ISA is committed to keeping the security community up to date with the latest cybersecurity news.
U.S. federal agencies warn of an “imminent” ransomware threat to hospitals
The FBI, Department of Homeland Security, and the Department of Health and Human Services have issued an advisory (web version and PDF version) warning of a coordinated attack against the healthcare sector in the United States.
Believed to be powered by the TrickBot network, the Ryuk ransomware attacks threats mentioned in the advisory have already been felt across the U.S., with up to 400 hospitals and research facilities affected. Recent attacks were reported at the following institutions:
+ University of Vermont Health Systems in Burlington, Vermont (with minor impacts at its other affiliated locations in the Vermont/New York area)
+ Sky Lakes Medical Center in Klamath Falls, Oregon
+ Wyckoff Hospital in Brooklyn, New York
+ Lawrence Health System in Potsdam, New York
+ Sonoma Valley Hospital in Sonoma, California
with additional infected organizations reportedly in New Jersey, Georgia, Florida, Massachusetts, Texas and Arkansas.
“This is a big deal,” says John Hultquist, Senior Director, Intelligence Analysis at FireEye. “I’ve been looking at state cyberattacks my whole career, and I can’t think of any that rivals this in terms of danger to the public.”
In response to the bulletin, Check Point researchers have released a detailed report on the increase in frequency and severity of cyber attacks against healthcare. The report suggests that there has been a 71% increase in ransomware attacks against the U.S. health sector in October 2020.
City of Montréal’s transit system hit with ransomware attack
A cyber criminal is demanding a ransom of $2.8 million (US) to unlock ransomware affecting Montréal’s transit system.
The Société de transport de Montréal (STM) was hit with ransomware infection on October 19. The attack created an outage that affected nearly 1,000 of STM’s 1,600 servers, some 624 of which characterized as “operationally sensitive” in a statement by STM. Key among the systems affected was the STM’s reservation system for adapted transit, and the transit authority’s website. Bus and subway services were unaffected.
After a delay of over a week, the hacker finally contacted STM with ransom demands, but STM is steadfast in refusing to comply. On their own, the agency has restored some 80% of the affected systems, including the adapted transit service, which was restored by October 25. Most of the STM website and online resources remained unavailable by November 1.
Few details are available on the nature of the attack, but multiple reports suggest that a phishing email was used to gain initial access to STM’s computer network. According to a report by Bleeping Computer, the attack bears similarities to a RansomExx attack. RansomExx is a rebranded version of the Defray777 ransomware that became more active this summer, with attacks against organizations such as the Texas Department of Transportation, Konica Minolta, and Tyler Technologies. When conducting attacks, RansomExx attacks typically involve gaining control over a Windows domain controller, then moving laterally through a network to load ransomware on other vulnerable devices.
STM has declined to confirm any further details until the authorities and law enforcement have completed their investigation.
Meanwhile, inconvenienced customers are looking for compensation. Handling reservations manually and struggling with capacity demands, STM could offer only a limited number of appointments for medical visits or essential work activities on their paratransit system, leaving many riders without access to transit. In response, STM issued a statement saying that, while it is sensitive to the impact the outage has created on its customers, it cannot reimburse them for lost wages or alternative travel charges.
Stelco operations disrupted by weekend cyber attack
Hamilton, Ontario’s steel manufacturing giant Stelco has been hit with a cyber attack. In a short statement released October 25, Stelco disclosed that it had been “subject to a criminal attack on its information systems”. The statement was released in Canada with express instructions not to distribute the bulletin to American newswires or media channels.
The release continued, “In response, Stelco immediately implemented countermeasures in accordance with established cybersecurity procedures and policies that have been developed in collaboration with expert external advisors. The countermeasures taken were effective and limited the scope of the attack. Certain operations, including steel production, were temporarily suspended as a precautionary measure but have since resumed operations.”
Stelco also implemented their backup and recovery plans to recover their systems, though they conceded that some business functions would be hampered by the attack.
“Criminal cyberattacks on businesses and other organizations around the world are increasingly prevalent in the 21st century, and Stelco will be cooperating with law enforcement authorities to investigate this crime.” No further statements have been issued by Stelco.
Cloudflare COO foresees cybersecurity “a thing of the past” by 2030
Michelle Zatlyn, co-founder and Chief Operating Officer of Cloudflare, has raised eyebrows with her prediction of the future of cybersecurity. At a recent roundtable discussion hosted by Business Insider, Zatlyn observed, “I have a point of view that cybersecurity is going to be a thing of the past the next decade because I think technology is going to solve those problems. We’re not there yet — today, it’s a real serious threat for businesses — but I do think we’re going to get to a point where it’s almost like the water treatment filtration systems”
She elaborated: “If you’re connected to the Internet, you’re going to connect through a cybersecurity network like Cloudflare or some others. And we’re going to cleanse it and make sure whatever’s passing through us is clean.”
Zatlyn espouses the zero-trust model, acknowledging that user-first, user-centric security will continue to replace the legacy perimeter defense model.
While a transition to more and more cloud-based services seems inevitable, only time will tell how the need for cybersecurity will evolve. With the continuing evolution of AI, the seismic change that quantum computing will bring, and the endless resourcefulness of the criminal element, the disappearance of cybersecurity by 2030 seems aggressive.
After all, it’s been nearly 17 years since Bill Gates declared to the World Economic Forum in Davos, Switzerland that “spam will be solved” by 2006, while unsolicited and malicious emails remain one of the greatest sources of ransomware infection today.