Search This Blog

Showing posts with label Healthcare. Show all posts

Government in Australia issues Clop Ransomware warning to Healthcare Organizations

 

The Australian Cyber Security Center has issued a security alert for the health sector to check their barriers and defenses against potential ransomware attacks especially the Clop Ransomware that uses SDBBot Remote Access Tool (RAT).
The ACSC (Australian Cyber Security Center) wrote that they, "observed increased targeting activity against the Australian Health sector by actors using the SDBBot Remote Access Tool (RAT)." 

 The SDBBot RAT is almost exclusively used by the TA505 group, their attack technique follows phishing and spam email campaigns to infect malware but from 2019, they started using SDBBot payload as a remote way to access systems. 

 ACSC further mentioned, "SDBBot is comprised of 3 components. An installer that establishes persistence, a loader that downloads additional components, and the RAT itself. "Once installed, malicious actors will use SDBBot to move laterally within a network and exfiltrate data. SDBBot is [also] a known precursor of the Clop ransomware"

 As the Australian Government says, SDBBot is also known as a precursor of the Clop Ransomware, which in recent months have become one of the most lethal ransomware, researchers also call it "big-game hunting ransomware" or "human-operated ransomware." 

 The Clop ransomware group keep their eye on the big picture, they first choose to widen their access to a maximum number of systems, till then they hold back their playload, and only when they have reached the maximum or the whole network will they manually deploy the ransomware. This way, the organization has no way to stop the infection midway and the payout is huge in a hundred thousand dollars and if the victim fails to pay the ransom, all their data is leaked on the malware's "leak website". 

Other countries like the UK and the US also predict a potential attack by Ryuke or Trickbot and issues a similar warning some weeks back. Australian Cyber Security Centre (ACSC) also warned Australian companies in October about Emotet malware, which is used contemporaneity with Trickbot. "Upon infection of a machine, Emotet is known to spread within a network by brute-forcing user credentials and writing to shared drives. Emotet often downloads secondary malware onto infected machines to achieve this, most frequently Trickbot," the ACSC wrote. With the new alert, companies need to be very diligent in their protection and testing mechanism in order to prevent themselves from an attack.

University of Vermont Health Network Suffers Cyberattack, Six Hospitals Affected

 

University of Vermont's health network suffered a cyberattack, which has impacted its network infrastructure. The attack has hit six Vermont and New York hospitals. Spokesperson Neil Goswami says that the FBI is currently working with the network and Vermont department of public safety to look into the issue. President of the University of Vermont Medical Center in Burlington, Dr. Stephen Leffler, in a news conference, said that patients in need are getting the possible health services and treatment is not affected. 

He also said that patient appointments are not affected, and the surgeries are postponed for tomorrow due to the network's disruption. "Patients may experience delays at Central Vermont Medical Center in Berlin and Champlain Valley Physicians Hospital in Plattsburgh, New York, he said. And patients of physician practices at Elizabethtown Community Hospital in Elizabethtown, New York, may experience slight delays," says Dr. Goswami. Earlier, the FBI and other federal agencies had notified that they had probable data confirming an increase in cyberattacks on the healthcare industry in the U.S. 

Cybersecurity experts say that the Ryuk ransomware has attacked at least five hospitals this week and is expected to impact a hundred more. The FBI, however, has not confirmed whether the attack on UVM was caused by ransomware. It is still looking into the issue of a potential cyberattack and local and state agencies. Even Dr. Leffler confirms that he has not been contacted for any ransom to date. UVM Medical Centre had an idea that something wasn't right, and in response, it had closed down its network systems to protect patient information. 

As per Dr. Leffler, no patient information has been leaked, and data is also safe, and that the hospital is looking into the incident. However, it will take some time for the health network to restore and for services to be regular. According to the health department, "Vermonters may continue to get coronavirus testing through Health Department-led clinics, but the results reported through the UVM Medical Center will be affected." Health officials say that no patient data has been compromised, and all records are safe.

U.S Suffers A Massive Wave Of Cyberattacks In Healthcare Industry, FBI Issues Alert

 

Cybercriminals are attacking the U.S. healthcare systems, destroying the network infrastructures, and stealing critical data. The U.S. federal agencies have issued an alarm that healthcare is in great danger of cyberattacks and intrusions. Hackers have become more active in attacking healthcare networks. The rise in hacking attempts had led to a risk of breach of patient privacy, which is a critical issue during the Covid-19 pandemic, as the cases are at an all-time high. 

