Chinese hackers seem to be at it again. This time hitting Community Health Systems, a large US medical group that runs over 200 hospitals in 29 states. According to reports from Foxnews, the attackers were able to steal 4.5 million records.
A filing with the U.S. Securities and Exchange Commission stated that computer security company Mandiant assisted in the forensics investigation and “believe the attacker was an “Advanced Persistent Threat” group originating from China who used highly sophisticated malware and technology to attack the Company’s systems.“
According to the filing the data was “non-medical patient identification data” and did not include “patient credit card, medical or clinical information“. The company is notifying the affected patients and apparently offering them identity theft protection services.
As financial information was not recovered, the information would most likely be used in further social engineering type attacks – for example, using the information gained to attempt to access patients accounts or data from other companies or websites.
For those interested in learning more about Mandiant and their research of Chinese APT attacks, check out their “APT1: Exposing One of China’s Cyber Espionage Units” intelligence center report.
The Cybersecurity Conference & Expo is coming up December 8-9 in Washington, DC – delivering in-depth training for government practitioners and essential networking opportunities with government and industry leaders at the forefront of cybersecurity initiatives.
The conference offers 2 days of in-depth sessions on cyber defense, policy and planning. The FREE one-day expo includes education sessions, a CISSP Exam Prep Clinic and a keynote presentation from Shawn Henry, Executive Assistant Director at the FBI.
Conference Topics include:
- Defensive and offensive tactics to protect your assets
- The Advanced Persistent Threat
- Influx of malware breaches
- The latest cyber attack vectors
- Social media threats and solutions
- Insider threats and solutions
- The mind of the hacker
- Calculating ROI on your cyber investment
- Preparing the cyber offensive and defensive leaders of tomorrow
- Improving current offensive and defensive assets
- The current state and future of cybersecurity policy
The Expo is free for the government, and Early Bird rates are in effect until November 11th on the Conference – saving you $200!
Find out more and register today at http://bit.ly/GovCyberReg
FireEye (from Rsignia’s Website):
Security-conscious organizations choose FireEye for industry-leading protection against the next generation of threats that cross vectors and attack with advanced malware, zero-day, targeted APT attacks. FireEye’s Malware Protection Systems (MPS) supplement traditional and next-generation firewalls, IPS, AV and Web gateways, whose signatures and heuristics cannot stop this next generation of threats.
Today’s defenses–even next-generation firewalls–leave significant security holes in the majority of corporate networks. These traditional tools were designed for the known–not the increasingly predominant unknown threats specifically devised to evade detection. By combining signature and signature-less detection, and integrating inbound and outbound protection, FireEye combats today’s stealthy Web and email threats with near-zero false positive rates.
McAfee released on Tuesday it’s findings for a several year exploitation of international machines dubbed “Operation Shady RAT“:
What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth — closely guarded national secrets (including from classified government networks), source code, bug databases, email archives, negotiation plans and exploration details for new oil and gas field auctions, document stores, legal contracts, SCADA configurations, design schematics and much more has “fallen off the truck” of numerous, mostly Western companies and disappeared in the ever-growing electronic archives of dogged adversaries.
McAfee gained access to a Command and Control server used in the exploits and as they analyzed the logs, the findings were stunning. At least 72 parties making up 32 unique organizations in over 14 worldwide locations were compromised. Data, reaching Petrabytes in size have been leeched from corporations, defense contractors and government systems alike. Several of the systems were compromised for over 20 months.
Many experts are pointing at China as the source of the attacks. But it is interesting to see what the original targets were in 2006:
In 2006, the year that the logs begin, we saw only eight intrusions: two on South Korean steel and construction companies, and one each on a South Korean Government agency, a Department of Energy Research Laboratory, a U.S. real-estate firm, international trade organizations of an Asian and Western nations and the ASEAN Secretariat.
Three of the very first attacks were against South Korea. One would have to at least ponder if North Korea is involved.
McAfee states that the attacks used were not new, and its virus protection software has protected against it for several years.