers’ medical claims. But medical identification numbers were taken, along with Social Security numbers, addresses and email addresses, which could be used for medical fraud. According to a federal database, many much smaller attacks across the country have included both medical records and financial information. Medical identity theft has become a booming business, according to security experts, who warn that other health care companies are likely to be targeted as a result of the hackers’ success in penetrating Anthem’s computer systems. Hackers often try one company to test their methods before moving on to others, and criminals are becoming increasingly creative in their use of medical information... The publicity surrounding the breach, which exposed information on about 80 million people, is already generating phishing email scams, in which criminals posing as legitimate businesses try to persuade people to sign up for bogus credit protection services and provide personal information about themselves. On Friday, Anthem sent out an alert to its customers warning them of the scam, which the company described as an “opportunistic” attempt to take advantage of news of the breach, but the company emphasized it had no evidence that the scam artists were the hackers. The company, which operates under a series of Blue Cross plans in states like California, Connecticut and New York, is working with federal investigators to determine the source of the attack. Some signs continued to point to China, which has previously been thought to target health care companies, although the investigation is still in its early stages..."

- http://www.anthemfacts.com/faq

- http://www.anthemfacts.com/

- http://www.reuters.c...N0LA24F20150207
Feb 6, 2015 - "Health insurer Anthem Inc on Friday warned U.S. customers about an email -scam- targeting former and current members whose personal information was suspected to have been breached in a massive cyber attack..."
- http://krebsonsecuri...-anthem-breach/
Feb 7, 2015 - "... variations on the -scam- pictured below, which -spoofs- Anthem and offers recipients a free year’s worth of credit monitoring services for those who click the embedded link
Do-not-click or respond to these phishing emails:
> http://krebsonsecuri...anthemphish.jpg
... The company says it will begin sending notifications to affected consumers via snail mail in the coming weeks. In the meantime, if you’re a current or former Anthem member, be aware that these types of -scams- are likely to escalate in the coming days and weeks."
___

- http://krebsonsecuri...-in-april-2014/
Feb 9, 2015
> https://www.virustot...f89e9/analysis/

> http://krebsonsecuri...ert-600x457.png
___

- https://isc.sans.edu...l?storyid=19299
2015-02-06
 

Edited by AplusWebMaster, 10 February 2015 - 02:21 PM.

[AplusWebMaster]

FYI...

Anthem says breach impacted at least 8.8 million non-Anthem customers
- http://www.reuters.c...N0LS2CS20150224
Feb 24, 2015 - "Health insurer Anthem Inc, which earlier this month reported that hackers had breached a patient database, said on Tuesday that between 8.8 million and 18.8 million customers of non-Anthem Blue Cross Blue Shield plans were impacted by the attack. Anthem, the country's second largest health insurer, has found that -78.8- million people in all had their information accessed when hackers broke into its database compared with an initial count of around 80 million, Anthem spokeswoman Kristin Binns said. The balance of that 78.8 million, or 60 million to 70 million people, are Anthem customers. Anthem did not revise the total of how many customers had records that were not just "seen" by the hackers but stolen. Binns said the company still estimates this number in the tens of millions. Anthem runs Blue Cross Blue Shield healthcare plans in 14 states. Other Blue Cross Blue Shield plans in states such as Texas and Florida are run independently. Customers of those plans who sought medical services during the last ten years in the states where Anthem holds the license are potentially included in the database that was breached, Anthem said."

> https://www.anthemfacts.com/

Do NOT give out personal information on the Internet.
 

[AplusWebMaster]

FYI...