The FBI and other agencies in a joint report mentioned that they had verified information about cyberattacks on U.S. healthcare providers and hospitals. The warning also emphasized that few criminal groups are now targetting the healthcare industry to steal critical data and disrupt health care services. The ransomware attacks can scramble data into jargon. Only the security keys that the hacker has can reassemble data. The hacker demands payment in turn for providing the security keys. According to cybersecurity experts, the criminal groups had attacked more than five U.S hospitals until this week, and the figures can go up to a hundred. The election is almost near, and a Russian hacking group attacks the healthcare systems. 

According to the Guardian, "The federal alert was co-authored by the Department of Homeland Security and the Department of Health and Human Services." The attack's motive is not clear, but it seems that it was most likely to be money. Cybersecurity firm Mandiant says that this is the most dangerous cyber threat ever witnessed in the U.S. Another firm, Hold Security, states that it is the first time they have seen a massive cyberattack of such scale in the U.S. 

We should note that the attack's timing before the elections and during the pandemic makes it a severe cyber threat. In the past 18 months, the U.S has experienced a wave of ransomware attacks, with targets like schools, government authorities, and cities. "The cybercriminals launching the attacks use a strain of ransomware known as Ryuk, which is seeded through a network of zombie computers called Trickbot that Microsoft began trying to counter earlier in October," reports the Guardian.

Federal Agencies Warned the US Healthcare System on Facing An “Increased and Imminent” Threat of Cybercrime

 

A couple of days back the FBI and two federal agencies, the Department of Homeland Security and the Department of Health and Human Services issued a caution that they had “credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers”. 

This news comes after federal agencies cautioned that the US healthcare systems are confronting an “increased and imminent” danger of cybercrime, and that cybercriminals are releasing an influx of coercion endeavors intended to lock up hospital information systems, which could hurt patient care similarly to cases of Coronavirus are on a steady rise. 

The cyberattacks include ransomware, which scrambles information into the hogwash that must be opened with software keys given once targets pay up. Independent security specialists state it has 'already hobbled at least five US hospitals' this week, and might affect hundreds more. 

Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, said in a statement, “we are experiencing the most significant cybersecurity threat we’ve ever seen in the United States." 

The US has seen a plague of ransomware in the course of the recent 18 months with significant urban cities from Baltimore to Atlanta hit and local governments and schools hit especially hard.

In September, a ransomware attack shook all 250 US facilities of the hospital chain Universal Health Services, constraining doctors and nurses to 'depend on paper and pencil for record-keeping and slowing lab work'. 

Employees described disorderly conditions blocking patient care, including mounting trauma centers wait and the failure of wireless vital signs monitoring hardware. 

Alex Holden, CEO of Hold Security, which has been intently following the ransomware being referred to for over a year, said he informed the federal law enforcement after monitoring infection endeavors at various hospitals. 

Furthermore, added that the group was demanding ransoms above $10 million for each target and that criminals involved on the dull web were talking about plans to attempt to infect at least 400 or more hospitals, clinics, and other medical facilities.

“One of the comments from the bad guys is that they are expecting to cause panic and, no, they are not hitting election systems,” Holden said. “They are hitting where it hurts even more and they know it.”

The cybercriminals launching the attacks are said to have been utilizing a strain of ransomware known as Ryuk, and while nobody has proved the speculated ties between the Russian government and groups that utilization the Trickbot platform, Holden said he has “no doubt that the Russian government is aware of this operation – of terrorism”.

Ryuk Ransomware Attacks Union Health Services, Disrupts Hospitals Nationwide



Universal Health Services (UHS) is shut down after a ransomware attack by hackers. Fortune 5oo organization, UHS runs a network of more than 500 hospitals in the nation. Ryuk ransomware is said to be responsible for this attack. The attack took place earlier this week when the employees on Reddit and other platforms reported the issue. According to these discussions on Reddit, it was clear from the comments that many UHS locations took a hit and needed a manual process to re-start.
One user said they had a lot of paperwork as the computers were shut down. Another user said they had to send their patients away, but the lab operations were working fine. However, they didn't have any computer-based access to anything. Another user said that their UHS was shut down. The employees had to handwrite everything and were not allowed to use their computers.

UHS, in its official statement, said, "The I.T. Network across Universal Health Services (UHS) facilities is currently offline, as the company works through a security incident caused by malware. The cyberattack occurred early Sunday morning when the company shut down all networks across the U.S. enterprise. We have no indication that any patient or employee data has been accessed, copied, or misused. The company's U.K. operations have not been impacted." However, UHS has not cleared the type of cyberattack it experienced, but the employees say it is likely to be Ryuk ransomware. 

