CYBER SECURITY NEWS – WEEK OF DECEMBER 12, 2022
Cyberattack on top Indian hospital highlights security risk
- It’s unclear who conducted the Nov. 23 attack on the All India Institute of Medical Sciences or where it originated. Hospital authorities didn’t respond to requests for comment.
- The attack was followed by a series of failed attempts to hack India’s top medical research organization, the Indian Council of Medical Research.
- This raised further concerns about the vulnerability of India’s health system to attacks at a time when the government is pushing hospitals to digitize their records.
- The leading hospital in India’s capital limped back to normalcy on Wednesday after a cyberattack crippled its operations for nearly two weeks.
Russian state-owned bank VTB hit by largest DDoS attack in its history
- State-owned VTB said it was repelling the distributed denial of service (DDoS) attack, in which hackers attempt to flood a network with unusually high volumes of data traffic in order to paralyze it.
- “The bank’s technological infrastructure is under an unprecedented cyber attack from abroad,” VTB said in a statement. “The largest not only this year, but in the whole time the bank has operated.”
- Russian government entities and state-owned companies have been targeted over events in Ukraine, with the websites of the Kremlin, flagship carrier Aeroflot (AFLT.MM) and major lender Sberbank (SBER.MM) among those to have seen outages or temporary access issues.
- Pro-Russian hackers, meanwhile, have claimed responsibility or been blamed for attacks on websites and infrastructure in the likes of Lithuania, Norway and the United States this year.
CloudSEK blames hack on another cybersecurity company
- Digital risk protection company CloudSEK claims that another cybersecurity firm is behind a recent data breach resulting from the compromise of an employee’s Jira account.
- As part of the targeted cyberattack, an unknown party used session cookies for the employee’s Jira account to gain access to various types of internal data.
- Because the user never used a password for login, but relied on single sign-on (SSO) instead, and because his email was protected with multi-factor authentication (MFA), the attacker was unable to compromise the password or the email, CloudSEK says.
- However, after taking over the account, the attacker did access customer names and purchase orders for three companies, as well as screenshots of the product dashboards. VPN and endpoint IP addresses were also accessed, and the attacker searched Confluence pages for credentials.
Hackers linked to Chinese government stole millions in Covid benefits, Secret Service says
- Hackers linked to the Chinese government stole at least $20 million in U.S. Covid relief benefits, including Small Business Administration loans and unemployment insurance funds in over a dozen states, according to the Secret Service.
- The theft of taxpayer funds by the Chengdu-based hacking group known as APT41 is the first instance of pandemic fraud tied to foreign, state-sponsored cybercriminals that the U.S. government has acknowledged publicly, but may just be the tip of the iceberg, according to U.S. law enforcement officials and cybersecurity experts.
- The officials and experts, most speaking on the condition of anonymity because of the sensitivity of the subject matter, say other federal investigations of pandemic fraud also seem to point back to foreign state-affiliated hackers.
Amnesty Canada target of China-linked cyberattack
- Rights group says it is publicizing the attack to raise awareness of risks faced by civil society.
- The Canadian office of human rights group Amnesty International says its English-language unit was the target of a “sophisticated” hacking attempt that it believes is linked to China.
- The digital security breach was first detected on October 5 when suspicious activity was spotted on Amnesty’s IT infrastructure, Amnesty International Canada said in a statement on Monday.
- It took immediate action to protect the systems and investigate the source of the attack, it added.
New Zealand Government hit by ransomware attack on IT provider
- The New Zealand government this week confirmed being impacted by a ransomware attack on managed service provider (MSP) Mercury IT, which has disrupted businesses and public authorities in the country.
- On December 1, private health insurer Accuro announced that a cyberattack on Mercury IT prevented access to core systems, saying that it had no evidence that data might have been compromised.
- “For the time being, our systems remain offline which will impact services and we request your patience as we work towards a solution,” the company said.
- “Urgent work is underway to understand the number of organizations affected, the nature of the information involved and the extent to which any information has been copied out of the system,” the privacy commissioner noted.