nhs - X-Industry - Red Sky Alliance2024-03-29T09:06:26Zhttps://redskyalliance.org/xindustry/feed/tag/nhsCyber Risk & Ransomware in 2023https://redskyalliance.org/xindustry/cyber-risk-ransomware-in-20232023-11-07T17:05:00.000Z2023-11-07T17:05:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12287149054,RESIZE_930x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12287149054,RESIZE_400x{{/staticFileLink}}" width="250" alt="12287149054?profile=RESIZE_400x" /></a>According to cyber threat professionals, every 11 seconds an organization falls victim to a ransomware attack. In today's interconnected world, cybersecurity looms as an ever-present concern that organizations can no longer afford to sideline. A 48% increase in cyber risk last year should serve as a wake-up call to all business managers. Whether a business pays hackers a ransom or not, there are significant costs involved which will include items such as digital forensics and data restoration, threat actor negotiation, IR counsel and legal costs as well as credit monitoring, PR and crisis management.<a href="#_ftn1">[1]</a></p>
<p>The scale and audacity of cyberattacks in 2023, ranging from the Twitter fiasco to the shocking National Health Service NHS data breach, underline the multi-faceted nature of the risks involved. While the financial costs are easily quantifiable, the erosion of public trust and long-term reputational damage represents a deeper level of impact. When confidential health records of over a million NHS patients are compromised, the ensuing damage to public trust becomes an unquantifiable liability.</p>
<p>Cybercriminals have evolved from isolated hackers to well-structured organizations that operate on an enterprise-level scale. These new-age criminal enterprises pour billions into R&D, ensuring that they remain ahead of the defensive measures that cybersecurity firms deploy. This unsettling evolution heightens the need for organizations to constantly reassess their security measures. The rise of Malware-as-a-Service has made the least experienced hacker an expert.</p>
<p>See: <a href="https://redskyalliance.org/xindustry/malware-as-a-service-now-offers-pay-per-install">https://redskyalliance.org/xindustry/malware-as-a-service-now-offers-pay-per-install</a></p>
<p>A major concern in cybersecurity is the alarming time-lapse between the occurrence of a breach and its detection. Reports suggest that the average time from breach occurrence to identification is about nine months. This prolonged window provides malevolent actors ample opportunity to exploit the stolen data, multiply the scale of the attack, and deepen its impact.</p>
<p>Every business response needs to start beyond the endpoint, giving IT teams much broader visibility over the entire corporate estate to detect and investigate breaches faster. The question should no longer be “Will my firm face a cyberattack?” but “When in the kill chain will I detect it?”</p>
<p>It’s well known that the difference between an attack failing or succeeding largely depends on the speed of action.</p>
<ul>
<li>2 in 5 businesses are overwhelmed by security alerts.</li>
<li>55% of businesses ignore cybersecurity issues to prioritize other business activity.</li>
<li>1 in 5 businesses ignore security alerts.</li>
<li>73% of in-house teams are unable to fend off cyber threats.</li>
</ul>
<p>In an environment that continually evolves, organizations cannot afford to have a myopic view of cybersecurity. They need to quickly detect and remediate cyberattacks to stay protected. Endpoint security or firewall measures alone cannot ensure safety. What is needed is a comprehensive security strategy that encompasses robust Security Operations Centres (SOC), cloud security protocols, and an educated end-user base.</p>
<p>Reactive approaches to cybersecurity are no longer sufficient. The current environment calls for an active approach, requiring ongoing evaluations of risk and frequent adjustments to security protocols. This is where partnerships with specialized SOC providers can offer a strategic advantage. Not only do they help with immediate threat containment, but their significant expertise also aids in foreseeing and planning for potential risks. </p>
<p>To stay ahead of the evolving threat landscape, we must recognize the key trends shaping it:</p>
<ol>
<li>Critical Infrastructure Attacks: The focus on MOVEit is proof of the evolving focus of cybercriminals on high-stakes targets.</li>
<li>AI in Cybercrime: Just as defensive technologies evolve, so do the offensive capabilities that cybercriminals wield.</li>
<li>Supply Chain Vulnerabilities</li>
<li>Regulatory Implications: Increasingly stringent regulations like GDPR are adding another layer of complexity to cybersecurity.</li>
<li>Sophisticated Social Engineering: Psychological manipulation, often exploiting real-time events, has become a major tool in a cybercriminal’s arsenal.</li>
</ol>
<p>See: <a href="https://redskyalliance.org/xindustry/moveit-tech-talk">https://redskyalliance.org/xindustry/moveit-tech-talk</a></p>
<p>As 2023 comes to a close, it is important that cyber teams do not just react to cyber threats but anticipate them. The need for a culture shift that places cybersecurity at the forefront of organizational strategy. This involves not just technology but people, processes, and continual learning.</p>
