Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Ireland. Show all posts
User Safety
Cyber Crime Data Leak Healthcare Hack Ireland Patient Info User Safety

Here's How Microsoft Fought Against Ireland's HSE Attackers

 

Hackers exploited the victim's infected computer to access Ireland's public health system and tunnel across the network for weeks after luring a worker with a phishing email and a spreadsheet that was laced with malware. Infecting thousands of more systems and servers, they prowled from hospital to hospital, explored folders, and opened personal files. 

By the time they demanded a ransom, they had already taken over more than 80% of the IT infrastructure, knocked out the organisation's 100,000+ employees, and put the lives of thousands of patients in danger.

The attackers employed a "cracked," or exploited and unauthorised, legacy version of a powerful tool to launch the 2021 attack on Ireland's Health Service Executive (HSE). The tool, which is used by credible security professionals to simulate cyberattacks in defence testing, has also become a favourite tool of criminals who steal and manipulate previous versions to launch ransomware attacks around the world. In the previous two years, hackers have attempted to infect over 1.5 million devices using cracked copies of the tool Cobalt Strike. 

However, Microsoft and the tool's owner, Fortra, now have a court order authorising them to seize and block infrastructure associated with cracked versions of the software. The order also permits Microsoft to interrupt infrastructure linked with the misuse of its software code, which thieves have utilised in some of the attacks to disable antivirus systems. Since the order was carried out in April, the number of compromised IP addresses has decreased dramatically. 

"The message we want to send in cases like these is: 'If you think you're going to get away with weaponizing our products, you're going to get a rude awakening,'" states Richard Boscovich, assistant general counsel for Microsoft's Digital Crimes Unit (DCU) and head of the unit's Malware Analysis & Disruption team. 

The effort to take down cracked Cobalt Strike began in 2021, when DCU — a diverse, multinational organisation of cybercrime fighters — aimed to make a deeper dent in the rising number of ransomware attacks. Previous operations had separately targeted particular botnets such as Trickbot and Necurs, but ransomware investigator Jason Lyons advocated a large operation targeting multiple malware groups and focusing on what they all had in common: the usage of cracked, old Cobalt Strike. 

"We kept seeing cracked Cobalt Strike as the tool in the middle being leveraged in ransomware attacks," Lyons explained, basing his evaluations on internal information about Windows-based attacks. 

Lyons, a former US Army counterintelligence special agent, had spent many nights and weekends responding to ransomware attacks and breaches. The opportunity to pursue multiple crooks at once allowed him to "bring a little pain to the bad guys and interrupt their nights and weekends, too," he adds.

But before it could start inflicting pain, Microsoft needed to clean up its own house and get rid of the broken Cobalt Strike in Azure. Rodel Finones, a reverse engineer who deconstructs and analyses malware, jumped to work right away. He had transferred from the Microsoft Defender Antivirus team to DCU a few years earlier in order to play a more proactive role in combating criminality. 

Finones designed a crawler that connected to every active, publicly accessible Cobalt Strike command-and-control server on Azure — and, ultimately, the internet. The servers communicate with infected devices, enabling operators to spy on networks, move laterally, and encrypt information. He also began looking into how ransomware criminals used Microsoft's technologies in their operations. 

Crawling, though, was insufficient. The investigators had a difficult time distinguishing between legitimate security uses of Cobalt Strike and unlawful use by threat actors. Fortra assigns a unique licence number, or watermark, to each Cobalt Strike kit sold, which serves as a forensic clue in cracked copies. However, the corporation was not involved in the first operation, and DCU investigators worked alone to create an internal catalogue of watermarks associated with customer attacks while cleaning up Azure. 

Meanwhile, Fortra, which purchased Cobalt Strike in 2020, was addressing the issue of criminals exploiting cracked copies. When Microsoft proposed a joint venture, the corporation needed time to ensure that working with Microsoft was the appropriate decision, according to Bob Erdman, assistant vice president for business development. 

In early 2023, Fortra joined the action and released a list of over 200 "illegitimate" watermarks linked to 3,500 unauthorised Cobalt Strike servers. The company had been doing its own investigations and implementing new security procedures, but teaming with Microsoft allowed access to scale, extra knowledge, and an additional method of protecting its tool and the internet. Fortra and Microsoft examined around 50,000 distinct copies of cracked Cobalt Strike during the inquiry. 

Microsoft benefited from the collaboration as well, with Fortra's knowledge and watermark list significantly expanding the operation's reach. It aided the firms' case, which linked malicious infrastructure to 16 unknown defendants, each representing a unique threat group. 

