Light Dark
September 23, 2019 By David Bisson 3 min read

Last week in security news, researchers revealed that millions of medical images and other personal health data were publicly viewable on the web. Security analysts disclosed their research on a threat actor’s efforts to update its attack infrastructure, exploits and cryptomining payloads, and others revealed how a threat group had targeted IT providers in Saudi Arabia in probable supply chain attacks. Finally, researchers found a rootkit capability in a Linux malware family and spotted a new family of ransomware targeting businesses via exposed Remote Desktop Services (RDS).

Top Story of the Week: 5 Million Exposed Medical Images

ProPublica found images of MRI, CT and X-Ray scans for at least 5 million U.S. patients — and even more worldwide — stored on unsecured servers. Many of these servers lacked even basic password protections at the time of discovery, making it easy for anyone to view the more than 16 million images over the public web.

In its investigation, ProPublica found no evidence that anyone had copied the images and/or published them elsewhere. Still, investigators found it was hard to assign blame for the server exposures.

Source: iStock

Also in Security News

  • TFlower Ransomware Targets Businesses via Exposed RDS: First discovered in August 2019, TFlower ramped up its activity in September 2019 when attackers began abusing exposed RDS to hack into network-connected machines. This initial intrusion enabled bad actors to infect the local machine, reported Bleeping Computer, or spread the ransomware to other IT assets by moving throughout the network.
  • Emotet Springs Back to Life: Security researcher Raashid Bhat spotted a malspam campaign targeting Polish- and German-speaking users with Emotet. This marked the first time that anyone in the security community had spotted a new attack campaign involving the malware family in close to four months.
  • Panda Continues to Update Infrastructure, Exploits on the Fly: Since July 2018, Cisco Talos has been tracking a threat actor named Panda that uses remote access tools (RATs) and cryptomining malware to generate Monero cryptocurrency. Researchers have observed the actor update its activities upon numerous occasions; most recently, it began exploiting a new WebLogic flaw and changed its command-and-control (C&C) infrastructure.
  • Malware Dropper Masquerading as a Virtual Currency Wallet: Avast spotted a malware dropper, dubbed WiryJMPer, masquerading as a wallet called ABBC Coin. Using this disguise, the malware displayed the ABBC Coin wallet’s window while it downloaded threats such as the Netwire RAT in the background.
  • Linux Malware Uses Rootkit Functions to Evade Detection: Trend Micro disclosed that it observed a new family of Linux malware called Skidmap. This threat used LKM rootkits to overwrite or modify parts of kernel, thereby making it easier for the threat to evade detection and remain persistent.
  • Astaroth Trojan Found Leveraging YouTube and Facebook Profiles: In a phishing campaign spotted by Cofense, emails used one of three lures — an invoice, a show ticket or a civil lawsuit notice theme — to trick users into opening an .htm file that, in turn, downloaded a sample of the Astaroth Trojan. This malware used YouTube and Facebook profiles to host and maintain configuration data for its command-and-control (C&C) infrastructure.
  • Attack Group Targeting IT Providers in Saudi Arabia: Symantec discovered a previously undocumented attack group dubbed Tortoiseshell using custom and off-the-shelf malware to target IT providers in Saudi Arabia. At the time of publication, the security firm had identified 11 organizations that the group had targeted; at two of those organizations, bad actors had managed to obtain admin-level access.
  • New Remote-Access Trojan Conceals Itself to Steal Personal Data: Researchers at Zscaler detected a new remote-access Trojan (RAT) named InnfiRAT checking for sandbox environments and concealing itself as an easily overlooked system process to hide on an infected machine. This technique gave the malware the perfect cover to steal victims’ credentials, especially those pertaining to their cryptocurrency wallets.

Security Tip of the Week: Boost Your Organization’s Malware Defenses

The stories discussed above highlight the need for organizations to defend themselves against increasingly sophisticated strains of malware. They can do so by creating security awareness training programs that teach digital security hygiene to all employees. Companies should also develop a comprehensive vulnerability management plan through which they can identify, prioritize and remediate known vulnerabilities affecting key business assets.

Learn more about vulnerability management on the SecurityIntelligence podcast

 |  |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

December 17, 2024

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

December 16, 2024

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature