Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Fake Amazon Emails
Have you noticed any suspicious Amazon PDF attachments in your inbox recently? There has been a recent surge in phishing emails sent to Outlook users. In this scam, hackers pose as Amazon support personnel, sending you an urgent message warning you that your Amazon account is on hold due to billing errors. Particularly as we close in on Black Friday and Cyber Monday, the criminals hope that you will let you guard down and open a malicious PDF attachment or click on a phony link. Either way, you may be directed to a spoofed website designed to harvest your login credentials or payment information.
Always be suspicious of unexpected emails, particularly if they ask for your credentials or payment information. If you receive an Amazon billing issue email or text, do not call the customer support number provided, as it also may be spoofed. Instead, report the scam and delete the email or text message. Amazon has provided additional tips and instructions if you receive one of these messages.
Recovery from Ontario healthcare attacks to take several weeks
According to the November 8 update from TransForm, some services affected by the October 23 cyber attacks on five southwestern Ontario hospitals could take at least until mid-December.
“We can confirm that the restoration process (Phase 4) is on track. While it will still take some time before all affected critical systems are completely online, our teams are working around the clock to ensure the process is progressing as quickly and safely as possible. We are also working with leads at each hospital for a seamless return to service,” according to the bulletin.
Restoration of patient digital charting appears to be a key complication in the recovery process, but other systems are on a similar recovery timeline. “Please note that some patients and families may still experience diagnostic and/or treatment delays while we work to restore all systems. Clinical applications will be coming back online one by one or in clusters as we approach mid December 2023,” continued the bulletin.
The October 23 cyber attacks were allegedly masterminded by the Daixin Team ransomware gang. As services are slowly being recovered, initial reports of the types and quantities of stolen data are being issued – though the full extent of the incidents is still being assessed. Sensitive patient and staff data from all five of the affected hospitals has been released on the dark web, after Daixin’s ransom demands were not met.
On November 10, TransForm issued an FAQ page in an effort to assist patients and staff with their concerns.
According to a November 9 report in IT World Canada, the Ontario Privacy Commissioner is looking into the cyber attacks. “Our office is actively investigating the recent ransomware attacks on the affected hospitals in Southwestern Ontario… We intend to issue a public report of our findings,” said the Office of the Information and Privacy Commissioner of Ontario said, according to the article.
OpenAI faces DDoS attack
On November 8, OpenAI was hit with a DDoS attack that knocked out their popular ChatGPT and API services for about two hours. According to their system status page, they “implemented a fix” to address the “major outage”. OpenAI Playground and OpenAI Labs services also suffered a major outage for about 40 minutes at the same time.
OpenAI has not confirmed the source of the attack, though the threat actor group “Anonymous Sudan” has claimed responsibility for the attacks on Telegram the same day. The group claimed that it targeted OpenAI and its ChatGPT services because of OpenAI’s sympathies with Israel in the current war in the Middle East.
Anonymous Sudan claims to be a group of Sudanese grassroots hacktivists who focus on targets that engage in so-called “anti-Muslim activity,” however some researchers believe that the group is actually a Russian state-sponsored enterprise.
Google releases cloud security forecast
In a new report entitled “Cybersecurity Forecast 2024”, researchers at Google provide their insights to help organizations in their planning for operating in the cloud.
“The Google Cloud Cybersecurity Forecast 2024 report equips security professionals with insights on cybersecurity trends in the year ahead based on frontline intelligence from our experts across Google Cloud,” according to an announcement from Google.
The key areas of focus of the report include:
- Attackers are increasingly using AI in their operations; accordingly, defenders are using the technology to bolster detection and response
- Nation-states are continuing to conduct cyber operations to achieve their geopolitical goals
- Patch management is key as attackers are continuing to exploit zero-day vulnerabilities while using evasive techniques to avoid detection
- 2024 will see a rise in hacktivism and other cyber activity related to major global conflicts, elections, and the Summer Olympics in Paris, France