Amateur cybercriminals may be shifting towards targeting the healthcare sector using an off-the-shelf ransomware , according to security researchers at Forcepoint Security Labs . Forcepoint is an Austin , Texas-based cybersecurity software company and Roland Dela Paz , a senior security researcher at the company , detailed in a blog post that Forcepoint Security Labs has identified a ransomware-as-a-service ( RaaS ) platform , called Philadelphia , used in a cyber attack on a healthcare organization . “ In that attack Attack.Phishing , a shortened URL , which we believe was sent Attack.Phishing through a spear-phishing email , was used as a lure Attack.Phishing to infect a hospital from Oregon and Southwest Washington . Once a user clicks on the link , the site redirects to a personal storage site to download a malicious DOCX file , ” Dela Paz wrote . He noted that the document contained the targeted healthcare organization ’ s logo and a signature of a medical practitioner from that organization . Three document icons pertaining to patient information also were present in the file and , when the user double-clicks , a malicious Javascript is triggered which downloads and executes a variant of the Philadelphia ransomware . “ Believed to be a new version of the Stampado ransomware , Philadelphia is an unsophisticated ransomware kit sold for a few hundred dollars to anyone who can afford it . Recently , a video advertisement of Philadelphia surfaced on Youtube , ” he wrote . Dela Paz further wrote in the blog post , “ A few things in the malware captured our interest . Aside from the tailored bait against a specific healthcare organization , the encrypted JavaScript above contained a string “ hospitalspam ” in its directory path . Likewise , the ransomware C2 also contained “ hospital/spam ” in its path . Such wordings would imply that this is not an isolated case ; but that the actor behind the campaign is specifically targeting hospitals using spam ( spear phishing emails ) as a distribution method. ” He also noted that ransomware-as-a-service platforms such as Philadelphia continue to attract would-be cybercriminals to take part in the ransomware business . And , while this example represents only one healthcare organization that was targeted , the researcher noted that it could signify the beginning of a trend with smaller ransomware operators , using RaaS platforms , aiming for the healthcare sector , “ ultimately leading to even bigger and diversified ransomware attacks Attack.Ransom ” against the sector , he wrote .

Two Italian siblings have been arrested on Monday and stand accused of having spied on Italian politicians , state institutions and law enforcement agencies , businesses and businesspeople , law firms , leaders of Italian masonic lodges , and Vatican officials for years . 45-year-old Giulio Occhionero and 49-year-old Francesca Maria Occhionero , both from Rome but currently residing in London , have allegedly used specially crafted malware ( dubbed “ EyePyramid ” ) to compromise Attack.Databreach the targets ’ computers and exfiltrate Attack.Databreach all kinds of documents , as well as log keystrokes and steal Attack.Databreach login credentials for sensitive accounts . According to court documents ( in Italian ) , the investigation began a few months after a security professional employed by ENAV , an Italian company responsible for the provision of air traffic services ( ATS ) and other air navigation services in Italy , flagged and reported a malicious attachment he received via email . The spear-phishing email was purportedly sent Attack.Phishing by an Italian attorney , but the infosec pro became suspicious and sent the attachment to security company Mentat Solutions for analysis . The attachment was found to contain the EyePyramid malware . After the authorities got involved , the investigation revealed that the email was , indeed , sent Attack.Phishing from the attorney ’ s email account , but that it was sent Attack.Phishing by someone who had compromised the account and accessed it via TOR .

A new malware program that targets macOS users is capable of spying on encrypted browser traffic to steal Attack.Databreach sensitive information . The new program , dubbed OSX/Dok by researchers from Check Point Software Technologies , was distributed via email phishing campaigns Attack.Phishing to users in Europe . One of the rogue emails was crafted Attack.Phishing to look as if it was sent Attack.Phishing by a Swiss government agency warning recipients about apparent errors in their tax returns . The malware was attached to the email as a file called Dokument.zip . Once installed on a Mac , OSX/Dok displays Attack.Phishing a fake and persistent notification about a system security update that needs to be installed . Users who agree to install the update will be prompted for their administrator password . Once the malware obtains elevated privileges , it will make the active user a permanent administrator so the OS will never ask for the password again when the malware executes privileged commands in the background . Dok will also modify the system 's network settings to route web traffic through a proxy server controlled by the attackers and located on the Tor anonymity network . In order for this to work , it also installs a Tor client that 's started automatically . The reason why web traffic is routed through a proxy server is to perform a man-in-the-middle ( MitM ) attack and decrypt secure HTTPS connections . This is achieved by installing a rogue root certificate on the system that is then used to decrypt and re-encrypt HTTPS connections when they pass through the proxy . With this method , users will continue to see the SSL visual indicator in their browser when they access HTTPS websites and the browser will not complain about untrusted certificates . The ability to snoop on HTTPS traffic allows attackers to steal Attack.Databreach sensitive information like passwords for email ; social media and online banking accounts ; credit card details entered on shopping websites ; personal and financial information entered into web forms ; and more . With more than half of all web traffic in an average user 's browser now encrypted , it 's not surprising that attackers are resorting to man-in-the-middle techniques to capture Attack.Databreach sensitive data . This and other capabilities make Dok one of the most sophisticated malware programs targeting macOS to date , not counting spy programs created or used by nation states and law enforcement agencies . `` We have been and still are in direct contact with Apple [ employees ] who are very helpful and responsive , '' Yaniv Balmas , Check Point 's malware research team leader , said via email . `` With Apple ’ s cooperation , we believe this specific campaign is now futile and does no longer pose any threat to Mac users . ''