<p>The adage that prevention is better than cure has never been more relevant. As the cyber landscape keeps evolving, preparedness is your best weapon. Because in today’s world, it's not a question of 'if' but 'when' a cyber-attack will occur. Comprehensive preparation is not just a strategic move; it is a necessity.</p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941%C2%A0">https://www.linkedin.com/company/64265941 </a></li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5993554863383553632">https://attendee.gotowebinar.com/register/5993554863383553632</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.cybersecurityintelligence.com/blog/cyber-risk-and-ransomware-in-2023-7279.html">https://www.cybersecurityintelligence.com/blog/cyber-risk-and-ransomware-in-2023-7279.html</a></p></div>Achtung! Cyber Bust in Germanyhttps://redskyalliance.org/xindustry/achtung-cyber-bust-in-germany2023-03-14T11:40:00.000Z2023-03-14T11:40:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10997026087,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10997026087,RESIZE_400x{{/staticFileLink}}" alt="10997026087?profile=RESIZE_400x" width="250" /></a>North Rhine-Westphalia Polizei reported on 06 March 2023, that they have disrupted an international cybercrime gang which has been blackmailing large companies and institutions for years, raking in millions of euros and US Dollars. Working with law enforcement partners including Europol, the US FBI and authorities in Ukraine, police in Duesseldorf said they were able to identify 11 individuals linked to a group that has operated in various guises since at least 2010.</p>
<p>The gang allegedly behind the ransomware, known as DoppelPaymer, appears tied to Evil Corp, a Russia-based syndicate engaged in online bank theft well before ransomware became a global scourge.</p>
<p>See: <a href="https://redskyalliance.org/xindustry/russian-evil-corp-criminals-possibly-evolved-into-cyber-spies">https://redskyalliance.org/xindustry/russian-evil-corp-criminals-possibly-evolved-into-cyber-spies</a></p>
<p>Among its most prominent victims were Britain’s National Health Service (NHS) and Duesseldorf University Hospital, whose computers were infected with DoppelPaymer in 2020. A woman who needed urgent treatment died after she had to be taken to another city for medical treatment.</p>
<p>See: <a href="https://redskyalliance.org/xindustry/nhs-under-constant-attack">https://redskyalliance.org/xindustry/nhs-under-constant-attack</a></p>
<p>Ransomware is the world’s most disruptive cybercrime. Gangs mostly based in Russia break into networks and steal sensitive information before activating malware that scrambles data. The criminals demand payment in exchange for decryption keys and a promise not to dump the stolen data online. In a 2020 alert, the FBI said DoppelPaymer had been used since late 2019 to target critical industries worldwide including healthcare, emergency services and education, with six and seven figure ransoms routinely demanded.</p>
<p>An analyst stated DoppelPaymer has published data stolen from about 200 companies, including in the US defense sector, which resisted payment. DoppelPaymer’s suspected connection through Evil Corp to the Russian FSB, the successor to its infamous KGB spy agency, “the bust could provide law enforcement with some exceptionally valuable intel,” the German police said.<a href="#_ftn1">[1]</a></p>
<p>The chief of the cybercrime department with North Rhine-Westphalia state police, said at least 601 victims have been identified worldwide, including 37 in Germany. Europol said victims in the United States paid out at least 40 million euros (US$42.5 million) to the gang between May 2019 and March 2021 to release important data that was electronically locked using the malware. The group specialized in “big game hunting,” he said, and ran a professional recruitment operation, luring new members with the promise of paid vacation and asking applicants to submit references for past cybercrimes. Police agencies conducted simultaneous raids in Germany and Ukraine on 28 February 2023, seizing evidence and detaining several suspects. Three additional suspects could not be apprehended as they were beyond the reach of European law enforcement, the plice said.</p>
<p>German police identified the fugitives as Russian citizens Igor Turashev, 41, and Irina Zemlyanikina, 36, and 31-year-old Igor Garshin, who was born in Russia but whose nationality was not immediately known. Turashev is wanted by US authorities since late 2019 in connection with cyberattacks carried out using a predecessor to DoppelPaymer, known as BitPaymer, that is linked to Evil Corp. The US government offered a US$5 million reward in 2019 for information leading to the capture of its alleged leader, Maxim Yakubets.</p>
<p>Source: <a href="https://www.msn.com/en-ie/news/world/germany-%E2%80%93-hacker-group-responsible-for-more-than-600-attacks-worldwide-identified/ar-AA18jXec">Germany – Hacker group responsible for more than 600 attacks worldwide identified (msn.com)</a></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/ </li>
