惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Apple Machine Learning Research
Apple Machine Learning Research
月光博客
月光博客
量子位
IT之家
IT之家
Jina AI
Jina AI
Help Net Security
Help Net Security
Cyberwarzone
Cyberwarzone
人人都是产品经理
人人都是产品经理
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
AWS News Blog
AWS News Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
罗磊的独立博客
P
Proofpoint News Feed
S
Schneier on Security
Spread Privacy
Spread Privacy
The Hacker News
The Hacker News
Know Your Adversary
Know Your Adversary
雷峰网
雷峰网
L
LINUX DO - 热门话题
博客园 - 聂微东
C
Cisco Blogs
酷 壳 – CoolShell
酷 壳 – CoolShell
Security Latest
Security Latest
阮一峰的网络日志
阮一峰的网络日志
I
Intezer
K
Kaspersky official blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threatpost
Last Week in AI
Last Week in AI
博客园 - Franky
G
GRAHAM CLULEY
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
T
Tailwind CSS Blog
L
LINUX DO - 最新话题
T
The Exploit Database - CXSecurity.com
博客园 - 三生石上(FineUI控件)
P
Privacy International News Feed
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
有赞技术团队
有赞技术团队
Schneier on Security
Schneier on Security
V
V2EX
V
Visual Studio Blog
S
Security @ Cisco Blogs
博客园 - 叶小钗
H
Hacker News: Front Page
小众软件
小众软件
WordPress大学
WordPress大学
V2EX - 技术
V2EX - 技术
美团技术团队

Breaches – ThreatDown by Malwarebytes

Snowflake “breach” looks like 165 individual incidents Ransomware drives healthcare provider into administration Ticketmaster, Santander Bank breaches linked to Snowflake hack, threat actor claims K-12 district hit with $500k Medusa ransomware attack Comcast’s Xfinity breached by Citrix Bleed; 36 million customer’s data accessed MongoDB warns customers about data breach after cyberattack State of Maine data breach impacts 1.3 million people Okta breach happened after employee logged into personal Google account - ThreatDown by Malwarebytes 1Password reports security incident after breach at Okta
Medical research data Advarra stolen after SIM swap
Pieter Arntz · 2023-11-06 · via Breaches – ThreatDown by Malwarebytes

Clinical research company Advarra has reportedly been compromised after a SIM swap on one of their executives.

SIM swapping, also known as SIM jacking, is the act of illegally taking over a target’s cell phone number. This can be done in a number of ways, but one of the most common methods involves tricking the target’s phone carrier into porting the phone number to a new SIM which is under the control of the attacker.

In the case of Advarra, the ransomware group ALPHV reportedly managed to transfer the executive’s cellphone number, allowing them access to the company’s resources and copy information that the group is now threatening to sell.

Advarra entry on the ALPHV leak site

However, Advarra isn’t willing to play ball, saying it doesn’t “pay digital terrorists”.

Advarra said it’s business as usual:

“An Advarra colleague was the victim of a compromise of their phone number. The intruder used this to access some of the employee’s accounts, including LinkedIn, as well as their work account.

We have taken containment actions to prevent further access and are investigating with third-party cyber experts. We also notified federal law enforcement. At this time we believe the matter is contained. We further believe that the intruder never had access to our clients’ or partners’ systems and it is safe to connect to Advarra’s systems. Importantly, we have no evidence that the Advarra systems and products that clients use to interface with us were compromised or accessed. At this time, our business operations have not been disrupted as a result of this activity and we continue to operate as normal. In addition, we continue to take steps to enhance the overall security of our systems in line with industry best practices.

Our investigation remains ongoing, and we will provide additional updates as appropriate.”

Octo Tempest

We recently wrote about the growing concern around criminal gang Octo Tempest. In 2022, Octo Tempest began selling SIM swaps to other criminals and performing account takeovers of high-net-worth individuals in order to steal their cryptocurrency. Since then the group has expanded its range of activities to include targeting organizations providing cable telecommunications, email, and tech services, and partnering with the ALPHV ransomware group.

So it’s quite possible that here Octo Tempest used their SIM swapping knowledge to compromise the executive’s account and use that leverage to steal information, which is now being used to extort Advarra

Even if the incident didn’t go down exactly as we think, there are a few takeaways:

  • Social engineering has shown time and again to be the most reliable tool for cybercriminals. It can even hurt companies with enterprise grade security.
  • The security of your private accounts matters to the company you work for. A breach of one of your accounts can provide an entrance to your employer.
  • SIM swapping is one of the reasons why some forms of MFA are better than others. Spoiler alert: text messages and call-based verification are not the best options.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
  • Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.


Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.