- Email: [email protected]
Targeting health data
NEWS ...Continued from front page that, in addition to full remote desktop control, the software also provided functionality such as access to sensitive files (including Windows Registry), the ability to run a built-in webcam with the light disabled, encrypted keylogging and stealing data from browsers. It could also disable anti-malware software and terminate running processes. It’s believed that 14,500 copies of the software were sold in 124 countries and Palo Alto said it had logged more than 115,000 unique attacks using the tool. These were observed incidents – the total number of attacks is likely to be much higher. Analysis of the infrastructure being used to sell and distribute IM-RAT showed that much of the hosting was concentrated in Australia. An operation, led by the Australian Federal Police (AFP) and involving Europol, the FBI, Canada’s telecoms regulator, as well as judicial and law enforcement agencies in Europe, Colombia and Australia, resulted in search warrants being executed in Australia and Belgium against Shockwave and an employee of Imminent Methods in June. Then, in November, a week-long series of actions in Australia, Colombia, The Czech Republic, the Netherlands, Poland, Spain, Sweden and the UK led to the dismantling of the IM-RAT infrastructure and 13 of its users being arrested. Europol said that more than 430 devices were seized and forensic analysis is under way. “With the successful execution of the AFP’s operation, licensed Imminent Monitor builders will no longer be able to produce new client malware nor can the controllers access their victims,” said Palo Alto. “Although cracked versions already exist and will continue to circulate, they can’t benefit from bug fixes, feature enhancements, support or efforts to improve their undetectability. Ironically, these versions often carry malicious payloads, acting as infection vectors to the criminals who would use them themselves.” The Unit 42 report is here: http://bit.ly/2YbhxZO November also saw the 12th annual Global Airline Action Days (GAAD) operation in which organisations around the world collaborate to fight airline
December 2019
ticket fraud where compromised credit card data is used to purchase flights. The operation resulted in the reporting of 165 suspicious transactions and the arrest or detainment of 79 people. GAAD was co-ordinated from Europol command posts in The Hague, the Interpol Global Complex for Innovation in Singapore, at NCFTA (with the US Secret Service) in the US and Ameripol, as well as facilities in Colombia and Canada. The efforts were assisted by Eurojust and the European Border and Coast Guard Agency (Frontex), which deployed officers to 28 airports. The Airport Communication Project (Aircop), run by the UN Office on Drugs and Crime (UNODC), also took part with law enforcement activities at airports in Africa. Europol has also been busy working with the US National Intellectual Property Rights Co-ordination Centre and law enforcement agencies from 18 EU nations in seizing 30,506 domain names associated with distributing counterfeit and pirated material. These included counterfeit pharmaceuticals and pirated movies, illegal TV streaming, pirated music and software and fake products, including electronics. Europol’s Intellectual Property Crime Co-ordinated Coalition (IPC³), as well as Interpol and Eurojust, supported the investigation, which resulted in three arrests and the seizure of 26,000 luxury products (including clothes and perfumes), 363 litres of alcoholic beverages and a large number of hardware devices. In addition, funds amounting to E150,000 were frozen. There’s more information here: http:// bit.ly/34QklOG. Nominet, which manages the .uk toplevel domain (TLD) registry, said that it had suspended 28,937 domains over the past year for suspected criminal activity.
Targeting health data
C
oncerns are being raised about Google’s recent moves to acquire vast quantities of health data. In the meantime, cyber criminals are also targeting healthcare organisations and the data they hold.
In early November, Google announced
its intention to acquire Fitbit in a cash deal worth $2.1bn. Fitbit released a statement in which it claimed that “Fitbit health and wellness data will not be used for Google ads”. However, the company will be absorbed into Google and there are no details on how the latter might exploit the data internally, which would probably involve integrating into existing Google Fit app data. It’s possible Google has been down this road already, having spent $40m in January to acquire unspecified smartwatch technology from Fossil, which itself acquired it from the takeover of Misfit in 2015. According to press reports, Google has also secretly made a deal with US hospital chain and health insurer Ascension to obtain the medical records of 50 million US residents – without their knowledge or permission. A report in the Wall Street Journal says that the initiative, dubbed ‘Project Nightingale’, affects people in 21 states. Meanwhile, The Guardian newspaper claimed that, according to an insider, these records have not been anonymised and individual records have been accessed by staffers at Google. There’s more information here: http://bit.ly/33QqhFU. Both firms claims that what they are doing is fully compliant with Health Insurance Portability and Accountability Act (HIPAA) regulations. However, US federal regulators have launched an investigation. The situation is reminiscent of that surrounding another Google project, DeepMind, in which Google was given access to the records of 1.6 million patients by the Royal Free NHS Foundation Trust in the UK. The Information Commissioner’s Office (ICO) subsequently found that the trust had failed to comply with the Data Protection Act and that there were other problems in the way data was handled, including lack of transparency with the patients. Meanwhile, Malwarebytes has reported a 60% increase in data stealing and ransomware attacks on healthcare organisations in the past year. In its ‘Cybercrime tactics and techniques’ report it says that patient data provides a high return on investment for cyber criminals. The report is here: http://bit.ly/2sJHbcw.
Computer Fraud & Security
3
December 2019
ticket fraud where compromised credit card data is used to purchase flights. The operation resulted in the reporting of 165 suspicious transactions and the arrest or detainment of 79 people. GAAD was co-ordinated from Europol command posts in The Hague, the Interpol Global Complex for Innovation in Singapore, at NCFTA (with the US Secret Service) in the US and Ameripol, as well as facilities in Colombia and Canada. The efforts were assisted by Eurojust and the European Border and Coast Guard Agency (Frontex), which deployed officers to 28 airports. The Airport Communication Project (Aircop), run by the UN Office on Drugs and Crime (UNODC), also took part with law enforcement activities at airports in Africa. Europol has also been busy working with the US National Intellectual Property Rights Co-ordination Centre and law enforcement agencies from 18 EU nations in seizing 30,506 domain names associated with distributing counterfeit and pirated material. These included counterfeit pharmaceuticals and pirated movies, illegal TV streaming, pirated music and software and fake products, including electronics. Europol’s Intellectual Property Crime Co-ordinated Coalition (IPC³), as well as Interpol and Eurojust, supported the investigation, which resulted in three arrests and the seizure of 26,000 luxury products (including clothes and perfumes), 363 litres of alcoholic beverages and a large number of hardware devices. In addition, funds amounting to E150,000 were frozen. There’s more information here: http:// bit.ly/34QklOG. Nominet, which manages the .uk toplevel domain (TLD) registry, said that it had suspended 28,937 domains over the past year for suspected criminal activity.
Targeting health data
C
oncerns are being raised about Google’s recent moves to acquire vast quantities of health data. In the meantime, cyber criminals are also targeting healthcare organisations and the data they hold.
In early November, Google announced
its intention to acquire Fitbit in a cash deal worth $2.1bn. Fitbit released a statement in which it claimed that “Fitbit health and wellness data will not be used for Google ads”. However, the company will be absorbed into Google and there are no details on how the latter might exploit the data internally, which would probably involve integrating into existing Google Fit app data. It’s possible Google has been down this road already, having spent $40m in January to acquire unspecified smartwatch technology from Fossil, which itself acquired it from the takeover of Misfit in 2015. According to press reports, Google has also secretly made a deal with US hospital chain and health insurer Ascension to obtain the medical records of 50 million US residents – without their knowledge or permission. A report in the Wall Street Journal says that the initiative, dubbed ‘Project Nightingale’, affects people in 21 states. Meanwhile, The Guardian newspaper claimed that, according to an insider, these records have not been anonymised and individual records have been accessed by staffers at Google. There’s more information here: http://bit.ly/33QqhFU. Both firms claims that what they are doing is fully compliant with Health Insurance Portability and Accountability Act (HIPAA) regulations. However, US federal regulators have launched an investigation. The situation is reminiscent of that surrounding another Google project, DeepMind, in which Google was given access to the records of 1.6 million patients by the Royal Free NHS Foundation Trust in the UK. The Information Commissioner’s Office (ICO) subsequently found that the trust had failed to comply with the Data Protection Act and that there were other problems in the way data was handled, including lack of transparency with the patients. Meanwhile, Malwarebytes has reported a 60% increase in data stealing and ransomware attacks on healthcare organisations in the past year. In its ‘Cybercrime tactics and techniques’ report it says that patient data provides a high return on investment for cyber criminals. The report is here: http://bit.ly/2sJHbcw.
Computer Fraud & Security
3