Trend Micro: Operators Rebrand “Supplier” Ransomware Before Deployment
Researchers at cybersecurity firm Trend Micro have observed the adoption of a new franchise-based business model by ransomware operators that moves away from the traditional ransomware-as-a-service model. Operators now rebrand a “supplier” ransomware before deployment.

https://www.inforisktoday.co.uk/new-business-model-white-labeling-ransomware-a-17761

Tells 3 Others to Provide Information in Latest Crypto Enforcement Effort
New York State AG Letitia James served cease and desist letters to two cryptocurrency lending platforms that her office says engage in “unregistered and unlawful activities.” Three other platforms were told by the OAG to “immediately provide information about their activities and products.”

https://www.inforisktoday.co.uk/nyag-issues-cease-desist-letters-to-2-crypto-platforms-a-17764

Officials: Threats to Sector Rising In Wake of Recent Hospital Ransomware Attack
Israeli officials say they have fended off a wave of attempted cyberattacks on several hospitals and healthcare entities in recent days, as Hillel Yaffe Medical Center continues to recover from a ransomware attack last week that authorities reportedly suspect was carried out by Chinese hackers.

https://www.inforisktoday.co.uk/more-attempted-cyberattacks-on-israeli-healthcare-entities-a-17762

Lisa Plaggemier of NCSA and Oz Alashe of CybSafe on influencing behavior
To mark Cybersecurity Awareness Month, the National Cyber Security Alliance and U.K. based behavioral science and data analytics company, CybSafe, have released their Annual Cybersecurity Attitudes and Behaviors Report 2021, which uncovers key trends, behaviors and habits among tech users.

https://www.inforisktoday.co.uk/positive-security-inspiring-behavioral-change-at-workplace-a-17759

Matthew Trump of The University of London on Building Effective Response Plans
A spate of ransomware incidents affecting the education sector has led to the loss of student coursework, financial records and data relating to COVID-19 testing. Matthew Trump, senior IT security officer for the University of London, U.K., outlines incident response strategies.

https://www.inforisktoday.co.uk/preparing-for-ransomware-attacks-in-education-sector-a-17760

HHS Says Several Factors Making Healthcare a Favorite Target in U.S., Globally
Ransomware attacks are continuing to threaten the U.S. and global healthcare sectors, in part due to many organizations’ high dependency on legacy systems and lack of security resources, says new analysis by federal officials, which also identified the top ransomware gangs hitting the sector.

https://www.inforisktoday.co.uk/analysis-top-ransomware-gangs-targeting-healthcare-sector-a-17755

Google TAG: Threat Group DPRK Targeted Security Researchers
Social media platform Twitter has suspended two accounts that were being used by members of the DPRK, a North Korean government-backed threat group, according to Adam Weidemann, an analyst with the Google Threat Analysis Group. The accounts allegedly targeted security researchers around the globe.

https://www.inforisktoday.co.uk/twitter-suspends-north-korean-threat-actor-accounts-a-17750

PC and Device Maker Appears to Have Been Targeted by DESORDEN
After being targeted by a ransomware attack in March 2021, Acer, one of the world’s largest PC and device makers, has now suffered two further cyberattacks within a week. DESORDEN threat actors are reported to have claimed responsibility for the attacks.

https://www.inforisktoday.co.uk/acer-taiwan-india-hit-in-2nd-3rd-attacks-2021-a-17754

Media Giant Reports Broadcast Outages Nationwide; Investigation is Ongoing
Sinclair Broadcast Group, Inc., which owns or operates 186 television stations across 87 U.S. markets, has been hit with a ransomware attack that has disrupted operations. The company says the attack has impacted its ability to deliver advertisements and certain programming.

https://www.inforisktoday.co.uk/sinclair-tv-stations-targeted-in-weekend-ransomware-attack-a-17753

Consultancy Discloses Data Leak Tied to Attack For Which LockBit 2.0 Claimed Credit
Accenture says an online attack against it that it first disclosed in August resulted in “the extraction of proprietary information by a third party, some of which was made available to the public by the third party.” The LockBit 2.0 ransomware operation has taken credit for the attack and dumping data.

https://www.inforisktoday.co.uk/accenture-ransomware-attack-breached-proprietary-data-a-17751

