'Cloud Hopper ' campaign by sophisticated APT10 hacking group uses advanced phishing Attack.Phishing and customised malware to conduct espionage . A Chinese hacking group with advanced cyber-espionage capabilities has been targeting managed IT services providers across the globe in a campaign to steal Attack.Databreach sensitive data . The cybercriminal gang is using sophisticated phishing attacks Attack.Phishing and customised malware in order to infect victims ' machines and then gain access to IT providers and their customer networks . Dubbed Operation Cloud Hopper , the cyber-espionage campaign has been uncovered by security researchers at PwC , BAE Systems , and the UK 's National Cyber Security Centre . The researchers say the campaign is `` highly likely '' to be the work of the China-based APT10 hacking group . The group has been focusing on espionage since 2009 and has evolved from targeting US defence firms as well as the technology and telecommunications sectors to targeting organisations in multiple industries across the globe . The group was behind the Poison Ivy malware family and has evolved its operations to include using custom tools capable of compromising Attack.Databreach high volumes of data from organisations and their customers , and stealthily moving it around the world . It 's because of the sophisticated nature of the campaign that PwC 's Operation Cloud Hopper report describes how APT10 `` almost certainly benefits from significant staffing and logistical resources , which have increased over the last three years '' . The group 's work shifted significantly during 2016 , as it started to focus on managed service providers , following the significant enhancements to its operations . The move enabled APT10 to exfiltrate Attack.Databreach data from multiple victims around the world as part of a large scale campaign . Managed service providers ( MSPs ) represent a particularly lucrative target for attackers , because as well as having access Attack.Databreach to their clients ' networks , they also store significant quantities of customer data , which can provide useful information or be sold for profit . Researchers note that the spear phishing campaign Attack.Phishing undertaken by APT10 indicates that the group conducts significant research on targets , in order to have the best chance of tricking Attack.Phishing them into opening malicious documents attached to specially crafted emails . Once the hacking group has infiltrated a network , it conducts reconnaissance to ensure legitimate credentials have been gained Attack.Databreach , before deploying tools such as mimikatz or PwDump to steal Attack.Databreach additional credentials , administration credentials , and data from infected MSPs . The shared nature of MSP infrastructure enables APT10 's success , allowing the hackers to stealthily move between the networks of MSPs and clients -- hence the name Cloud Hopper . Using this approach , the group has been able to target organisations in the US , Canada , the UK , France , Switzerland , Scandinavia , South Africa , India , and Australia . `` The indirect approach of this attack highlights the need for organisations to have a comprehensive view of the threats they 're exposed to -- including those of their supply chain , '' Kris McConkey , partner , cyber threat detection and response at PwC , said . `` This is a global campaign with the potential to affect a wide range of countries , so organisations around the world should work with their security teams and providers to check networks for the key warning signs of compromise and ensure they respond and protect themselves accordingly . '' The National Cyber Security Centre has issued guidelines following the global targeting of enterprises via managed service providers , and notes how the activity detected `` likely represents only a small proportion of the total malicious activity '' .

FBI ’ s Cyber Division has sent out another notification to healthcare organizations , alerting them to the danger of cyber criminals using their FTP servers for various malicious purposes . “ The FBI is aware of criminal actors who are actively targeting File Transfer Protocol ( FTP ) servers operating in ‘ anonymous ’ mode and associated with medical and dental facilities to access Attack.Databreach protected health information ( PHI ) and personally identifiable information ( PII ) in order to intimidate , harass , and blackmail business owners , ” says the notification . “ anonymous ” or “ ftp ” ) and no password , the FBI explained . In the past , cyber criminals have been known for compromising Attack.Databreach hospitals through vulnerable JBoss servers , and other organizations through unsecured remote desktop servers . The FBI urged medical and dental healthcare organization to check their networks for or FTP servers running in anonymous mode , and to make a configuration change that would disallow that kind of access . “ If businesses have a legitimate use for operating a FTP server in anonymous mode , administrators should ensure sensitive PHI or PII is not stored on the server , ” they noted

Retina-X Studios , the makers of several consumer-grade monitoring products , have finally announced that they have suffered a data breach Attack.Databreach . Retina-X and FlexiSpy , another spyware maker , were attacked Attack.Databreach by two hackers / hacker groups that revealed last week how they went about compromising Attack.Databreach the companies ’ assets and made off Attack.Databreach with customer and other data . “ A hacker known for SQL exploits of great magnitude was able to find a weakness in a decompiled and decrypted version of a now-discontinued product . The vulnerability hidden inside the coded software led to a breach of the database and the eventual exploit by unauthorized individuals , ” the company noted . “ According to the report , the attacker was able to break into Attack.Databreach a server that held database tables for Net Orbit , PhoneSheriff and TeenShield . The tables held information such as login usernames , subscription keys , device metadata , text messages , GPS locations , contacts ’ information , apps installed and website logs . A third-party photo storage account was also breached Attack.Databreach . Only accounts created before February 21st , 2017 were affected. ” They were quick to point out that no payment information was compromised Attack.Databreach , and they say that the attacker has not publicly released Attack.Databreach the stolen data – and he seemingly does not plan to . They are also trying to differentiate itself from the other victim ( FlexiSpy ) , by saying that their software can ’ t be used to monitor individuals that the monitorer has no legal right to keep under surveillance ( e.g . their employees or their underage children ) , because this would violate their terms of service and the account would be terminated . “ Our child and employee monitoring software shows up as an icon and in the Installed Apps list of devices . There are also notifications to let the user of the device know that activities are being monitored , ” the company noted , while failing to mention that these notifications can be turned off and the icon removed . They also did not mention how or how quickly they are able to discover that someone is using the software to perform illegitimate surveillance . For all we know , it could be weeks or months , but even days are too much for people who are spied on in this way .

