Search This Blog

Latest News

Hackers Stole $2.3M, Wisconsin Republicans Claims

  Wisconsin: Republican officials said that hackers stole $2.3m from the party's account being used to support Donald Trump's re-el...

All the recent news you need to know

U.S Suffers A Massive Wave Of Cyberattacks In Healthcare Industry, FBI Issues Alert

 

Cybercriminals are attacking the U.S. healthcare systems, destroying the network infrastructures, and stealing critical data. The U.S. federal agencies have issued an alarm that healthcare is in great danger of cyberattacks and intrusions. Hackers have become more active in attacking healthcare networks. The rise in hacking attempts had led to a risk of breach of patient privacy, which is a critical issue during the Covid-19 pandemic, as the cases are at an all-time high. 

The FBI and other agencies in a joint report mentioned that they had verified information about cyberattacks on U.S. healthcare providers and hospitals. The warning also emphasized that few criminal groups are now targetting the healthcare industry to steal critical data and disrupt health care services. The ransomware attacks can scramble data into jargon. Only the security keys that the hacker has can reassemble data. The hacker demands payment in turn for providing the security keys. According to cybersecurity experts, the criminal groups had attacked more than five U.S hospitals until this week, and the figures can go up to a hundred. The election is almost near, and a Russian hacking group attacks the healthcare systems. 

According to the Guardian, "The federal alert was co-authored by the Department of Homeland Security and the Department of Health and Human Services." The attack's motive is not clear, but it seems that it was most likely to be money. Cybersecurity firm Mandiant says that this is the most dangerous cyber threat ever witnessed in the U.S. Another firm, Hold Security, states that it is the first time they have seen a massive cyberattack of such scale in the U.S. 

We should note that the attack's timing before the elections and during the pandemic makes it a severe cyber threat. In the past 18 months, the U.S has experienced a wave of ransomware attacks, with targets like schools, government authorities, and cities. "The cybercriminals launching the attacks use a strain of ransomware known as Ryuk, which is seeded through a network of zombie computers called Trickbot that Microsoft began trying to counter earlier in October," reports the Guardian.

US Security Department Issue Potential Trickbot and Malware Attack Warning to Health Department

 

The United States Healthcare providers have been alerted to vary of Trickbot and ransomware attacks by their Homeland Security department.
The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services of US-issued out a warning of "imminent cybercrime threat to US hospitals and healthcare providers" regarding an infection from Trickbot and ransomware. 

Already heavy with the burden of coronavirus, the US health department now faces another cybersecurity threat from Trickbot, one of the largest botnets worldwide, and Ryuk Ransomware, a lethal and savage malware on its own. Even Microsoft recently took legal action against Trickbots earlier this month.

Earlier, Trickbot was a banking trojan attacking users via Webfakes (where it redirects the user to a fake webpage made by the attackers instead of the original banking webpage; accessing the user's login and other credentials) and through WebInjections (wherewith the website that the user is trying to access, some malware injections will be initiated and downloaded). Now with a million infections, Trickbot has evolved into a full-fledged malware.

 "As part of the new Anchor toolset, Trickbot developers created Anchor_DNS, a tool for sending and receiving data from victim machines using Domain Name System (DNS) tunneling," CISA said in the alert. 

Using anchor DNS, lets the malware to bypass the legit DNS and with it bypassing network defense security and evade recognition.

Other countries like the UK and Australia also predict a potential attack by Ryuke or Trickbot. Australian Cyber Security Centre (ACSC) warned Australian companies about Emotet malware, which is used contemporaneity with Trickbot. "Upon infection of a machine, Emotet is known to spread within a network by brute-forcing user credentials and writing to shared drives. Emotet often downloads secondary malware onto infected machines to achieve this, most frequently Trickbot," the ACSC wrote in a warning.

Russian Hackers Infiltrate U.S Government Networks and Steal Data

 

In a recent cybersecurity incident, the U.S. government issued a statement claiming that state-sponsored Russian hackers attacked the U.S. agencies and successfully breached the government networks. CISA (Cybersecurity and Infrastructure Security Agency) and FBI (Federal Bureau of Investigation) issued a joint report regarding the issue, confirm the U.S. government officials. 

"The Russian-sponsored APT actor is obtaining user and administrator credentials to establish initial access, enable lateral movement once inside the network, and locate high-value assets to exfiltrate data. To date, the FBI and CISA have no information to indicate this APT actor has intentionally disrupted any aviation, education, elections, or government operations. However, the actor may be seeking access to obtain future disruption options, to influence U.S. policies and actions, or to delegitimize SLTT government entities," reports FBI and CISA. 

According to the U.S. agencies, the hacking group is called Energetic Bear (code name used by the cybersecurity industry). The hacking group is also infamous as Koala, Crouching Yeti, Havex, Dragonfly, TeamSpy, Berserk Bear, and TEMP. Isotope. From February 2020, the hackers targeted multiple US SLTT (state, local, territorial, and tribal) government networks. According to the FBI and CISA, the hackers also attacked aviation industry companies. As per the reports, Energetic Bear was able to attack government network infrastructures. By October 2020, it also stole data from two government servers. The attacks mentioned in the current CISA and FBI reports were also mentioned in a previous joint advisory report. In the earlier report, the agencies revealed how the Energetic Bear attacked the U.S. government's networks using Windows bugs and VPN appliances. 

The present joint report links the attacks to the hacking group. It also provides information about the group's tactics and strategies. As per the experts, the Russian hackers used common vulnerabilities to breach the network gears and exfiltrate data. According to Cyberscoop, "IP addresses used in the hacking were previously employed by the TEMP. Isotope group, according to Mandiant. The hackers exploited a recently revealed vulnerability in a protocol that Microsoft uses to authenticate its users. CISA, on Sept. 18, ordered all federal civilian agencies to update their software to address the flaw because of the risk it carried."

Federal Agencies Warned the US Healthcare System on Facing An “Increased and Imminent” Threat of Cybercrime

 

A couple of days back the FBI and two federal agencies, the Department of Homeland Security and the Department of Health and Human Services issued a caution that they had “credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers”. 

This news comes after federal agencies cautioned that the US healthcare systems are confronting an “increased and imminent” danger of cybercrime, and that cybercriminals are releasing an influx of coercion endeavors intended to lock up hospital information systems, which could hurt patient care similarly to cases of Coronavirus are on a steady rise. 

The cyberattacks include ransomware, which scrambles information into the hogwash that must be opened with software keys given once targets pay up. Independent security specialists state it has 'already hobbled at least five US hospitals' this week, and might affect hundreds more. 

Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, said in a statement, “we are experiencing the most significant cybersecurity threat we’ve ever seen in the United States." 

The US has seen a plague of ransomware in the course of the recent 18 months with significant urban cities from Baltimore to Atlanta hit and local governments and schools hit especially hard.

In September, a ransomware attack shook all 250 US facilities of the hospital chain Universal Health Services, constraining doctors and nurses to 'depend on paper and pencil for record-keeping and slowing lab work'. 

Employees described disorderly conditions blocking patient care, including mounting trauma centers wait and the failure of wireless vital signs monitoring hardware. 

Alex Holden, CEO of Hold Security, which has been intently following the ransomware being referred to for over a year, said he informed the federal law enforcement after monitoring infection endeavors at various hospitals. 

Furthermore, added that the group was demanding ransoms above $10 million for each target and that criminals involved on the dull web were talking about plans to attempt to infect at least 400 or more hospitals, clinics, and other medical facilities.

“One of the comments from the bad guys is that they are expecting to cause panic and, no, they are not hitting election systems,” Holden said. “They are hitting where it hurts even more and they know it.”

The cybercriminals launching the attacks are said to have been utilizing a strain of ransomware known as Ryuk, and while nobody has proved the speculated ties between the Russian government and groups that utilization the Trickbot platform, Holden said he has “no doubt that the Russian government is aware of this operation – of terrorism”.