According to one UHS employee, all the encrypted files had a .ryk extension. Hacked computers also had a ransom note labeled as 'shadow of the universe,' which the Ryuk ransomware uses in its attacks. Employees on Reddit also expressed concern about the health of patients due to the shutdown of the computers. One even said (not verified) that four patients had died due to the delay in care. "We are making steady progress with recovery efforts. Specific applications have already started coming online again, with others projected to be restored on a rolling basis across the U.S.," the UHS statement reads.

Importance of Cybersecurity in the Healthcare Sector


Hackers and cybercriminals have targeted the healthcare sector for a long time. Among the healthcare industry, hospitals are generally the primary target for hackers, as they generate a lot of money. The hospitals hold very sensitive information of the patients, including credentials and personal data, and the hackers can take advantage of that. Due to the coronavirus pandemic, hospitals have received a large number of funds from the government and other agencies to deal with the issue, and the hackers are after the money.


The critical issue is that healthcare IT systems store patient credentials, including banking details, ID, and credit card details. Besides this, information such as patient's HIV details can be exposed, and cybercriminals can exploit for extortion. On the dark web, ID credentials can be sold for very profitable money, so the government and healthcare industry should take extra precautions to stay safe from cyber attacks. In the present pandemic crisis, blackmail has become one of the most common cyberattacks threats. Blackmail is different from ransomware; in the latter, the player holds company data as ransom by encrypting malware. Whereas, while blackmailing, the hacker threatens to expose critical data, unless his demands are met, which is mostly money.

In this scenario, the hospitals don't have any option but to compensate the cybercriminal as revealing patient information is not only dangerous but also against the doctor-patient confidentiality. In the starting phase of the COVID-19 outbreak, hackers across the world didn't target the healthcare industry. It created a false sense of security among the government and experts that the healthcare sector was safe from hackers and cyber attacks. It was all but long when the hackers finally decided to take a toll on cyberattacks on healthcare.

Therefore, the healthcare industry should step-up and create a robust cybersecurity infrastructure that ensures patients' privacy and security. General awareness of cybersecurity among citizens is also essential, especially sensitizing the hospital staff. Most important and the last one, healthcare institutes should team up with cybersecurity agencies that provide protection and security from cyber attacks and hackers.

Windows Devices in Hospitals Vulnerable to Potential Exploits


Windows Devices in Hospitals Vulnerable to Potential Exploits According to recent reports, hackers can exploit the vulnerabilities present in health devices, and it can prove dangerous to the health of the patients at the hospital. But, the problem could be avoided by following some simple steps. The health devices have a more likable chance to the Bluekeep exploit than any other devices connected in the hospitals. Health devices can be exploited up to 2 times, using the Bluekeep exploit. This puts both the patients and the hospital staff in danger as witnessing the current scenario, the health sector has recently been one of the primary targets of the hackers.


Therefore, the issue of cybersecurity among the health sector is one of the main concerns of the digital age. Bluekeep was first discovered in 2019, and it is a vulnerability in Microsoft RDP (Remote Desktop Protocol). The vulnerability affects Windows7, Windows8, Windows Server2008, and Windows Server2008 R2. When the news of Bluekeep vulnerability surfaced, Microsoft immediately released a security patch to resolve the issue. Various intelligence agencies, including the US NSA (National Security Advisory) and Britain's NCSC (National Cyber Security Centre), immediately informed Microsoft to fix all the security patches related to the vulnerability.

The matter of concern was that Bluekeep could be used as malware to do the same damage that EternalBlue had caused, the exploit that triggered Wannacry. In this incident, various high profile organizations were taken the victim, but the greatest attack happened on the National Health Service of UK, in which the entire networks of the hospitals were shut down. But despite various warnings, health devices that run on Windows are still vulnerable to a potential Bluekeep exploit.

According to researchers at CyberMDX, a healthcare cybersecurity company, a newly made report's data suggests that more than 20% of healthcare devices (that run on Windows) in hospitals are vulnerable to the blue keep exploit, as they have still not configured to the latest security patches. The healthcare devices include x-ray machines, anesthesia machines, ultrasound devices, and radiology equipment. If these devices are not fixed to the latest security patch, chances are that hackers could exploit them using the blue keep vulnerability. This can risk the lives of the patients and the healthcare staff.