Light Dark
September 23, 2019 By David Bisson 3 min read

Last week in security news, researchers revealed that millions of medical images and other personal health data were publicly viewable on the web. Security analysts disclosed their research on a threat actor’s efforts to update its attack infrastructure, exploits and cryptomining payloads, and others revealed how a threat group had targeted IT providers in Saudi Arabia in probable supply chain attacks. Finally, researchers found a rootkit capability in a Linux malware family and spotted a new family of ransomware targeting businesses via exposed Remote Desktop Services (RDS).

Top Story of the Week: 5 Million Exposed Medical Images

ProPublica found images of MRI, CT and X-Ray scans for at least 5 million U.S. patients — and even more worldwide — stored on unsecured servers. Many of these servers lacked even basic password protections at the time of discovery, making it easy for anyone to view the more than 16 million images over the public web.

In its investigation, ProPublica found no evidence that anyone had copied the images and/or published them elsewhere. Still, investigators found it was hard to assign blame for the server exposures.

Source: iStock

Also in Security News

  • TFlower Ransomware Targets Businesses via Exposed RDS: First discovered in August 2019, TFlower ramped up its activity in September 2019 when attackers began abusing exposed RDS to hack into network-connected machines. This initial intrusion enabled bad actors to infect the local machine, reported Bleeping Computer, or spread the ransomware to other IT assets by moving throughout the network.
  • Emotet Springs Back to Life: Security researcher Raashid Bhat spotted a malspam campaign targeting Polish- and German-speaking users with Emotet. This marked the first time that anyone in the security community had spotted a new attack campaign involving the malware family in close to four months.
  • Panda Continues to Update Infrastructure, Exploits on the Fly: Since July 2018, Cisco Talos has been tracking a threat actor named Panda that uses remote access tools (RATs) and cryptomining malware to generate Monero cryptocurrency. Researchers have observed the actor update its activities upon numerous occasions; most recently, it began exploiting a new WebLogic flaw and changed its command-and-control (C&C) infrastructure.
  • Malware Dropper Masquerading as a Virtual Currency Wallet: Avast spotted a malware dropper, dubbed WiryJMPer, masquerading as a wallet called ABBC Coin. Using this disguise, the malware displayed the ABBC Coin wallet’s window while it downloaded threats such as the Netwire RAT in the background.
  • Linux Malware Uses Rootkit Functions to Evade Detection: Trend Micro disclosed that it observed a new family of Linux malware called Skidmap. This threat used LKM rootkits to overwrite or modify parts of kernel, thereby making it easier for the threat to evade detection and remain persistent.
  • Astaroth Trojan Found Leveraging YouTube and Facebook Profiles: In a phishing campaign spotted by Cofense, emails used one of three lures — an invoice, a show ticket or a civil lawsuit notice theme — to trick users into opening an .htm file that, in turn, downloaded a sample of the Astaroth Trojan. This malware used YouTube and Facebook profiles to host and maintain configuration data for its command-and-control (C&C) infrastructure.
  • Attack Group Targeting IT Providers in Saudi Arabia: Symantec discovered a previously undocumented attack group dubbed Tortoiseshell using custom and off-the-shelf malware to target IT providers in Saudi Arabia. At the time of publication, the security firm had identified 11 organizations that the group had targeted; at two of those organizations, bad actors had managed to obtain admin-level access.
  • New Remote-Access Trojan Conceals Itself to Steal Personal Data: Researchers at Zscaler detected a new remote-access Trojan (RAT) named InnfiRAT checking for sandbox environments and concealing itself as an easily overlooked system process to hide on an infected machine. This technique gave the malware the perfect cover to steal victims’ credentials, especially those pertaining to their cryptocurrency wallets.

Security Tip of the Week: Boost Your Organization’s Malware Defenses

The stories discussed above highlight the need for organizations to defend themselves against increasingly sophisticated strains of malware. They can do so by creating security awareness training programs that teach digital security hygiene to all employees. Companies should also develop a comprehensive vulnerability management plan through which they can identify, prioritize and remediate known vulnerabilities affecting key business assets.

Learn more about vulnerability management on the SecurityIntelligence podcast

 |  |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

May 1, 2024

New proposed federal data privacy law suggests big changes

3 min read - After years of work and unsuccessful attempts at legislation, a draft of a federal data privacy law was recently released. The United States House Committee on Energy and Commerce released the American Privacy Rights Act on April 7, 2024. Several issues stood in the way of passing legislation in the past, such as whether states could issue tougher rules and if individuals could sue companies for privacy violations. With the American Privacy Rights Act of 2024, the U.S. government established…

April 30, 2024

AI cybersecurity solutions detect ransomware in under 60 seconds

2 min read - Worried about ransomware? If so, it’s not surprising. According to the World Economic Forum, for large cyber losses (€1 million+), the number of cases in which data is exfiltrated is increasing, doubling from 40% in 2019 to almost 80% in 2022. And more recent activity is tracking even higher.Meanwhile, other dangers are appearing on the horizon. For example, the 2024 IBM X-Force Threat Intelligence Index states that threat group investment is increasingly focused on generative AI attack tools.Criminals have been…

April 29, 2024

The major hardware flaw in Apple M-series chips

3 min read - The “need for speed” is having a negative impact on many Mac users right now. The Apple M-series chips, which are designed to deliver more consistent and faster performance than the Intel processors used in the past, have a vulnerability that can expose cryptographic keys, leading an attacker to reveal encrypted data. This critical security flaw, known as GoFetch, exploits a vulnerability found in the M-chips data memory-dependent prefetcher (DMP). DMP’s benefits and vulnerabilities DMP predicts memory addresses that the…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature