Lifeboat Foundation

The International Criminal Court (ICC) disclosed a cyberattack on Tuesday after discovering last week that its systems had been breached.

“At the end of last week, the International Criminal Court’s services detected anomalous activity affecting its information systems,” the ICC said.

“Immediate measures were adopted to respond to this cybersecurity incident and to mitigate its impact.”

This post is also available in: עברית (Hebrew)

A badly defended security camera is an easy target for hackers, as there are tools for easily hacking internet protocol (IP) cameras, and research revealed the prevalent problem of unprotected security cameras.

According to Cybernews researchers, there are currently at least 8,373 real-time streaming protocol (RTSP) cameras exposed worldwide. Exposed cameras mean that anyone could find even the latest saved screenshots of what the cameras see, with some cameras being found on Google. Furthermore, many cameras are left with default access passwords like “admin”.

Multiple prominent government ministries in Colombia are responding to a ransomware attack that is forcing officials to make significant operational changes.

This week, the Ministry of Health and Social Protection, the country’s Judiciary Branch and the Superintendency of Industry and Commerce announced that a cyberattack on technology provider IFX Networks Colombia had caused a range of problems limiting the ability of both departments to function.

On Wednesday, the Ministry of Health and Social Protection said it began facing issues on Tuesday after IFX Networks told them of problems affecting their data center.

When the botnet floods the target with excessive requests, service failures occur which jeopardize the availability of the targeted system and even put the integrity of the whole infrastructure at risk. When aimed against essential infrastructures such as healthcare or transportation, the hazards go beyond financial and reputational harm to endangering people’s lives.

Incorporating IoT Devices into Botnets

IoT devices that are unpatched, unattended, or misconfigured, or are already under botnet DDoS attack, are at risk of being incorporated into a botnet. To expand the botnet, an attacker hacks new IoT devices. This process involves two entities: the botnet itself and the loader server, a special server that infects other devices.

The threat group behind the fast-growing Rhysida ransomware-as-a-service operation has claimed credit for an Aug. 19 attack that crippled systems at Singing River Health System, one of Mississippi’s largest healthcare entities.

The attack follows one against California’s Prospect Medical Holdings in August that affected 16 hospitals and more than 160 clinics around the country. The wide scope of that incident prompted an alert from the Health Sector Cybersecurity Coordination Center to other organizations in the industry.

The attack on Singing River impacted three hospitals and some 10 clinics belonging to the system and is likely to reinforce Rhysida’s credentials as a growing threat to healthcare organizations in the US. It’s also a reminder of the surging interest in the sector from ransomware actors who, early in the COVID-19 pandemic, had piously vowed to stay away from attacking hospitals and other healthcare entities.

In a recent attack against a construction company, hackers who failed to execute LockBit in a target network were observed deploying a second, never-before-seen ransomware, which managed to break through.

The new tool is rather standard fare, blocking various cybersecurity and backup-related software before locking up files on its host computer. But it distinguishes itself with an adorable little theme: 3 a.m., a time when perhaps only insomniacs, hardcore night owls, and black hat hackers are still up and working away.

In a report this week, researchers from Symantec described the first observed use of 3AM — a double-whammy attack in which the LockBit ransomware was blocked but then 3AM squeaked through in one compromised machine.

A download site surreptitiously served Linux users malware that stole passwords and other sensitive information for more than three years until it finally went quiet, researchers said on Tuesday.

The site, freedownloadmanager[.]org, offered a benign version of a Linux offering known as the Free Download Manager. Starting in 2020, the same domain at times redirected users to the domain deb.fdmpkg[.]org, which served a malicious version of the app. The version available on the malicious domain contained a script that downloaded two executable files to the /var/tmp/crond and /var/tmp/bs file paths. The script then used the cron job scheduler to cause the file at /var/tmp/crond to launch every 10 minutes. With that, devices that had installed the booby-trapped version of Free Download Manager were permanently backdoored.

After accessing an IP address for the malicious domain, the backdoor launched a reverse shell that allowed the attackers to remotely control the infected device. Researchers from Kaspersky, the security firm that discovered the malware, then ran the backdoor on a lab device to observe how it behaved.

Advances in artificial intelligence have prompted extensive public concern about its capacity to contribute to the spread of misinformation, bias, and cybersecurity breaches—and its potential existential threat to humanity. But, if anything, AI can aid human beings in making decisions aimed at improving social equality, safety, productivity—and mitigate some existential threats.

MGM Resorts shut down certain systems, impacting gambling at its casinos, on Monday.