Premera Blue Cross -hack- exposes 11M customer records
- http://www.cnet.com/...stomer-records/
March 17, 2015 - "A recently discovered cyberattack on health insurance provider Premera Blue Cross last year may have exposed the medical data and financial information of 11 million customers, the company revealed Tuesday, the latest security breach at a health industry organization.
Hackers gained unauthorized access to customers' personal information, including names, birthdates, Social Security numbers, and claims information during the May 2014 intrusion, said Premera, a health benefits provider in the Pacific Northwest. Other information exposed included bank account information, email addresses and telephone numbers, Premera said. The breach was discovered January 29, just days before Anthem, the No. 2 health insurer in the US, revealed that it was the victim of what may be the largest ever data breach involving a US health insurer. Anthem said the attack on its servers compromised the unencrypted personal information such as names, dates of birth, member IDs, and Social Security numbers for as many as 80 million current and former members and employees. Premera said it is working with the FBI to investigate the attack but said it has not yet determined whether any information was removed from the servers or "used inappropriately." The customer information that may have been compromised dates as far back as 2002, Premera said. It was not immediately clear whether the information exposed in Premera's hack was encrypted. Under the federal Health Insurance Portability and Accountability Act (HIPAA), health insurance companies are not required to encrypt the data stored on their servers. Premera did not immediately respond to a request for comment..."

- http://www.nbcnews.c...ffected-n325231
Mar 17, 2015
- http://www.premeraupdate.com/
 

Edited by AplusWebMaster, 21 March 2015 - 02:37 AM.

[AplusWebMaster]

FYI...

Destructive hack attempts target critical infrastructure in Americas
- http://www.reuters.c...N0MY06Z20150407
Apr 7, 2015 - "Hacking attacks that destroy rather than steal data or that manipulate equipment are far more prevalent than widely believed, according to a survey of critical infrastructure organizations throughout North and South America. The poll by the Organization of American States, to be released on Tuesday, found that 40 percent of respondents had battled attempts to shut down their computer networks, 44 percent had dealt with bids to delete files and 54 percent had encountered “attempts to manipulate” their equipment through a control system. Those figures, provided exclusively to Reuters ahead of the official release, are all the more remarkable because only 60 percent of the 575 respondents said they had detected any attempts to steal data, long considered the predominant hacking goal. By far the best known destructive hacking attack on U.S. soil was the electronic assault last year on Sony Corp's Sony Pictures Entertainment, which wiped data from the Hollywood fixture’s machines and rendered some of its internal networks inoperable... Destruction of data presents little technical challenge compared with penetrating a network, so the infrequency of publicized incidents has often been ascribed to a lack of motive for attackers. Now that hacking tools are being spread more widely, however, more criminals, activists, spies and business rivals are experimenting with such methods... The survey did allow anonymous participants to provide a narrative of key events if they chose, although those will not be published... one story of destruction involved a financial institution. Hackers stole money from accounts and then deleted records to make it difficult to reconstruct which customers were entitled to what funds... In another case, thieves manipulated equipment in order to divert resources from a company in the petroleum industry... Trend Micro which compiled the report for the OAS, vice president Tom Kellerman said additional destructive or physical attacks came from political activists and organized crime groups. “We are facing a clear and present danger where we have non-state actors willing to destroy things,” he said. “This is going to be the year we suffer a catastrophe in the hemisphere, and when you will see kinetic response to a threat actor.” So-called “ransomware,” which encrypts data files and demands payment be sent to remote hackers, could also have been interpreted as destructive, since it often leaves information unrecoverable..."
* https://www.trendmic...rity/index.html
 

[AplusWebMaster]

FYI...

