View Post

SingHealth Breach Targets Confidential Patient Information

In News by Jeff Pelliccio

SingHealth, the largest healthcare group in Singapore was targeted in a cyber attack that resulted in the breach of about 1.5 million patients confidential information. The attack occurred from June 27th 2018 through July 4th 2018, and affected the records of the patients who used SingHealth’s services from May 1st 2015 through July 4th 2018, a period of over 3 …

View Post

Ticketmaster UK Breach Via JavaScript Chat App

In Uncategorized by Jeff Pelliccio

Whether you are online purchasing tickets for a high profile event or using a familiar mobile application of your favorite food vendor, cyberbreaches are hitting closer to home and are becoming a commonplace occurrence. Businesses, especially those who interface with consumers and other third parties, should be keeping a watchful eye on these global security breach headlines so to better understand and …

View Post

KillDisk Attacks SWIFT Bank Network

In Uncategorized by Jeff Pelliccio

The KillDisk wiper attack against Banco de Chile last month appears to be a larger ploy to compromise endpoint servers processing transactions on the SWIFT bank network (a vast messaging network used by financial institutions to send and receive money). Investigators surmise ten million dollars were stolen and funneled off to accounts in Hong Kong. The initial attack was carried out …

View Post

Cobalt Gang Targets Canadian Banks

In News by Jeff Pelliccio

Two Canadian banks, the Bank of Montreal and the Simplii Financial were hit by cyber attacks. The attacks are believed to have been carried about by the Cobalt Gang — an APT-style criminal threat group which primarily carries out attacks leveraging the Cobalt Strike penetration testing framework. The group is said to have strong ties to Carbanak, a similar group …

View Post

SOFACY in Poland

In Uncategorized by Jeff Pelliccio

SOFACY is Russian backed advanced persistent threat group (APT) also known at APT28 / Fancy Bear who has been operating since 2008. Fancy Bear typically targets government, defense, energy, media, and aerospace organizations globally. In the first half of 2018 and latter part of 2017, the group has been particularity active.  Recently Hexcapes observed some samples in the wild targeting …

View Post

Fancy Bear Targets Routers

In News by Jeff Pelliccio

Several weeks ago the Russian backed APT named Fancy Bear / APT28 was suspected of initiating a cyber campaign against small home and office routers around the world. The malware named VPNFilter was spotted in 54 countries especially in the Ukraine prior to the Champions League final. Although Russia has denied involvement, the FBI issued a warning to Internet users …

View Post

VPN Filter: Resurrected

In Uncategorized by Jeff Pelliccio

On Friday June 1st 2018, JASK and GreyNoise Intelligence revealed their security researchers had detected the same threat actor responsible for the VPNFilter botnet attacks. Fancy Bear / APT28  was attempting to resurrect their cyber campaign after being taken down by the FBI by building a new botnet infrastructure to support more VPNFilter attacks.  Although there have been over 54 countries …

View Post

Cyber Attack at 2018 Winter Olympic Games

In News by Jeff Pelliccio

While spectators were getting to their seats to cheer on the athletes of their home country, a cyber attack was being carefully orchestrated. This weekend, 2018 Winter Olympic organizers in Pyeongchang have confirmed that their systems had fallen victim to a cyber attack shortly before opening ceremonies on February 10th 2018. While the details to the source or type of attack are not …