American Dental Association hit by ‘cybersecurity incident’ • The Register

In short The Black Basta criminal gang claimed to have infected the American Dental Association with ransomware.

Although the trade association has confirmed The register if he was the victim of a “cybersecurity incident” on or around April 21, he did not disclose the nature of the attack.

As of Friday last week, the organization is “currently carrying out an ongoing, active and vigorous investigation into the nature and extent of the technical difficulties in cooperation with federal authorities,” we are told. “The ADA acknowledges that unsubstantiated reports are being disseminated by organizations unrelated to this investigation.”

In a previous email sent to a member and shared with The register, the ADA said the attack disrupted some of its email, phone and chat systems. We note that the ADA website suggests people contact a gmail.com address if they have questions, indicating the extent of the cyber assault.

The association also notified federal law enforcement and hired third-party security specialists “to investigate the impact to ADA systems and restore full system functionality,” the email said. “At this time, there is no indication that any member information or other data has been compromised, but our investigation is still ongoing.”

The Malware Hunter Team tweeted that Black Basta, a new ransomware gang, was behind the attack and showed a screenshot in which the crooks claimed to have leaked 30% of the data stolen in the attack.

The same group of disbelievers also claimed responsibility for a hit against German wind turbine company Deutsche Windtechnik, which was hit by a cyberattack in April. This business did not say if it was a ransomware attack.

Due to the emergence of the criminal gang and its preference for double extortion ransomware techniques, some security researchers have suggested that it might be a rebrand of the Conti gang.

“Leak site looks way too much like Conti’s”, Malware Hunter Team tweeted. “The payment site is also similar. The way their support people talk is also basically the same.”

But whether or not it’s the notorious criminal gang under a new moniker, it’s a good reminder to stay on your toes, said Neil Jones, director of cybersecurity evangelism at the security and safety firm. Egnyte compliance.

“The emergence of the Black Basta ransomware gang reminds us that new cyberattack organizations can be created and disbanded quickly, so organizations of all sizes must remain vigilant for potential attacks,” he said. The register.

An American university victim of a ransomware

Austin Peay State University canceled exams on Friday after ransomware hit the Tennessee school.

In a series of tweets on Wednesday, the university confirmed the outbreak. “We are under a Ransomeware attack (sic)”, according to a Tweeter. “If your computer is connected to the APSU network, please disconnect IMMEDIATELY.”

A suite Warning shouted, “THIS IS NOT A TEST. SHUT DOWN ALL COMPUTERS NOW!”

Brett Callow, threat analyst at Emsisoft, Noted that Austin Peay State University is the 12th US college or university to suffer a ransomware attack so far this year. Data was stolen from at least 10 of them, he added.

This follows a record year for miscreants in 2021 who attacked a total of 26 colleges and universities with ransomware.

CISA! faucets! ancient! yahoo! executive!

Former Yahoo! and Twitter cybersecurity chief Bob Lord will join CISA as a senior technical advisor in the US agency’s cybersecurity division.

Lord also served as the Democratic National Committee’s first security chief. He joined the DNC in 2018 where he worked to clean up campaign security after the 2016 mess in which Russian state-sponsored cybercriminals infiltrated the DNC and Hillary Clinton’s presidential campaign.

Previously it was Yahoo!and Twitter’s Chief Information Security Officer and CISO-in-Residence at security analytics firm Rapid 7. Prior to that, he led Twitter’s information security program as its first security employee.

“Bob’s decades of experience and unparalleled expertise will be a major asset as we further strengthen our community partnerships, expand joint collaboration on cyber defense and continue our work as a national cyber defense agency to make us more resilient. “said CISA Director Jen Easterly. in a report.

Does this email seem suspicious to you?

According to the latest research from IBM Security, phishing still works wonders for cybercriminals looking to break into an organization.

The IT giant’s experts, in their 2022 X-Force Threat Intelligence Index, found phishing to be the most common entry point for scammers. And then, once they get in, they usually launch a bigger attack, like ransomware.

The Index study found that phishing was used in 41% of attacks Big Blue’s security team remediated in 2021, which was a 33% increase from the previous year.

IBM’s X-Force team also found the manufacturing industry to be the most targeted sector for cyberattacks in 2021 based on their experience. It is the first time in five years that the manufacturing industry has overtaken finance and insurance, according to the report.

“Manufacturers have a low tolerance for downtime, and ransomware actors are capitalizing on operational stressors exacerbated by the pandemic,” he said.

For the report, IBM security researchers analyzed “billions” of data points, including network and endpoint detection devices, incident response engagements, and domain name tracking collected. from January to December 2021.

Looking ahead to 2022, the X-Force team expects to see more miscreants turn to voice phishing, or vishing, as these are even more successful than just email.

While the click-through rate, on average, for a targeted phishing campaign was 17.8%, according to the report, a phishing campaign that added a voice call was three times more effective. These vishing attacks ended up “recovering a click from 53.2% of victims”.

CrowdStrike takes a CNAPP

CrowdStrike has combined its cloud security posture management and cloud workload protection modules through a business dashboard, so it can now boast a CNAPP.

CNAPP, which stands for Cloud Native Application Protection Platform, is essentially what we used to simply call cloud security. But the industry and its analysts love a new buzzword, and CNAPP is the latest favorite.

The new centralized console will help customers prioritize top security issues, address runtime threats and make cloud threat hunting easier, the security vendor claims.

It also added new features in the update, including an automated remediation workflow for Amazon Web Services, Identity Access Analyzer for Microsoft Azure (in addition to existing capability for AWS), and custom indicators bad configurations for Google Cloud. This tool, which helps security teams identify cloud misconfigurations, already supports AWS and Azure.

Container capacities have also been updated; it can now maintain an up-to-date inventory as containers are deployed and decommissioned. Additionally, it analyzes malicious images to help identify and stop containers launched as privileged or writable, which can be used as entry points for attacks.

Finally, it can discover new binaries that are created or modified at runtime to better protect the immutability of the container, or at least the promises go away. ®

Andrew B. Reiter