HealthCareInfoSecurity.com reported that “Total losses tied to business email compromise theft domestically and internationally totaled $43.3 billion from June 2016 through December 2021, according to the most recent FBI Internet Crime Complaint Center annual report (https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf).” The November 19, 2022 report entitled ” DOJ Charges 10 With BEC Targeting Federal Health Program” (https://www.healthcareinfosecurity.com/doj-charges-10-bec-targeting-federal-health-program-a-20515?rf=2022-11-22_ENEWS_SUB_HIS__Slot9_ART20515&mkt_tok=MDUxLVpYSS0yMzcAAAGIPyW8soorxLIPON-V9kcfg5ZX5O-nNQmVGGS3K2eWUSYpmY1tT4Ry0aA7-wEf-9F543HvLH5oewe2iZJpliZ7llnb4bd9oJ57Kh1jZup2Om5COdMApQ) included these comments about recent BEC targeted at healthcare:

The U.S. Department of Justice on Friday charged 10 individuals with using business email compromise and money laundering schemes to target public and private insurers.

These schemes targeted Medicare, state Medicaid programs, private health insurers and numerous other victims, resulting in more than $11.1 million in total losses.

The charges stem from BEC schemes in which these individuals allegedly posed as business partners to fraudulently divert money from victims’ bank accounts into accounts they or co-conspirators controlled, the DOJ says.

The end of BEC is clearly not in sight!

DarkReading.com reported that “Organizations are struggling with mounting data losses, increased downtime, and rising recovery costs due to cyberattacks — to the tune of $1.06 million in costs per incident. Meanwhile, IT security staffs are stalled on getting defenses up to speed.” The November 17, 2022 article entitled “Zero-Trust Initiatives Stall, as Cyberattack Costs Rocket to $1M per Incident” (https://www.darkreading.com/endpoint/zero-trust-initiatives-stall-cyberattack-costs-1m-per-incident) included the comments about the “2022 Dell Global Data Protection Index (GDPI) survey of 1,000 IT decision-makers across 15 countries and 14 industries, which found that organizations that experienced disruption have also suffered an average of 2TB data loss and 19 hours of downtime:

Most respondents (67%) said they lack confidence that their existing data protection measures are sufficient to cope with malware and ransomware threats. A full 63% said they are not very confident that all business-critical data can be reliably recovered in the event of a destructive cyberattack.

Their fears seem founded: Nearly half of respondents (48%) experienced a cyberattack in the past 12 months that prevented access to their data (a 23% increase from 2021) — and that’s a trend that Colm Keegan, senior consultant for data protection solutions at Dell Technologies, says will likely continue.

No surprises in this Dell Report!

DataBreachToday.com reported that “Bankrupt cryptocurrency exchange platform FTX says unsanctioned actors made off with customers’ digital assets, initiating a scramble to cut off digital wallets from the internet.”  The November 14, 2022 report entitled “’Unauthorized Transactions’ Lead to Missing Funds at FTX” (https://tinyurl.com/4jnumzjy) included these comments:

FTX filed for bankruptcy Friday, and its founder and CEO, Sam Bankman-Fried, stepped down after the platform entered a liquidity crunch caused by a sudden loss in consumer confidence. 

Investors – including Bankman-Fried’s main rival, Binance CEO Changpeng Zhao – initiated a sell-off of FTC’s native cryptocurrency token FTT days after trade publication CoinDesk revealed that a crypto hedge fund also run by Bankman-Fried was using FTT tokens as loan collateral. 

The Wall Street Journal reports that FTX also lent customer funds to the hedge fund Alameda Research. Multiple media outlets say the U.S. Department of Justice and the Securities and Exchange Commission are investigating.

The company’s Telegram account pinned a message on Monday saying that the Securities Commission of The Bahamas launched an investigation into the case. The new CEO will handle the liquidation of assets and bankruptcy issues, it said. 

The company is headquartered in the Bahamas.

Very disturbing, but hardly a surprise!

The US Department of Justice reported that on November 4, 2022 “that JAMES ZHONG pled guilty to committing wire fraud in September 2012 when he unlawfully obtained over 50,000 Bitcoin from the Silk Road dark web internet marketplace.”  The November 7, 2022 Press Release entitled “U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure And Conviction In Connection With Silk Road Dark Web Fraud” (https://www.justice.gov/usao-sdny/pr/us-attorney-announces-historic-336-billion-cryptocurrency-seizure-and-conviction) included these comments:

On November 9, 2021, pursuant to a judicially authorized premises search warrant of ZHONG’s Gainesville, Georgia, house, law enforcement seized approximately 50,676.17851897 Bitcoin, then valued at over $3.36 billion.  