FireEye has identified a set of financially motivated intrusion operations being carried out by a threat actor we have dubbed FIN10 . FIN10 is known for compromising Attack.Databreach networks , stealing Attack.Databreach sensitive data , and directly engaging victim executives and board members in an attempt to extort Attack.Ransom them into paying Attack.Ransom between 100 and 500 bitcoins ( valued at between $ 125,000 and $ 620,000 as of mid April 2017 ) . For some victims that did not give into the demand Attack.Ransom , FIN10 escalated their operation and destroyed critical production systems and leaked Attack.Databreach stolen data to journalists in an attempt to increase visibility of the compromise and coerce victims into paying up Attack.Ransom . The first known FIN10 operation was in 2013 and their operations have continued until at least 2016 . To date , we are primarily aware of Canadian victims – specifically casinos and mining organizations . Given the release of sensitive victim data , extortion Attack.Ransom , and destruction of systems , FireEye considers FIN10 to be one of the most disruptive threat actors observed in the region so far .

A lot of things can go wrong on your holidays , like losing luggage or missing a flight , forgetting your travel documents or getting sick at the worst possible time . But have you ever been locked out of your hotel room because of a cyberattack ? That ’ s just what happened to guests at a luxury hotel in Austria when they were left stranded outside of their rooms after a ransomware attack Attack.Ransom that overrode electronic key systems . This concept , which can be summed up as “ if you don ’ t pay , your guests won ’ t be able to get into their rooms ” , underscores a strategy shift in ransomware . Instead of directly attacking Attack.Ransom the hotel chain directly , cybercriminals are looking to increase profitability by compromising Attack.Databreach the well-being of paying customers . Infected computers and POS systems , credit card theft Attack.Databreach , access Attack.Databreach to confidential information… in the age of the Internet of Things and smart homes , these attacks Attack.Databreach are becoming commonplace or even antiquated . Clearly the attacks Attack.Databreach that this industry has been experiencing are not something casual or fleeting . Behind them lies a real economic interest and a preoccupation with stealthy operations . The hotel sector has become a major target for organized cybercriminals in possession of malware specifically designed to harm its running smoothly , not only in payment systems , but also by sealing off access to your room , turning lights on and off , or locking your blinds . This is , undoubtedly , a worrisome situation that could cause significant harm not only on an economic level , but also a PR level , sowing fear among clientele .

In recent years , ransomware has become a growing concern for companies in every industry . Between April 2015 and March 2016 , the number of individuals affected by ransomware surpassed 2 million — a 17.7 % increase from the previous year . Ransomware attacks function by breaching systems , usually through infected email , and locking important files or networks until the user pays a specified amount of money . According to FBI statistics cited in a Malwarebytes report , hackers gained more than $ 209 million from ransomware payments Attack.Ransom in the first three months of 2016 , putting ransomware on track to rake in nearly $ 1 billion this year . But as a result of increased ransom-avoidance , cybercriminals have created an even more insidious threat . Imagine malware that combines ransomware with a personal data leak Attack.Databreach : this is what the latest threat , doxware , looks like . With doxware , hackers hold computers hostage Attack.Ransom until the victim pays the ransom Attack.Ransom , similar to ransomware . But doxware takes the attack further by compromising Attack.Databreach the privacy of conversations , photos , and sensitive files , and threatening to release them publicly unless the ransom is paid Attack.Ransom . Because of the threatened release , it 's harder to avoid paying the ransom Attack.Ransom , making the attack Attack.Ransom more profitable for hackers . In 2014 , Sony Pictures suffered an email phishing malware attack Attack.Phishing that released Attack.Databreach private conversations between top producers and executives discussing employees , actors , industry competitors , and future film plans , among other sensitive topics . And ransomware attacks Attack.Ransom have claimed a number of recent victims , especially healthcare systems , including MedStar Health , which suffered a major attack Attack.Ransom affecting 10 hospitals and more than 250 outpatient centers in March 2016 . Combine the data leak Attack.Databreach of Sony and the ransomware attack Attack.Ransom on MedStar and you can see the potential fallout from a doxware attack . Doxware requires strategic , end-to-end planning , which means hackers will target their victims more deliberately . Looking at the data leaked Attack.Databreach from Sony , it 's easy to imagine the catastrophic effect doxware would have on an executive of any major corporation . Company leaders hold countless conversations over email each day on sensitive topics ranging from product development to competition to internal politics , and if there 's a doxware attack , the fallout could be extensive . Expect Things to Get WorseThe technology behind doxware is still new , but expect the problem to become worse . Recent attacks have been contained to Windows desktop computers and laptops , but this will certainly change . Once the malware can infiltrate mobile devices , the threat will become even more pervasive , with text messages , photos , and data from apps at risk for being leaked Attack.Databreach . It 's also highly likely that doxware will target more types of files . Workplace emails are currently a big target for hackers . However , a company 's internal communications/instant messaging network is also appealing to hackers using doxware , as the messaging network often serves as a platform where both sensitive business discussion and casual conversations take place , potentially exposing both company secrets and personally embarrassing exchanges . One of these variants hold files ransom Attack.Ransom with the threat of release and then steals Attack.Databreach a victim 's passwords . Another mutation , Popcorn Time , takes doxware even further giving victims the option to infect two of their friends with the malware instead of paying the ransom Attack.Ransom .