Security News Survey – August 30, 2019

This week, we look at a new threat group targeting critical infrastructure, the DHS’s new plan for 2020 election security, and another healthcare data breach.

We’re wrapping up another busy month with a number of key cybersecurity headlines that speak to developing trends in the industry, including a rise in ransomware attacks, healthcare data breaches, and concerns around critical infrastructure security. Let’s take a look.

New threat group targets critical infrastructure companies

Critical infrastructure firms are facing a new cyber adversary: a recently discovered threat group dubbed LYCEUM. According to security researchers, LYCEUM has been spotted targeting oil, gas, and telecommunications companies in the Middle East and South Africa via relatively simple tools and tactics, such as password spraying and brute-force attacks. LYCEUM appears to leverage these common attack techniques to compromise email accounts of employees at target organizations and deliver DanBot malware. Security researchers who have been tracking LYCEUM’s activities speculate that based on the group’s current activities, the end goal appears to be information collection instead of operational disruption. While industrial control systems or OT environments don’t seem to be the target right now, however, it’s important for critical infrastructure companies to be aware of the potential risk. 

New DHS program seeks protection against ransomware attacks during 2020 election

2020 will be here before we know it, and the U.S. Department of Homeland Security (DHS) is taking a proactive stance on preparing for next year’s general election, with a specific focus on the security of voting and registration systems. Evidence of hacking during the 2016 election has sparked concern for what may happen next year, and the DHS is launching a new program to defend against similar issues. Of particular concern to the DHS is ransomware, which has been a growing issue for state and local governments across the country. Preparation for ransomware attacks under the DHS’s new program involves providing educational and technical support, including penetration testing and vulnerability scanning. The program has been criticized by some as being too narrow, but it will run concurrently with additional efforts by the broader U.S. intelligence community to determine the most likely sources and methods of attack for the 2020 election. 

Unauthorized third party steals thousands of records from Massachusetts hospital

Massachusetts General Hospital has confirmed a data breach impacting roughly 9,900 research patients. According to the Hospital’s disclosure, data was stolen when records of thousands of patients were accessed by an unauthorized third party via computers used by Neurology researchers between June 10th and June 16th of this year. Compromised data includes names, dates of birth, and medical information. Thankfully, no Social Security numbers or financial information appear to have been affected. The Hospital has notified impacted individuals and engaged a third-party investigator alongside federal law enforcement to investigate the issue and review security measures within the organization.