Lawyers argued that the groups – ransomware authors, extortionists, victim lurers, and cracked Cobalt Strike sellers — collaborated in a thriving, profitable ransomware-as-a-service operation aimed at maximising profit and harm. They also linked broken Cobalt Strike to eight ransomware families, including LockBit, a quick encryption and denial-of-service attacker, and Conti, the malware suspected in the disastrous 2022 attacks on the Costa Rican government.
Read more »
Meta
Cyber Crime Data Protection Bill EU Fine Ireland Meta

Meta Penalized 276 Million by Ireland Under EU Laws

According to Meta's handling of sensitive user data, the Irish Data Protection Commission has fined the company $276 million. 

The European Union's primary privacy watchdog, Meta, is the most recent example of how regional authorities are growing more active in their enforcement of the bloc's privacy regulations against major internet corporations.

Insiders discovered the exposed data, which contained the full names, contact information, addresses, and dates of birth of users on the platform between 2018 and 2019. At the time, Meta said that the information was taken by a malicious party using a flaw that the firm addressed in 2019 and that it was the same information used in a prior leak that Motherboard had discovered in January 2021.

The DPC has fined Meta three times already this year. In connection with a slew of 2018 data breaches that compromised the personal information of as many as 30 million Facebook users, the DPC penalized Meta $18.6 million USD in March for poor record-keeping.

In a privacy issue, Meta and its affiliates, including WhatsApp and Instagram, have now been punished by Ireland three times in the last 15 months, reaching more than $900 million in monetary penalties. The other concerns include WhatsApp's transparency on how it manages user data and Instagram's management of children's data. Meta is contesting those judgments.

A representative for Meta stated that the business will reconsider the choice. Meta representative remarked, "Unauthorized data scraping is unacceptable and against our standards.

According to Ireland's privacy regulator, there are dozens more complaints involving numerous major tech corporations that are still pending. Based on the corporations and EU officials, tech companies are currently in discussions with the European Commission, the EU's executive body, to identify which parts of each new law will apply to the particular services they provide. Beginning in the middle of next year, certain parts of the new laws will be put into effect.


Read more »
UK
Cyber Attacks Cyber Threats Ireland NCSC Transport Sectors UK

NCSC Alerts of Cyber Threats to Ireland's Energy, Telecoms and Transport Sectors

 

One of the UK's leading cyber officials has cautioned of a rising threat to Ireland's cross-border telecoms, energy, and transportation infrastructure while praising the UK's continued close cooperation 

Lindy Cameron, CEO of the National Cyber Security Centre (NCSC), mentioned that the two countries had "shared cyber interests" and a strong bilateral partnership while speaking remotely at an Institute of International and European Affairs (IIEA) event in Dublin. 

This will become increasingly crucial, as per given the potential of increased cyber-threats affecting both Northern Ireland and its southern neighbor.

“Energy security for Northern Ireland is based on gas pipelines and electrical interconnectors to both Great Britain and across the border, including the Single Electricity Market. The energy sector is dependent on operational technology — connected systems that monitor and control automated industrial processes — to function effectively and efficiently,” Cameron explained. 

Cameron noted that it is a real possibility that this reliance on operational technology and the interconnected nature of the energy supply network on the island of Ireland combines to create a potential target for cyber-attacks.

Other probable concerns include a ransomware attack on the rail link between Belfast and Dublin, collectively operated by Northern Ireland Railways and Irish Rail, she noted. 

Cameron cautioned state actors are a constant concern that might exhibit themselves in the telecoms industry – where targets could be compromised to facilitate spying in other sectors as well as sources of consumer and communications data in and of themselves. 

She further added, “Some managed service providers that operate in Northern Ireland provide services both sides of the border. It is, therefore, a realistic possibility that a cyber-attack on a telecoms provider could impact services to both of our countries.” 

“The governments of both UK and Ireland have been clear that they will not tolerate malicious cyber activity, and we have and will publicly call out state-level attacks.” 

These dangers are no longer theoretical: in May, the Irish Health Service was targeted by a very destructive ransomware attack, which Cameron claimed put patients' lives in jeopardy. 

Following the incident, the NCSC collaborated closely with its Irish partners, however, the threat actors themselves handed over the decryption key after a few days as a "public relations move".
Read more »
Russian Hackers
Ireland Ireland Cyber Security Russia Russian Hackers

Ireland suspected Russian hackers of attacking the health service

 The National Cyber Security Centre of Ireland (NCSC) believes that the attack on the country's  Health Service Executive (HSE)  was most likely carried out by a group that is allegedly based in Russia.

