September 5, 2017
Senator Introduces Bill to Stop Taxpayers From Paying Protest Costs – Pennsylvania, United States
A Pennsylvania senator introduced legislation last week that would prevent taxpayers from paying the emergency response costs that come from unlawful protest activity. The Commonwealth Response Cost Reimbursement Act was created by Sen. Scott Martin (R-13). The bill would hold individuals convicted of a misdemeanor or a felony stemming from a protest financially responsible for emergency response costs of said protest. The amount of reimbursement would be determined by the court as part of sentencing, or state and local authorities may petition the court for reimbursement of costs after a conviction. Martin said he wants to protect the constitutional rights of citizens, but also the wallets of taxpayers.
Ransomware Attack on Salina Family Healthcare Impacts 77,000 Patients – United States
In June, ransomware was installed on servers and workstations at Salina Family Healthcare in Kansas resulting in the encryption and potential disclosure of patients protected health information. The attack occurred on June 18, 2017. Salina Family Healthcare was able to limit the extent of the attack by taking swift action to secure its systems. It was also possible to restore the encrypted data from recent backups so no ransom needed to be paid. A third-party computer forensics firm was contracted to analyze its systems to determine how the ransomware was installed and whether the attackers succeeded in gaining access to or stealing patient data. While evidence of data theft was not uncovered, the firm was unable to rule out the possibility that the actors behind the attack viewed or copied patient data. The protected health information potentially accessed includes names, addresses, dates of birth, Social Security numbers, medical treatment information, and health insurance details. While data access was possible, no reports have been received to suggest any information has been stolen and misused, although patients should be alert to the possibility of data theft and should monitor their accounts and Explanation of Benefits statements closely for any sign of fraudulent activity. Patients potentially impacted by the attack have now been notified of the security breach and have been offered credit monitoring and identity theft restoration services for 12 months without charge out of an abundance of caution.
Turla Apt Used Whitebear Espionage Tools Against Defense Industry and Embassies – Global
A toolset belonging to the Russian-speaking Turla APT has been publicly disclosed, and along with it details on its capabilities and indicators of compromise. The tools, called WhiteBear, were used to attack defense organizations as recently as June, and diplomatic targets in Europe, Asia, and South America during most of 2016. Researchers at Kaspersky Lab said today in a Securelist report that WhiteBear could be the second stage of another Turla operation known as Skipper Turla with separate malware development efforts behind each set of activity. Turla is among the elite APT organizations in the world. It’s been active since the mid-1990s and is one of the oldest cyber espionage groups. At this year’s Security Analyst Summit, researcher Thomas Rid along with Kaspersky’s Juan Andres-Guerrero-Saade and Costin Raiu said there are likely links between Turla and the infamous Moonlight Maze espionage operations targeting U.S. government agencies, including the Pentagon and NASA. The suspected link between Moonlight Maze and Turla is the use of an open source backdoor called LOKI2 found in code samples from both operators. If this is the definitive link between Moonlight Maze and Turla, it puts them among the elite nation-state attack groups in terms of capabilities and durability. Equation Group, considered by many to have strong ties the U.S. National Security Agency, is the only other known APT active in 1996.
FOR MORE INFORMATION:
To sign up for the complete daily G4S Corporate Risk Services Intelligence Bulletin, as well as regular intelligence and risk updates and news, click here to subscribe!