Banner Health Suffers Massive Data Breach

This week we hear about how Banner Health Suffers Massive Data Breach and how a Zeus Sphinx Trojan Hits Banks in Brazil.

Breach

Banner Health Suffers Massive Data Breach

A Phoenix-based health insurance company, Banner Health, was hit with a data breach affecting 3.7 million patients and staff. The information exposed may include patients’ names, birth dates, addresses, doctors’ name, dates of service, clinical information, health insurance information and social security numbers. The attack originated from hackers accessing computer systems that processed payment card information at some of its food and beverage outlets, and days later discovered that the hackers may have also gained access to information stored on some of its computer servers.  

References: Banner Health Food Services Suffers Data Breach  | Phoenix-based Banner Health Suffers Data Breach Affecting 3.7M

 

Mitigation Strategies:

  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • Log management could detect any suspicious user account activity
  • Vulnerability scanner to identify any potential vulnerabilities in the environment
  • Netflow traffic may also reveal large data transfers and potential data leakage
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection. 

Malware

Zeus Sphinx Trojan Hits Banks in Brazil

The malware, Sphinx, first appeared last August primarily targeting banks in Europe and Australia, and a new version has recently emerged that includes web infect configurations to target web portals of three of Brazil’s top banks, also including Boleto payment services. Zeus Sphinx adapts social engineering injections to manipulate users in each targeted bank. In some cases, the malware will only ask victims to provide PII and passcodes, payment card PIN codes, or home and mobile phone numbers. The timing of this new version targeting Brazil, where the Olympics are currently being held, is not a coincidence, as “Cybercriminals are known to increase their efforts during sporting events” said Limor Kessem, Executive Security Advisor, IBM. 

References: New Zeus Sphinx Banking Trojan Hitting Brazil | Brazil Can’t Catch a Break: After Panda Comes the Sphinx | Sphinx Banking Trojan Amps Up Operations with Brazilian Edition

Mitigation Strategies:

  • Scanning application code for vulnerabilities
  • Solid patch management program to quickly mitigate the risk of a vulnerability
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection. 

Top 20 IP Addresses

46.109.168.179 188.118.2.26
118.170.130.207 81.183.56.217
114.44.192.128 87.222.67.194
93.174.93.136 212.227.114.97
94.102.49.174 91.224.160.106
185.25.151.159 1.162.234.77
101.99.170.159 183.60.48.25
93.174.93.94 191.96.249.231
222.186.56.145 74.208.167.253
222.186.34.206 185.17.1.239

*IP addresses provided by Recorded Future.