Exposed OAuth Tokens Have Since Been Revoked, Mitigating Takeover Threat
A data breach affecting MakerBot’s Thingiverse 3D printing repository website is far bigger than what the company has acknowledged, a former employee claims. Upwards of 2 million users may have been affected by the breach, which left their 3D printers at risk of being hijacked.

https://www.inforisktoday.co.uk/thingiverse-breach-50000-3d-printers-faced-hijacking-risk-a-17749

OAuth Tokens Exposed But Now Have Been Revoked
A former employee of MakerBot says a data breach affecting that company’s Thingiverse 3D printing repository website is far more expansive than what the company is acknowledging. Upwards of two million users may be affected, and 3D printers could have been hijacked.

https://www.inforisktoday.co.uk/thingiverse-breach-50000-3d-printers-could-have-been-hijacked-a-17749

OAuth Tokens Exposed But Now Have Been Revoked
A former employee of MakerBot says a data breach affecting that company’s Thingiverse 3D printing repository website is far more expansive than what the company is acknowledging. Upwards of two million users may be affected, and 3D printers could have been hijacked.

https://www.inforisktoday.co.uk/thingiverse-breach-50000-printers-could-have-been-hijacked-a-17749

New Crypto-Based Guidelines Target Anonymous Money Laundering Activity
The U.S. Department of the Treasury unveiled additional steps to curb the illicit use of cryptocurrencies on Friday, warning enterprises not to engage with sanctioned entities exploiting the financial system - particularly to launder ransomware proceeds.

https://www.inforisktoday.co.uk/treasury-dept-to-crypto-companies-comply-sanctions-a-17744

TA505 APT Group delivers phishing email containing malicious links
Researchers at Morphisec Labs have published fresh details about a new MirrorBlast campaign that they say is run by a Russia-based threat group TA505, targeting financial services organizations. The campaign delivers MirrorBlast via a phishing email that contains malicious links.

https://www.inforisktoday.co.uk/mirrorblast-campaign-targets-finance-sector-using-macros-a-17745

FBI, CISA, EPA & NSA Advisory Says Threats to Critical Infrastructure Rising
U.S. federal agencies issued a joint advisory around potential cyber threats to the nation’s water facilities. They cite “ongoing malicious cyber activity - by both known and unknown actors - targeting the IT and OT technology networks, systems and devices” of U.S. water and wastewater systems.

https://www.inforisktoday.co.uk/us-agencies-to-water-facilities-you-may-be-next-target-a-17741

Government Authorities Issue Advisories Following Hospital Attack
Government authorities in Israel are warning healthcare sector entities in the country of potential cyberattacks after a ransomware attack this week on Hillel Yaffe Medical Center in the city of Hadera. The hospital said it is “using alternative systems” to care for its patients.

https://www.inforisktoday.co.uk/ransomware-attack-on-israeli-medical-center-raises-alarm-a-17740

Discussion Also Addresses the Ransom-Paying Dilemma Faced by Cyber Extortion Victims
In this update, four editors discuss key cybersecurity issues, including addressing the complexity of security, the rising number of victims targeted by double extortion ransomware and the Information Commissioner’s Office’s recent consultation on creating an international data transfer agreement.

https://www.inforisktoday.co.uk/ismg-editors-panel-are-our-systems-too-complex-to-secure-a-17739

Gov. Michael L. Parson Alleges Newspaper Reporter Improperly Accessed Data
A newspaper reporter in Missouri who responsibly reported the exposure of Social Security numbers on a state government website has been accused of malicious hacking by the state’s governor. The governor alleged the publication of the vulnerability after it was fixed was part of a “political vendetta.”

https://www.inforisktoday.co.uk/missouri-refers-coordinated-bug-disclosure-to-prosecutors-a-17737

But Name-and-Shame Attackers Likely Retooling After Spotting Encryption Problems
A free decryptor for BlackByte ransomware has been released by security researchers at Trustwave who cracked the crypto-locking malware’s encryption. But they say that unfortunately, the underlying encryption problem is likely in the process of already being fixed by the malware’s developer.

https://www.inforisktoday.co.uk/blackbyte-free-decryptor-released-for-ransomware-strain-a-17738