Google to pay $29.5 million to settle lawsuits over user location tracking
This payout is intended to settle two different lawsuits brought by Indiana and Washington, D.C., over Googles location tracking practices. The split is $9.5 million to D.C. and $20 million to Indiana after the states sued the company for charges that it tracked users’ locations without their express consent. The settlement adds to the $391.5 million Google agreed to pay to 40 states over similar allegations last month. The company is still facing two more location-tracking lawsuits in Texas and Washington. The lawsuits came in response to revelations in 2018 that the internet company continued to track users’ whereabouts on Android and iOS through a setting called Web & App Activity despite turning Location History options off.
Ransomware gang cloned victim’s website to leak stolen data
The ransomware operators at ALPHV have become more innovative with their extortion techniques. One example of this: creating a replica of a victim’s site to publish stolen data on it. ALPHV/BlackCat is known for testing new extortion tactics to pressure and shame their victims into paying. On December 26, group announced via their Tor-based leak site that they had compromised a financial services company. The data leaked consisted of memos to staff, payment forms, employee info, data on assets and expenses, financial data for partners, and passport scans. This was done to ensure wide availability of the stolen files as opposed to publishing on the dark web.
LockBit gang apologizes, gives SickKids Hospital free decryptor
The LockBit ransomware gang has apologized to Toronto’s Hospital for Sick Children (SickKids), saying one of its members violated rules by attacking the healthcare organization. It then sent them a free decryptor. On December 18th, the hospital suffered a ransomware attack that impacted internal and corporate systems, hospital phone lines, and the website. While the attack only encrypted a few systems, SickKids stated that the incident caused delays in receiving lab and imaging results and resulted in longer patient wait times. In a statement that included the apology, the gang blamed a partner who “violated our rules, is blocked and is no longer in our affiliate program.”
Personal health information of 42M Americans leaked over 5 years
Researchers from medical research and media group Jama Network analyzed trends in ransomware attacks on US hospitals, clinics, and health care delivery organizations. They found that from 2016 to 2021, the annual number of ransomware attacks more than doubled, from 43 to 91, exposing the personal health information of nearly 42 million patients.” It continued, “during the study period, ransomware attacks exposed larger quantities of personal health information and grew more likely to affect large organizations with multiple facilities.” The report also notes that 20 percent of healthcare organizations that suffered a ransomware attack were able to restore data from backups.
Thanks to this week’s episode sponsor, AppOmni
Chinese scammers targeting Chinese students in the U.K.
For over a year, Chinese international students studying in the U.K. have been targeted by persistent Chinese-speaking scammers. The activity has been dubbed RedZei (aka RedThief). Cybersecurity researcher Will Thomas stated in a post last week, “the RedZei fraudsters have chosen their targets carefully, researched them and realized it was a rich victim group that is ripe for exploitation.” Most notably the threat actors have taken steps to bypass scam call blocking by using a new pay-as-you-go U.K. phone number for each wave. The primary reason for the scam is to trick Chinese international students into paying money to avoid getting deported.
Russia risks causing IT worker flight with remote working law
Russia’s bruised IT sector risks losing more workers due to planned legislation regarding remote working, with authorities trying to lure back some of the tens of thousands who have gone abroad. “IT workers featured prominently among the many Russians who fled after Moscow sent its army into Ukraine on Feb. 24 as well as the hundreds of thousands who followed when a military call-up began in September.” The Russian government estimates the number of IT specialists currently working for Russian companies overseas at 100,000. Now, legislation is being put forward that could ban remote working for some professions. An additional fear for the lawmakers is that more Russian IT professionals could end up working in NATO countries and inadvertently sharing sensitive security information, and have therefore proposed banning some IT specialists from leaving Russia.
(Reuters)
Ransomware ecosystem becoming more diverse for 2023
In CSO Online, senior writer Lucian Constantin posts that “the ransomware ecosystem changed significantly in 2022, with attackers shifting from large groups that dominated the landscape toward smaller ransomware-as-a-service (RaaS) operations in search of more flexibility and drawing less attention from law enforcement.” This brought in a diversification of tactics, techniques, and procedures (TTPs), more indicators of compromise (IOCs) to track, and potentially more hurdles to jump through when trying to negotiate or pay ransoms. He quotes researchers from Cisco’s Talos group in their annual report, who date the accelerated landscape changes back to the Colonial Pipeline DarkSide ransomware attack and subsequent law enforcement takedown of REvil led to the dispersal of several ransomware partnerships.” In some good news, half of Cisco Talos’s ransomware-related incident response engagements have been in the pre-ransomware stage, showing that companies are getting better at detecting TTPs associated with pre-ransomware activities.