Follow ISA on LinkedIn to get notified of the latest cybersecurity news.
Belgian hospital suffers cyber attack
Healthcare ransomware is in the news again as a hospital in Tournai, Belgium has suffered a serious cyber attack.
According to a French-language report from Belgian news outlet L’Avenir, the attack on the Center Hospitalier de Wallonie Picarde (CHwapi) started on the evening of Sunday, January 17. Admissions to the hospital were immediately affected, with personnel resorting to using paper files to manage cases. About 100 operations scheduled for January 18 had to be cancelled, and patients arriving at emergency had to be re-routed to other local healthcare facilities.
The latest update on the hospital’s French-language website indicates that urgent care services are still being disrupted, as emergency patients continue to be directed elsewhere. However, routine patient consultations and COVID vaccine distribution were unaffected by the attack, and surgical procedures had resumed by January 20. The hospital also reassured patients that no personal data was compromised in the incident.
Bleeping Computer, a security research website, has reportedly been contacted by the hackers. While the report in L’Avenir indicates that 80 of the hospital’s network of 300 servers were encrypted, the hackers dispute this, claiming that “only” 40 servers were compromised, comprising storage of 100Tb of hospital data. The hackers insist that they have not stolen any data; their attack is restricted to holding the affected systems for ransom. Windows BitLocker ransomware malware appears to have been used to conduct the attack.
U.S. men’s clothing store Bonobos suffers major data breach
Men’s clothing store Bonobos, a subsidiary of Walmart, has reportedly suffered a data breach involving millions of customer records. According to a report in Bleeping Computer, a cloud backup of the store’s corporate database was stolen by a hacker. The store’s internal systems were not affected in the breach.
While it has not been confirmed when the incident occurred, the breach was revealed over the weekend of January 16-17, when a hacking group known as ShinyHunters posted the company’s entire 70Gb SQL database on a free hacker forum. ShinyHunters has a reputation for massive data disclosures: according to a report last summer in Dark Reading, they were offering several databases for sale at a rate of $1500 to $2500 (USD), involving a total of over 26 million data records.
According to the Bleeping Computer report, the stolen data appears to date back to at least 2014, and has records as recent as July 2020. The contents of the stolen files are troubling: the database holds account information such as customers’ addresses, telephone numbers, order information (including the last four digits of the payment cards used), as well as password histories.
While the passwords in the database are encrypted, the report suggests that one threat actor has already claimed to have cracked the passwords for some 158,000 records, and is now using them for credential stuffing attacks on other websites.
Customers of Bonobos are urged to change their passwords and to be on the lookout for suspicious emails or targeted phishing attacks. This incident also serves as another reminder of the critical importance of using unique passwords across online services and retailers. Any customer reusing their password credentials may find that other accounts may be breached as well.
CISA launches anti-ransomware campaign
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has launched a new awareness campaign to help the fight against ransomware. In their news bulletin issued January 21, CISA announced the “Reduce the Risk of Ransomware” campaign, a “focused, coordinated and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate this cybersecurity risk and threat”.
To support the new initiative, the announcement advised that CISA has created a new web page at https://www.cisa.gov/ransomware, which contains four categories of helpful resources:
+ Alerts and Statements: Official CISA updates to help stakeholders guard against the ever-evolving ransomware threat environment. These alerts are geared toward system administrators and other technical staff to bolster their organization’s security posture.
+ Guides and Services: Tips and best practices for home users, organizations, and technical staff to guard against the growing ransomware threat.
+ Fact Sheets and Infographics: Easy-to-use, straightforward information to help organizations and individuals better understand the threats from and the consequences of a ransomware attack.
+ Trainings and Webinars: This information provides technical and non-technical audiences, including managers, business leaders, and technical specialists with an organizational perspective and strategic overview.
The new initiative reinforces the messaging in CISA’s Ransomware Guide, released in September 2020. The guide provides industry best practices, checklists and other resources to “prevent, protect and/or respond to a ransomware attack.”
Infosecurity Magazine Summits
Infosecurity Magazine has announced two global cybersecurity summits for spring 2021. Spring Online Summit – EMEA 2021 is being held Tuesday, March 23, catering to Europe, the Middle East, and Africa. The following day, Wednesday, March 24, Infosecurity Magazine is running the Spring Online Summit – North America 2021.
Both free virtual conferences feature education sessions covering the latest trends and technology in the information security and cybersecurity space, as well panel sessions and specialist speakers. Different agendas are being presented for each conference, in order to avoid duplication of content.