<li>Website: https://www. wapacklabs. com/ </li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://redskyalliance.org/main/search/search?q=doppelpaymer">https://redskyalliance.org/main/search/search?q=doppelpaymer</a></p></div>Back to Paperhttps://redskyalliance.org/xindustry/back-to-paper2022-09-29T13:58:04.000Z2022-09-29T13:58:04.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10830690273,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10830690273,RESIZE_400x{{/staticFileLink}}" alt="10830690273?profile=RESIZE_400x" width="250" /></a>A cyber-attack on Britain’s NHS systems detected nearly two months ago is still "compromising" the quality of care trusts can provide, a health boss said. Software used for check-ins, notes and the NHS 111 service was affected by the ransomware attack found on 4 August 2022. The chief executive of Oxford Health Foundation Trust (OH) said it has done all it can to maintain services despite the disruption. Software provider Advanced said disruption could continue for weeks. The OH said it initiated an internal critical incident in early August with a full emergency response. "One shouldn't underestimate the impact this has had on our organization… it is compromising our ability to deliver the quality of care that we would like to. We're very conscious of the potential impact on patients and we're monitoring that very closely," a doctor told the Buckinghamshire, Oxfordshire and Berkshire West Integrated Care Board on 27 September. "We have done all we can do to maintain services and maintain the safety of those services."<a href="#_ftn1">[1]</a></p>
<p>OH said replacement systems are in place, but are time consuming and more people have had to be employed as a result, impacting agency spend. District nurses, who are usually heavily reliant on IT systems to co-ordinate their patient lists, reported missed appointments or people being seen twice during the course of the day. Another words, the hospital system is reverting to handwritten notes. With NHS network systems still down; doctors, nurses and hospital administrators really have no other choice. </p>
<p>The NHS reports there is no evidence patient information or confidentiality has been compromised.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs. com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www. redskyalliance. org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www. wapacklabs. com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www. linkedin. com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.bbc.com/news/uk-england-oxfordshire-63046401">https://www.bbc.com/news/uk-england-oxfordshire-63046401</a></p></div>NHS Under Constant Attackhttps://redskyalliance.org/xindustry/nhs-under-constant-attack2022-08-11T13:44:06.000Z2022-08-11T13:44:06.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10761543869,RESIZE_930x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10761543869,RESIZE_400x{{/staticFileLink}}" width="250" alt="10761543869?profile=RESIZE_400x" /></a>There was once an unwritten moral code among cyber hackers that they would never attack vulnerable businesses like health care. Well, those disingenuous hacker ethics are out the door; have been for awhile. After dealing with the hack of the UK’s NHS controlled ambulance service last week<a href="#_ftn1">[1]</a>, malicious hackers are now holding an IT firm that supplies NHS ‘trusts’ to ransom following a cyber-attack. NHS trusts are public sector bodies established by parliamentary order through the UK Secretary of State for health to provide healthcare services to the NHS. They have a board of executive and non-executive directors and are accountable to the secretary of state. Health administrators are concerned criminals have access to confidential health records and could leak them if their demands are not met. The software company Advanced, which provides patient data to dozens of trusts and most NHS 111 providers in England, which was hacked last week.</p>
<p>Call handlers across 85% of the UK are still without a crucial IT system and have had to resort to using pen and paper for the past week. Agencies including the National Crime Agency and GCHQ are now investigating the data breach. A reliable source said the attackers have made 'some demands', according to the Health Service Journal, although it is not entirely clear what they are. Some analyst believe there is a theory cyber criminals are looking for payments in exchange for not leaking information and removing the malware.<a href="#_ftn2">[2]</a></p>
<p>Advanced's Adastra software, one of the systems that was attacked and is used by NHS 111, covers 40million patients, according to the company. Affected NHS 111 call handlers currently do not have access to the GP records or NHS numbers of people ringing the non-emergency service. They are also unable to make electronic bookings with GPs or send out ambulances for patients while the Adastra software is still offline. </p>
<p>The criminal hackers also attacked the company's Carenotes EPR software, which holds mental health records. Affected mental health trusts warned staff are currently facing a 'pretty desperate' situation, still unable to access vital patient records. Mental health records and patients' unique NHS numbers are allegedly to have been affected in the attack.</p>
<p>An Advanced spokesperson said: 'With respect to potentially impacted data, our investigation is under way. 'When we have more information about potential data access or exfiltration, we will update customers as appropriate.' Affected mental health trusts warned staff are currently facing a 'pretty desperate' situation, still unable to access vital patient records. One mental health trust chief executive, who preferred to stay anonymous, told the HSJ: 'It’s really difficult and the longer it goes on, the harder it gets for staff.'</p>