CareerBuilder cyberattack delivers malware ...
- https://www.proofpoi...oot-in-the-Door
Apr 29, 2015 - "... recently detected a clever email-based attack that combines phishing and social engineering techniques in order to trick users into opening a malicious document. In this attack, the actor browses open positions listed on CareerBuilder .com, a popular online job search and recruiting service, and -attaches- resumes to job postings as malicious documents in Microsoft Word format. In this specific case, we observed the actor attach a Word document named “resume.doc,” or “cv.doc”. Delivery: When a resume has been submitted to a listed job opening, the CareerBuilder service automatically generates a notification email to the job poster and attaches the document, which in this case is designed to deliver malware... the probability of the mail being delivered and opened is higher... the attackers here have instead capitalized on the brand and service of a real site: the recipients are likely to read them and open the attachments because not only are they legitimate emails from a reputable service, but these emails are expected and even desired by the recipient:
Phishing email containing malicious attachment:
> https://www.proofpoi...g?itok=ew3S8AM-
In this campaign, Proofpoint detected seemingly indiscriminate, low-volume (less than ten emails) documents targeting of stores, energy companies, broadcast companies, credit unions, and electrical suppliers. The actor appeared to target positions in engineering and finance, such as “business analyst,” “web developer,” and “middleware developer”: the skills listed for these positions can reveal valuable information about the tools and software that is running in the target organization and thus enable the actor to tailor their attack. Malicious Document: Instead of following the recent trend of using macro-based malware of Office document attachments, the attachment is -built- using the Microsoft Word Intruder Service (MWI) and -exploits- a memory corruption vulnerability for Word RTF (such as CVE-2014-1761, CVE-2012-0158, and others). MWI is an underground crime service... that builds CVE-weaponized dropper or downloader documents for any malware. A seller with handle “Object” has been observed offering the service since May 31, 2013 on underground Russian forums for approximately US$2,000 to US$3,000.
Name: resume.doc
SHA-256: d61abd2f4fdb5a4c9e2cb11a2af69ec18627335f7e0e3ddf880d30590292fa6d
Name: cv.doc
SHA-256: 648c7985f833ad4e001ab3d1727a1837df640fd3457c808e0ff0d2e4cf61bfa7
Upon successfully executing the exploit, the attachment opens a connection to a command and control (C2) server in order to download the payload executable... attackers – as part of an overall shift to targeting businesses – adjusted the strategy of their URL-based campaigns to rely on -piggybacking- on web marketing emails (such as newsletters and opt-in marketing) with links to legitimate sites that have been compromised in order to deliver malware to end-users who click-on-the-link in their message. High-volume unsolicited email campaigns instead use attachments more often than URLs to deliver their malware, with a particular emphasis on malicious Office documents. This clever attack demonstrated techniques similar to those now used for URL-based campaigns, but this time to deliver malicious attachments, and exemplifies the practice of piggybacking on legitimate email services and sites in order to trick wary end-users and compromise targeted businesses."

- http://thestack.com/...mployers-010515
May 1, 2015
 

  

Edited by AplusWebMaster, 05 May 2015 - 03:08 PM.

[AplusWebMaster]

FYI...

Carefirst Blue Cross Breach Hits 1.1M
- http://krebsonsecuri...each-hits-1-1m/
May 21, 2015 - "CareFirst BlueCross BlueShield on Wednesday said it had been hit with a data breach that compromised the personal information on approximately 1.1 million customers. There are indications that the same attack methods may have been used in this intrusion as with breaches at Anthem and Premera, incidents that collectively involved data on more than 90 million Americans. According to a statement CareFirst issued Wednesday, attackers gained access to names, birth dates, email addresses and insurance identification numbers. The company said the database did -not- include Social Security or credit card numbers, passwords or medical information. Nevertheless, CareFirst is offering credit monitoring and identity theft protection for two years. Nobody is officially pointing fingers at the parties thought to be responsible for this latest health industry breach, but there are clues implicating the same state-sponsored actors from China thought to be involved in the Anthem and Premera attacks..."
 

  

[AplusWebMaster]

FYI...

