Hello!

https://krebsonsecurity.com/2020/05/europes-largest-private-hospital- operator-fresenius-hit-by-ransomware/

==[begin]==

06 May 20
Europe's Largest Private Hospital Operator Fresenius Hit by Ransomware

Fresenius, Europe's largest private hospital operator and a major provider
of dialysis products and services that are in such high demand thanks to
the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems.

==[end===


The article doesn't report HOW the ransomeware got triggered.

But if it was by some cleverly disguised email/link originally in an employee's email, why can't the outbound email servers be configured to
only allow valid domains? ..and thus sending the bogus ones to the bit bucket.

WRT Email: Employees at places of work like the article describes,
shouldn't even have access to email other than to company-related
addresses.

WRT WWW: An employee shouldn't even be able to access links that are
designed to be phish-bait.

Can't a company's local servers simply block all www domains except the
ones approved?

Eg. People at work don't need to access Facebook or expose company
computers to malicious sites.

../|ug

--- OpenXP 5.0.43
* Origin: (2:221/1.58)

Eg. People at work don't need to access Facebook or expose company
computers to malicious site

Well... where I work, we have people whose job it is to locate persons.
One of the sources they use is Facebook. For whatever reason, a lot of
less than intelligent crooks will try to send us false contact data but
then post all about themselves on social media. :)

Mike
---
* SLMR 2.1a * "Don't make me put a dog heart in there!" - Dr. Hibbert
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

Hello Mike!

** On Thursday 07.05.20 - 16:58, Mike Powell wrote to AUGUST ABOLINS:

Eg. People at work don't need to access Facebook or expose company
computers to malicious site

Well... where I work, we have people whose job it is to locate persons. One of the sources they use is Facebook. For whatever reason, a lot of less than intelligent crooks will try to send us false contact data but then post all about themselves on social media. :)

OK.. I see the relevance for collection agencies especially when needing
to locate persons. But even then, it would be wise to isolate work
terminals for internet searches from the internal network used for
accessing company accounts.

But I was thinking of places like hospitals and medical centers. In
October last year a large medical center with offices all over the province/country was struck with a security breach. Then, a month later
it was announced that is was ransomware. This was clearly activated by clicking on a false link.

https://www.cpomagazine.com/cyber-security/lifelabs-data-breach-the- largest-ever-in-canada-may-cost-the-company-over-1-billion-in-class- action-lawsuit/

"15 million Canadians affected is over 40% of all Canadians".

"In the public statement, LifeLabs indicated that they made some sort of a payment to retrieve the stolen data. The company did not elaborate on the nature of the attack."

Ha. The nature was ransomeware, and some old ninny probably clicked on
fake link in their personal email or on a non-company related website.


Then, there were a few other ones earlier than that:

https://www.cbc.ca/news/technology/ransomware-ryuk-ontario-hospitals- 1.5308180

https://www.cbc.ca/news/canada/kitchener-waterloo/rural-hospitals-in- southwest-ontario-hit-by-ransomware-attack-1.5301947

"The main vector for attacks is people, through phishing or the more
targeted spearphishing attacks," in which hackers gather information using deceptive emails or websites, he explains. "Ninety percent of breaches
start with a person."

The solution seems simple enough. Disallow access to unapproved destinations, especially from the computers that are networked to patient records!


../|ug

--- OpenXP 5.0.43
* Origin: (2:221/1.58)

But I was thinking of places like hospitals and medical centers. In
October last year a large medical center with offices all over the province/country was struck with a security breach. Then, a month later
it was announced that is was ransomware. This was clearly activated by clicking on a false link.

Yes, I am shocked this has been allowed to happen to hospitals more than
once. IIRC, it happened to hospitals in the UK also.

Mike

---
* SLMR 2.1a * You radiate cold shafts of broken glass!
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

On Thu 7-May-2020 21:04 , August Abolins@2:221/1.58 said to Mike Powell:

** On Thursday 07.05.20 - 16:58, Mike Powell wrote to AUGUST ABOLINS:

Eg. People at work don't need to access Facebook or expose company
computers to malicious site

Well... where I work, we have people whose job it is to locate

persons.

One of the sources they use is Facebook. For whatever reason, a lot

of

less than intelligent crooks will try to send us false contact data

but

then post all about themselves on social media. :)

OK.. I see the relevance for collection agencies especially when needing

One reason why I do not use social sites because they seem to be getting hacked. Take a look this https://www.bbc.com/news/technology-51424352#:~:text=Facebook%27s%20social%20m Twiter got hacked.

to locate persons. But even then, it would be wise to isolate work terminals for internet searches from the internal network used for accessing company accounts.

Where I work you can only got to sites on the internet if it's for official business.

But I was thinking of places like hospitals and medical centers. In October last year a large medical center with offices all over the province/country was struck with a security breach. Then, a month later it was announced that is was ransomware. This was clearly activated by clicking on a false link.

https://www.cpomagazine.com/cyber-security/lifelabs-data-breach-the- largest-ever-in-canada-may-cost-the-company-over-1-billion-in-class- action-lawsuit/

To bad they do not have a methode to check the site to see if it's a security risk and block it before the user connects to it. Where I work they have security software that does it.


--- CNet/5
* Origin: 1:275/201.0 (1:275/201.30)

Hello Phil Taylor!

** On Tuesday 09.02.21 - 21:18, Phil Taylor wrote to August Abolins:

On Thu 7-May-2020 21:04 , August Abolins@2:221/1.58 said to Mike Powell:

Eg. People at work don't need to access Facebook or
expose company computers to malicious site

One reason why I do not use social sites because they seem
to be getting hacked. Take a look this https://www.bbc.com/ news/technology-51424352#:~: text=Facebook%27s%20social%20m
Twiter got hacked.

Wow.. That's just a few days ago. Interesting.

There is a place called ogusers.com that seems to be dedicated
on selling hacked Twitter accounts - or something like that -
and ironically, that site has been hacked too!

https://krebsonsecurity.com/2020/12/account-hijacking-site- ogusers-hacked-again/

To bad they do not have a methode to check the site to see
if it's a security risk and block it before the user
connects to it. Where I work they have security software
that does it.

It's laziness. The hacked offices were medical facilities where
people's private info is used. They should have blocked all
IP's except the ones they need to connect with their own network
- that would be an inexpensive no-brainer start. There are
several simple (and free) ways to do that - no high paid
resources required. Employees of such a facility don't need to
visit Twitter, Facebook, Google, etc.
--
../|ug

--- OpenXP 5.0.48
* Origin: (2:221/1.58)