<p>Advanced said it will bring its NHS 111 and urgent care services back online 'within the next few days.' But it could take another month before Carenotes EPR is back online. Advanced said: 'We are working tirelessly to bring this timeline forward, and while we are hopeful to do so, we want our customers to be prepared. We will continue to provide updates as we make progress.”</p>
<p>Carenotes EPR is used by at least nine mental health trusts, and dozens of other trusts use different software from the company that is still offline. Affected NHS 111 call handlers currently do not have access to the GP records or NHS numbers of people ringing the non-emergency service. They are also unable to make electronic bookings with GPs or send out ambulances for patients while the Adastra software is still offline.</p>
<p>An Advanced spokesperson said: 'We want to stress that there is nothing to suggest that our customers are at risk of malware spread and believe that early intervention from our Incident Response Team contained this issue to a small number of servers. Since our Health and Care systems were isolated at the end of last week, no further issues have been detected and our security monitoring continues to confirm that the incident is contained, allowing our recovery activities to move forward.”</p>
<p>The NHS attack was initially feared by experts to be from another country. Health chiefs told hospitals to shore up their system earlier this year amid fears of a Russian attack in retaliation to Western interference in the war in Ukraine. There have been widespread concerns about the technological resilience of the NHS which only last year stopped using fax machines. It was famously hacked in 2017 in the WannaCry attack, which brought the whole health service to a standstill for days and cost the UK £92million. </p>
<p>More than a third of UK hospital trusts had their systems crippled in the WannaCry ransomware attack in May 2017. Nearly 20,000 hospital appointments were cancelled because the NHS failed to provide basic security against cyber attackers. NHS officials claimed 47 trusts were affected – but the National Audit Office (NAO) found the impact was far greater, and in fact 81 were hit by the attack. When the attack started on 12 May, it ripped traveled through the out-of-date defenses used by the NHS. More than a third of hospital trusts had their systems crippled in the WannaCry ransomware attack last May (2021). The virus, which spread via email, locked staff out of their computers and demanded £230 to release the files on each employee account. Hospital staff reported seeing computers go down 'one by one' as the attack took hold. Locked out medics had to rely on pen and paper, while crucial equipment such as MRI machines were also disabled by the attack. The report reveals nearly 19,500 medical appointments were cancelled, including 139 potential cancer referrals. Five hospitals even had to divert ambulances away at the peak of the crisis. Hospitals were found to have been running out-of-date computer systems, such as Windows XP and Windows 7, that had not been updated to secure them against such attacks. Computers at almost 600 GP surgeries were also victims. Cyber experts said the cyber-attack could have easily been prevented. Officials were warned repeatedly about the WannaCry virus beforehand. </p>
<p>The Department of Health said that from January 2018 hospitals will be subject to unannounced inspections of IT security. I guess it did was not enough to prevent this current attack. </p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs. com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www. redskyalliance. org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www. wapacklabs. com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www. linkedin. com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://news.sky.com/story/ministers-coordinating-resilience-response-after-major-cyber-attack-hits-nhs-systems-across-uk-12666611">https://news.sky.com/story/ministers-coordinating-resilience-response-after-major-cyber-attack-hits-nhs-systems-across-uk-12666611</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://www.dailymail.co.uk/health/article-11102003/NHS-cyber-attack-Hackers-issue-demands-supplier.html">https://www.dailymail.co.uk/health/article-11102003/NHS-cyber-attack-Hackers-issue-demands-supplier.html</a></p></div>Weekly Cyber Intel Report - All Sector 01 14 2022https://redskyalliance.org/xindustry/weekly-cyber-intel-report-all-sector-01-14-20222022-01-14T14:41:53.000Z2022-01-14T14:41:53.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><h2><a href="{{#staticFileLink}}10012032279,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10012032279,RESIZE_400x{{/staticFileLink}}" width="250" alt="10012032279?profile=RESIZE_400x" /></a>Activity Summary - Week Ending on 14 January 2022:</h2>
<ul>
<li>Red Sky Alliance identified 24,345 connections from new IP’s checking in with our Sinkholes</li>
<li>Microsoft IP’s in UK and N. Ireland hit</li>
<li>Analysts identified 1,435 new IP addresses participating in various Botnets</li>
<li>Rook Ransomware</li>
<li>More Log4j</li>
<li>Ukraine Cyber Bust</li>
<li>UK NHS</li>
<li>Who’s Winning?</li>
<li>Google Docs</li>
<li>The Electric Grid’s Hot Wires</li>
<li>BLM suing LAPD</li>
</ul>
<p>Link to full report: <a href="{{#staticFileLink}}10012027486,original{{/staticFileLink}}">IR-22-014-001_weekly014.pdf</a></p></div>