Blog
Cybersecurity Industry News Review – March 21, 2023
KillNet is bad for your health, TikTok facing further bans, ransomware impacts cancer test results, Russia allegedly increasing its cyberwarfare efforts.
By Joe Fay
Microsoft Demonstrates How KillNet Is Bad for Our Healthcare Sector
Microsoft has highlighted a rise in DDoS attacks on healthcare organizations, mapping a three-fold increase in attacks over three months. It said it tracked 10 to 20 attacks per day on healthcare organizations on Azure in November but was seeing 40 to 60 per day in February. The attack mix changed over this time, it added, with over half of attacks now being UDP floods, with 44% being TCP-based. It said that pro-Russia hacktivist group KillNet has been launching “waves of attacks against Western countries, targeting governments and companies with focus on the healthcare sector”.
Cancer Patient Sues Health Provider After Ransomware Gang Leaks Treatment Images
A breast cancer patient in the U.S. has sued her healthcare provider after photos of her unclothed while receiving treatment were posted after being stolen by a ransomware gang. Images of patients undergoing treatment as well as their health records, were exfiltrated from Lehigh Valley Health Network, in Pennsylvania, by the BlackCat malware gang in February. Over 75,000 people in total were reportedly affected. The healthcare group apparently refused to pay up, and the group began leaking images. As well as the distressing images of the patient in question, the gang also lifted sufficient personal information to carry out identity theft, the suit alleges. The suit accuses LVHN of negligence, asserting that the provider offered the patient an apology and “two years of credit monitoring”.
U.K. Government: ChatGPT Not Such A Threat Yet…But Dump TikTok Now
The U.K.’s National Cyber Security Centre has sought to calm concerns about ChatGPT and other chatbots’ ability to supercharge cyber scams. The GCHQ spinoff said that while large language models are “undoubtedly impressive…they’re not magic”. It said for all the concerns about ChatGPT fueling malware creation, it was currently still easier for an expert to do from scratch, though this could change as large language models (LLMs) improve. It said phishing lures might be improved, and also cautioned about what info was supplied to public LLMs. A more immediate threat from the U.K.’s point of view appears to be TikTok, with DCMS minister Oliver Dowden telling parliament last week that the government had banished the app from official devices , bringing it line with a host of allies including the US and EU. The BBC has also called on employees to delete the app from corporate devices.
Ukraine: Russia Matching Spring Offensive with Cyber Onslaught
As Russia ratchets up a spring offensive in Ukraine, the country and its backers can expect a similar onslaught from Moscow’s fellow cyber travelers. Cert-UA, Kyiv’s cyber security agency, has warned that assorted Russian hacker groups affiliated to Moscow’s intelligence services are stepping up attacks in parallel with real world actions . The warning was echoed by Microsoft, which predicted increased ransomware attacks in and outside Ukraine, as well as “influence operations”, noting activity targeted at Ukrainian refugees and Moldova. The software giant also noted that to date, Russia’s cyberwar had “not gone to plan” but that it was adapting, and that there were no “geographical boundaries” to its plans.
CISA Turns on Ransomware Early Warning Program
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a Ransomware Vulnerability Warning Pilot (RVWP) program, delivering on authorization in the Cyber Incident Reporting for Critical Infrastructure Act. The RVWP will aim to head off attacks by determining vulnerabilities associated with ransomware exploitation and warning “critical infrastructure entities with those vulnerabilities”. It offers a free “Cyber Hygiene Vulnerability Scanning” service. Interested organizations can email vulnerability@cisca.dhs.gov. The organization says it recently notified 93 organizations they were running instances of Microsoft Exchange with the ProxyNotShell vulnerability. While the agency will help protect individual organizations, its services will also help CISA “provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents.”
FBI Warns Investment Fraud a Bigger Money Earner Than Ransomware
While ransomware grabs the headlines, it’s more traditional internet-based fraud that account for the top 20 internet-based scams, according to the U.S. Federal Bureau of Investigation (FBI) 2022 Internet Crime Report based on complaints to its Internet Crime Complaint Centre. Reported ransomware losses amounted to $34.4m the report said. By comparison, investment scams netted over $3.3bn in losses, while business email compromise accounted for $2.7bn. Tech support scams cost $806.6m. The investment scam numbers were boosted by crypto-based scams, veteran cybersecurity pundit Graham Cluley noted. But that doesn’t mean there aren’t plenty of other ways criminals can’t turn the internet to their advantage, with total cybercrime losses coming in at $10.3bn, up 50% on the year.