Massive cyber attack hits U.S. federal workers; probe focus on China
- http://www.reuters.c...N0YQ2GW20150605
Jun 4, 2015 - "Hackers broke into U.S. government computers, possibly compromising the personal data of 4 million current and former federal employees, and investigators were probing whether the culprits were based in China, U.S. officials said on Thursday. In the latest in a string of intrusions into U.S. agencies' high-tech systems, the Office of Personnel Management suffered what appeared to be one of the largest breaches of information ever on government workers. The office handles employee records and security clearances. A U.S. law enforcement source told Reuters a "foreign entity or government" was believed to be behind the cyber attack. Authorities were looking into a possible Chinese connection, a source close to the matter said. The Federal Bureau of Investigation said it had launched a probe and aimed to bring to account those responsible. OPM detected new malicious activity affecting its information systems in April and the Department of Homeland Security said it concluded at the beginning of May that the agency's data had been compromised and about 4 million workers may have been affected. The agencies involved did not specify exactly what kind of information was accessed. The breach hit OPM's IT systems and its data stored at the Department of the Interior's data center, a shared service center for federal agencies, a DHS official said on condition of anonymity. The official would not comment on whether other agencies' data had been affected. OPM had previously been the victim of another cyber attack, as have various federal government computer systems at the State Department, the U.S. Postal Service and the White House. Chinese hackers were blamed for penetrating OPM's computer networks last year, and hackers appeared to have targeted files on tens of thousands of employees who had applied for top-secret security clearances... The U.S. government has long raised concerns about cyber spying and theft emanating from China and has urged Beijing to do more to curb the problem. The Chinese embassy in Washington did not respond immediately to requests for comment. There was also no comment from the White House. Since the intrusion, OPM said it had implemented additional security precautions for its networks. It said it would notify the 4 million employees and offer credit monitoring and identity theft services to those affected..."

- http://www.opm.gov/n.../announcements/
June 4, 2015

___

China’s Hack of U.S. Data Tied to Health-Care Record Thefts
- http://www.bloomberg...th-care-records
June 5, 2015 - " The disclosure by U.S. officials that Chinese hackers stole records of as many as 4 million government workers is now being linked to the thefts of personal information from health-care companies. Forensic evidence indicates that the group of hackers responsible for the U.S. government breach announced Thursday likely carried out attacks on health-insurance providers Anthem Inc. and Premera Blue Cross that were reported earlier this year, said John Hultquist of iSight Partners Inc., a cyber-intelligence company that works with federal investigators. The thefts are believed to be part of a larger effort by Chinese hackers to get health-care records and other personal information on millions of U.S. government employees and contractors from various sources, including insurers, government agencies and federal contractors, said an American intelligence official, speaking on condition of anonymity. The data could be used to target individuals with access to sensitive information who have financial, marital or other problems and might be subject to bribery, blackmail, entrapment and other traditional espionage tools, the official said..."
 

Edited by AplusWebMaster, 05 June 2015 - 11:48 AM.

[AplusWebMaster]

FYI...

Canada: 'Anonymous' says it cyberattacked federal gov't ...
- http://www.cbc.ca/ne...-c-51-1.3117360
Last Updated: Jun 18, 2015 - "The online hacker group Anonymous has claimed responsibility for a cyberattack on federal government websites, in protest against the recent passing of the government's anti-terror Bill C-51... A number of federal government websites appear to be back online after the brief blackout, including websites for the Senate, the Justice Department and Canada's spy agencies, CSEC and CSIS. However, it's unclear whether the attacks have stopped, as government websites seem to be flashing on and offline intermittently. Public Safety Minister Steven Blaney said at no point was personal information or sensitive government compromised... The government's servers were hit with a denial of service attack, the statement reads..."
 

[AplusWebMaster]

FYI...

Harvard hacked - affects 8 colleges and admins
- https://fortune.com/...rd-data-breach/
July 2, 2015 - "The school discovered a cyberintrusion in June. Last month Harvard University uncovered “an intrusion” on its computer networks, the school disclosed late Wednesday. The discovery, which was made June 19, affects two IT systems that impact eight colleges and administrations, the school says. These include the Faculty of Arts and Sciences, Harvard Divinity School, Radcliffe Institute for Advanced Study, Central Administration, the Graduate School of Design, Harvard Graduate School of Education, Harvard John A. Paulson School of Engineering and Applied Sciences, or Harvard T.H. Chan School of Public Health. Meanwhile, the Harvard Kennedy School as well as Harvard’s business, law, medicine, and dental schools, appear to be unaffected by the breach. Anyone associated with the first four groups listed above should change-the-password to their school network login, the university recommends. People affiliated with the next four groups should instead change-the-password, the school says, to their university email account, a service powered by Microsoft Exchange. Don’t expect that new passcode to last long though. The school notes that it will require a future password refresh as well: “Password changes will be required again at a later time as the University takes further steps to enhance security,” per a letter from Provost Alan Garber* and executive vice president Katie Lapp. Harvard’s administration says it is as yet uncertain about what data has been stolen..."
* http://security.harv...edu/cyber-alert
 

  

Edited by AplusWebMaster, 02 July 2015 - 02:06 PM.

