Ransomware attack on US hospitals

Ransomware attack on US hospitals

Since Thursday night, the FBI has been warning of increased cyberattacks on various American hospitals. The used malware Ryuk encrypts the data of the infected systems and thus complicates the further operation of the hospitals. The attack on system-relevant infrastructure such as these is combined with requests for ransom money to release the sensitive data as quickly as possible. The exact number of affected hospitals is not known, only that hospitals in the states of New York, Oregon and Minnesota are involved.

The data encryption has caused significant delays in the clinic process, as the affected clinics have had to reroute some of their patients, which has delayed the waiting times for necessary treatments. Clinics in Germany are also sometimes victims of such cyber-attacks, which can be life-threatening for patients in addition to the financial loss of the organization.

A major ransomware attack took place in the summer of 2019 on central systems of the DRK-Trägergesellschaft Süd-West. Affected were the affiliated hospitals in Rheinland-Pfalz and Saarland, whose provision of care was delayed. According to the media, this incident, fortunately, had no further consequences for patients. No ransom was paid, and the incident lasted from 13th to 26th July. Sodinokibi was identified as the software used, and a Mobile Incident Response Team (MIRT) was deployed to determine the cause of the attack and restore the patient to a working condition.

The BSI (Bundesamt für Sicherheit in der Informationstechnik) recommends the establishment of a functioning and practiced emergency management for such ransomware attacks. It was crucial for the success of the measure that, on the one hand, the crisis treatment in the hospital works and patient care is ensured by analogue data acquisition. It is relevant for IT to narrow down the problem, find the cause and select the necessary measures.

To prevent such attacks from the outset, it is also advisable to sufficiently sensitize employees to the subject of phishing and social engineering and to improve and tighten regulations on password security for remote access. Multifactor authentication for administrative actions is recommended.

#Ransomware #MFA #Cybersecurity #Ryuk #Phishing #SocialEngineering

This site was seized

“This site was seized”

This message was displayed to visitors who had tried to access Donald Trump’s campaign website on Tuesday evening.

The statement that the site had been seized was followed by various unsubstantiated allegations against the US government and Donald Trump himself.

The alleged attackers further claimed to have compromising information about Trump. They offered visitors the opportunity to vote – in exchange for the deposit of a crypto-currency –, to decide whether this information should subsequently be made public – or not. After only a few minutes, however, the statements and accusations had disappeared, and the site was accessible again as normal.

At the end of last week, there were already several reports that a hacker had guessed the password of Donald Trump’s Twitter account. This is supposed to be “maga2020!” (make America great again 2020!) Especially piquant: Twitter offers a two-factor authentication to secure the accounts. However, according to the hacker, Trump had not activated this. The success of this attack was not confirmed by Trump himself or his employees, however.

Regardless of the password strength, we recommend: Use offers such as MFA (Multiple Factor Authentication) to protect your accounts and your sensitive data!

#ITSecurity #MFA

New draft law on the monitoring of messenger services

How far may German secret services go in revealing terrorist organizations on the Internet?

Especially in the context of right-wing attacks in Germany, this question has once again moved into the focus of public debate. The German government now wants to regulate the powers of the secret services to read encrypted messenger services such as WhatsApp, Telegram or Skype by law. And thus replace the old legislation, which still distinguishes between telephony and internet services.

The current draft states that German secret services—after approval by a G10 commission of the Bundestag—can now also gain access to messenger data from written communication. Up to now, secret services have only been allowed to listen in on ongoing messenger conversations of suspicious persons. An original draft law, which also allowed online sniffing (i.e. covert access to computers, smartphones and other IT services), was rejected.

The draft is controversially discussed in the Bundestag and by external parties.

Proponents see the draft law as an opportunity to adapt German jurisdiction to the current state of the art. And to guarantee the independence of German secret services in the detection of terrorist-motivated crimes. Up to now, they have been dependent on tips and assistance of foreign secret services, to which such hurdles do not apply. At the same time, some data protectionists see the draft as an upgrade of civil rights: because missing regulations would not necessarily lead to higher data protection. After all, only constitutional rules on data surveillance would create barriers that also apply to foreign secret services, for example. If these are missing, this would weaken rather than strengthen civil rights.

Opponents, on the other hand, see the draft law as a curtailment of the fundamental rights of the individual. In particular through the extension of competences of the “Office for the Protection of the Constitution”, which the draft also contains.

#dataprotection #messengerservices

New Federal Agency to strengthen cyber security in Germany

New Federal Agency to strengthen cyber security in Germany.

The Ministries of the Interior and Defence have founded the “Agency for Innovation in Cyber Security”, locaded in the Halle/Leipzig area. The aim of the merger is not to carry out or fend off cyberattacks themselves, but rather to generate an overview of scientific developments in the field of cyber security.

Minister of Defense Annegret Kramp-Karrenbauer (CDU) speaks of a “milestone in the protection of our IT systems”.

The institution has an interest in interacting with the best minds in the federal government. For this purpose, Christoph Igel, its first director of research, wants to work with the 360 universities in Germany.

The right way to fight cybercrime?

#ITsecurity

Hackers gain access to the systems of various Swiss universities

Attackers gain access to the universities’ networks by sending targeted phishing mails and were thus able to divert six-digit numbers in salary payments. Employees of the universities were asked to enter their access data in the e-mails, which enabled the attackers to change recipient accounts for salary payments.

According to “Sonntagszeitung”, the University of Basel and the University of Zurich are among the universities affected. Both were able to detect the attacks early on and thus kept the damage caused very low.

A successful attack is often only recognized after 200 days. During these 200 days, the attackers have already access to all systems as well as data and can cause huge damage.

Protect your IT infrastructure with a sophisticated security strategy! Starting with the introduction of trainings for employees to make them aware of cyber attacks, to the implementation of complex solutions and tools like ISMS, IAM or multi-factor authentication.