Late last week, several government organizations in Palermo, Italy were forced to take their computer systems offline after discovering evidence of a cyberattack. In the days following the incident, IT staff have yet to restore all the systems to normal functionality, leaving both citizens and tourists without access to vital municipal services. Officials in Palermo have yet to confirm the exact nature of the attack. However, most of the precautions taken indicate it was a ransomware attack.
Law enforcement shuts down illicit marketplace
With the combined efforts of several law enforcement agencies around the world, the SSNDOB Marketplace, one of the largest illicit marketplace website groups, has been shut down. The marketplace operated by selling stolen social security numbers and other sensitive personal data of 24 million American residents, netting over $19 million in profits. The U.S. Justice Department released a statement indicating no arrests were made during the investigation, but they are working towards asset forfeiture for any cash or cryptocurrency that may be related to the illegal activities.
Intrusion dwell time spikes over last year
In the past year, researchers have been monitoring cyberattacks and other breaches. According to the latest findings, the average dwell time on a system is 15 days. Even though this number fluctuates depending on the size of the organization, smaller businesses are more likely to experience the highest dwell times because the information is perceived as less valuable, reducing the need for urgency. With the increased time on a compromised system, the attackers can access a wider amount of data, which can easily be used to initiate future attacks.
Cuba Ransomware makes a spring resurgence
Following an extraordinary year of successful ransomware campaigns, the Cuba ransomware group returned from a brief hiatus with a series of attacks in April and May. The latest variant includes an updated encryptor, which causes a number of processes to be terminated between the initial infection and the beginning of the encryption process. The Cuba ransomware group is known for posting stolen data for sale if ransom demands are not met within three days.
Two million patients compromised in Shield Health breach
Officials from the Massachusetts-based Shield Health Care Group have recently announced they are investigating a security incident from March that may have compromised the data of two million patients. It is believed that attackers accessed the systems over a two-week period, but staff weren’t able to identify any signs of intrusion until it was too late.