[AplusWebMaster]

FYI...

ICANN - hack of website users’ accounts
- http://www.databreac...users-accounts/
Aug 5, 2015 - "... 'ICANN says its website’s user accounts have been compromised by hackers who gained access to their names, email addresses, hashed passwords, and more. On Wednesday, the domain-name system overlord admitted its server security was breached* within the past week: an “unauthorized person” obtained account records, which included harmless info such as site preferences, and newsletter subscriptions, as well as the usernames and passwords'..."

* https://www.icann.or...t-2015-08-05-en
Aug 5, 2015 - "ICANN has reason to believe that within the last week, usernames/email addresses and encrypted passwords for profile accounts created on the ICANN.org public website were obtained by an unauthorized person. These profile accounts contain user preferences for the website, public bios, interests, newsletter subscriptions, etc. There is no evidence that any profile accounts were accessed or that any internal ICANN systems were accessed without authorization. While investigations are ongoing, the encrypted passwords appear to have been obtained as a result of unauthorized access to an external service provider. These encrypted passwords (hashes) are not easy to reverse, but as a precaution we are requiring that all users reset their passwords. When you next visit our site, please go to the login page and click the forgot password link: https://www.icann.or...rs/password/new- to create your new password.
Most importantly, if you have used the same password on other websites or services, you should change it immediately on those other websites or services. As a general matter, you should avoid reusing passwords across multiple sites.
No operational information, financial data or IANA systems were involved..."
 

 

[AplusWebMaster]

FYI...

Hacks attack forex broker FXCM
- http://www.reuters.c...N0RV53E20151001
Oct 1, 2015 - "FXCM Inc, an online foreign exchange broker, said its systems were hacked and a "small number" of unauthorized -wire- transfers were made from customer accounts. All funds have been returned to the accounts that were compromised, the company said on Thursday. FXCM said it received an email from a hacker claiming to have illegal access to customer information and that it had notified the Federal Bureau of Investigation. An FBI spokeswoman said the bureau was "aware of the incident and is investigating." FXCM said it was working with a cybersecurity firm to determine the scale of the incident and identify affected customers. The company did not say when it was hacked or give any further details on the incident. FXCM did not immediately respond to a request for comment. FXCM is the latest U.S. corporation to become a victim of a cybersecurity attack, adding to a list that includes Target Corp, Apple Inc and JPMorgan Chase & Co..."
___

Hacks attack Experian/T-Mobile user DB
- http://arstechnica.c...len-by-hackers/
Oct 1, 2015 - "Hackers broke into a server and made off with names, driver license numbers, and other personal information belonging to more than 15 million US consumers who applied for cellular service from T-Mobile. The breach was the result of an attack on a database maintained by credit-reporting service Experian, which was contracted to process credit applications for T-Mobile customers, T-Mobile CEO John Legere said in a statement posted online*. The investigation into the hack has yet to be completed, but so far the compromise is known to affect people who applied for T-Mobile service from September 1, 2013 through September 16 of this year. It's at least the -third- data breach to affect Experian disclosed since March 2013..."
* http://www.t-mobile....ata-breach.html
"...We have been notified by Experian, a vendor that processes our credit applications, that they have experienced a data breach. The investigation is ongoing, but what we know right now is that the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for service or device financing from September 1, 2013 through September 16, 2015. These records include information such as name, address and birthdate as well as encrypted fields with Social Security number and ID number (such as driver’s license or passport number), and additional information used in T-Mobile’s own credit assessment. Experian has determined that this encryption may have been compromised. We are working with Experian to take protective steps for all of these consumers as quickly as possible... Anyone concerned that they may have been impacted by Experian’s data breach can sign up for two years of FREE credit monitoring and identity resolution services at http://www.protectmy...ecurityincident. Additionally, Experian issued a press release that you can read here** ..."
** http://www.prnewswir...-300152926.html