Criminals target US healthcare sector
The cyber division of the FBI recently issued an alert warning of criminal activity targeting File Transfer Protocol (FTP) servers operating in ‘anonymous’ mode, associated with the US medical and dental facilities.
The criminals involved are reportedly motivated by the potential to access protected health information (PHI) and personally identifiable information (PII). This data is then used by criminals to extort healthcare business owners, and to conduct financial fraud and identity theft.
The US healthcare sector has previously been targeted by ransomware campaigns, however this attack methodology is more aggressive in nature. Rather than encrypting data and releasing it following payment of a ransom, criminals are stealing sensitive data and in some instances threatening to expose it or sell it, to pressure victim companies to pay.
FTP is a protocol widely used in the transfer of data and files. However, when FTP servers are configured in a way that enables user authentication with generic usernames and no passwords, it leaves data stored on these servers vulnerable. This was highlighted by research conducted by the University of Michigan in 2015, which showed more than one million FTP servers were misconfigured, potentially allowing unauthorised access to data.
The US healthcare sector is singled out in the FBI report as the target of an active criminal campaign, however any organisation storing sensitive data on a misconfigured FTP server could similarly be exposed to extortion or fraud.
Asian cyber criminals demonstrate ongoing professionalisation
According to a report by security research group Check Point, cyber criminals in Asia are using fake mobile base stations to impersonate legitimate telecommunications companies while conducting SMS phishing ('SMiShing') campaigns. Their text messages link to malware dubbed the "Swearing Trojan" (due to the profanity included in its code) which steals bank details. It circumvents mobile-based two-factor authentication by replacing text messenger apps with malicious duplicates.
SMS spam is a lucrative business for criminals in Asia, who can also mount fake base stations in a vehicle and drive through cities. Nearby mobile devices mistakenly connect to the high power signal, allowing the spammers to transmit large numbers of SMS messages, often displaying false sender information, without paying network fees.
SMS spam is currently less common in the UK and, unlike email spammers, operators rarely operate across national borders due to the cost of sending text messages internationally. Nevertheless, this development abroad illustrates the ongoing professionalisation of cyber crime, and the readiness of criminals to combine existing techniques in innovative ways to exploit their victims. One of the themes over the last year, as reported in the joint NCA/NCSC cyber threat report 2016-17 is that the risk from cyber crime is growing as criminals become more creative.