This seizure was then the largest cryptocurrency seizure in the history of the U.S. Department of Justice and today remains the Department’s second largest financial seizure ever.  

The Government is seeking to forfeit, collectively: approximately 51,680.32473733 Bitcoin; ZHONG’s 80% interest in RE&D Investments, LLC, a Memphis-based company with substantial real estate holdings; $661,900 in cash seized from ZHONG’s home; and various metals also seized from ZHONG’s home.

Great work by the DOJ!

DarkReading.com reported that “The US Securities and Exchange Commission (SEC) appears poised to take enforcement action against SolarWinds for the enterprise software company’s alleged violation of federal securities laws when making statements and disclosures about the 2019 data breach at the company.” The November 7, 2022 article entitled “SolarWinds Faces Potential SEC Enforcement Act Over Orion Breach” (https://tinyurl.com/5b95w2tx) included these comments:

If the SEC were to move forward, SolarWinds could face civil monetary penalties and be required to provide “other equitable relief” for the alleged violations. The action would also enjoin SolarWinds from engaging in future violations of the relevant federal securities laws.

SolarWinds disclosed the SEC’s potential enforcement action in a recent Form 8-K filing with the SEC. In the filing, SolarWinds said it had received a so-called “Wells Notice” from the SEC noting that the regulator’s enforcement staff had made a preliminary decision to recommend the enforcement action. A Wells Notice basically notifies a respondent about charges that a securities regulator intends to bring against a respondent, so the latter has an opportunity to prepare a response.

SolarWinds maintained that its “disclosures, public statements, controls, and procedures were appropriate.” The company noted that it would prepare a response to the SEC enforcement staff’s position on the matter.

No surprise and this SEC plan makes a lot of sense to me, what do you think?

HealthInfoSecurity.com reported to “Add DropBox to the list of tech companies experiencing a multifactor fail moment. The file storage and sharing company acknowledged Tuesday that employees fell for a well-crafted phishing campaign that gave hackers access to internal code repositories and some personally identifying information.”  The November 3, 2022 report entitled “Dropbox Data Breach Another Multifactor Fail” (https://tinyurl.com/yc543es2) included these comments:

Hackers did not obtain access to the contents DropBox cloud storage accounts, users’ passwords or their payment information, the San Francisco, Calif.-based company said. The publicly-traded company reports 700 million registered users, of which about 17 million are paying customers.

Hackers instead found and copied 130 DropBox code repositories stored on GitHub, the company says. Inside the repositories were “our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team.” Not included was code for core apps or infrastructure, which DropBox says are controlled by tighter levels of security.

There was some personal data in the repositories. “The code and the data around it also included a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors,” the company said. DropBox says it notified affected individuals despite believing that “any risk to them is minimal.”

Is anyone surprised?

BankInfoSecurity.com reported that “Ransomware attacks against U.K. hospitals and schools remained the biggest cybersecurity threat facing country in 2022, the country’s cybersecurity agency warns, adding that these attacks are likely to surge in the coming months.”  The November 1, 2022 article entitled “Ransomware Attacks Pose Biggest Threat to UK Organizations” (https://tinyurl.com/66btp9py) included these comments from the 2022 cyber threat report released by the National Cyber Security Centre (https://tinyurl.com/2vrzujne):

The NCSC attributes the uptick in ransomware attacks to the proliferation of ransomware-as-a-service groups, which it says are empowering lower-skilled attackers and group affiliates that normally lack the expertise to deploy sophisticated malware. These services have opened multiple attack vectors to a broader range of hackers, NCSC says.

Further, less sophisticated hackers are now equipping themselves with advanced intrusion software such as military-grade spyware and off-the-shelf cyber surveillance products that are readily available through various cybercrime markets. These capabilities have “lowered the entry into cybercrime” and will directly contribute to ransomware extortion and corporate espionage attacks against U.K. businesses.

No surprise to anyone about the increase in Ransomware in the UK!

HealthCareInfo.com reported that “over revelations that hospitals and other healthcare providers have incorporated into patient portals web tracking technology offered by Meta and Google.”  The October 25, 2022 article entitled ” Pressure on Meta Mounts Over Pixel Collecting Health Data” (https://tinyurl.com/23hjnpz3)  included these comments regarding Sen. Mark Warner letter to Meta CEO Mark Zuckerberg:

It is critical that technology companies like Meta take seriously their role in protecting user health data. Without meaningful action, I fear that these continuing privacy violations and harmful uses of health data could become the new status quo in healthcare and public health,…

A Meta spokesman responded to Information Security Media Group’s request for comment on the letter by stating:

Advertisers should not send sensitive information about people through our business tools as doing so is against our policies. We educate advertisers on properly setting up business tools to prevent this from occurring. Our system is designed to filter out potentially sensitive data it is able to detect.

What do you think?