The HSE said on May 14 that its IT systems were shut down after a hacker attack. The country's health ministry later announced that it was also cyberattacked on May 13.

On May 15, the American technology news site Bleeping Computer posted a message from hackers purportedly addressed to the HSE. In it, the attackers claim to have gained access to the HSE network more than two weeks ago. They are demanding a $ 20 million ransom for more than 700 gigabytes of personal data. The Irish authorities refused to pay the ransom.

According to local TV channel RTE, the Irish cybersecurity services believe that the attack was carried out by the Wizard Spider hacker group, which is allegedly based in St. Petersburg. It is reported that local officials have already contacted the Russian authorities. The Russian Ambassador to Ireland Yuri Filatov condemned the cyberattack and offered the government assistance in investigating the case.

The channel also reports that hackers provided the country's authorities with decryption keys, but in messages addressed to HSE employees, the attackers said that if they were not contacted, they would publish or sell personal data.

According to the channel, the attackers could have been pressured by the country or countries where they are based due to the damage done to the health care system in Ireland.

It is reported that the received keys are checked by an IT company hired by the HSE, and experts have reason to believe that the keys are genuine. However, they will not be used until they have passed a full malware scan. According to RTE, this is likely to take several days.

The West has repeatedly accused the Russian Federation of interfering in internal affairs and cyber attacks. Russia has denied all the charges, saying that Western countries have not provided any evidence. Moscow has repeatedly stated that it is ready for a dialogue on cybersecurity.


Read more »
USA
Cyber Attacks FBI Healthcare Hacking Ireland Ransomware attack USA

Irish Health System and 16 U.S. Health and Emergency Networks Hit by Conti Ransomware Gang

 

According to the Federal Bureau of Investigation, the same group of online extortionists responsible for last week's attack on the Irish health system has also targeted at least 16 medical and first-responder networks in the United States in the past year. The FBI said cybercriminals using the malicious software called 'Conti' have attacked law enforcement, emergency medical services, dispatch centers, and municipalities, according to a warning issued by the American Hospital Association on Thursday. 

In May of 2020, the Conti ransomware appeared on the threat landscape. It has some links to other ransomware families. Conti has evolved quickly since its discovery, and it's known for how quickly it encrypts and deploys around a target system. Conti is a “double extortion” ransomware that steals and attempts to reveal data in addition to encrypting it. 

The FBI didn't specify who was targeted in these hacks or whether ransoms were paid, only that these networks "are among more than 400 organizations worldwide victimized by Conti, with over 290 of them based in the United States." The new ransom demands have been as high as $25 million, according to the study. 

On Thursday, Ireland said experts were looking into a decryption tool that had been posted online, which could help activate IT systems that had been crippled by a major ransomware attack on the country's healthcare provider. The government stated that it had not paid any ransom and would not pay any in return for the alleged key. It didn't respond to claims that the gang had threatened to release reams of patient information next week. 

This ransomware attack has prevented access to patient information, forced medical facilities to cancel appointments, and disrupted Covid-19 testing around the country for the past week. Ossian Smyth, Ireland's e-government minister, has described it as "perhaps the most serious cyber crime assault on the Irish state." 

The hackers who took down Ireland's healthcare system are said to be members of "Wizard Spider," a sophisticated cybercrime group based in Russia that has become more involved in the past year. The group has threatened to release medical records unless Ireland pays a $20 million fine.
Read more »
Ransomware
Cyber Attacks data security Ireland IT firms attacked IT Institution Ransomware

IT Services Remain Disrupted At Two Colleges Of Ireland After Ransomware Attacks

 

Two IT universities of Ireland the National College of Ireland (NCI) and the Technological University of Dublin have been hit by a cyber attack. 

Recently, both the aforementioned universities have reported ransomware attacks on their system. Currently, the National College of Ireland is working 24 hours to restore its IT services after suffering a massive cyber attack. Consequently, the institution is forced to go with an offline IT system. 

"NCI is currently experiencing a significant disruption to IT services that have impacted a number of college systems, including Moodle, the Library service, and the current students’ MyDetails service," the college reported on Saturday. 

An advisory that has been released by some press institutions said that two third-level institutions that are experiencing cyber-attacks, particularly ransomware attacks – in their regard, there is no definite timeline for when the IT services will be fully restored. 

In the wake of the attack, the two institutions have immediately notified the students, staff, and other employees, about the cyber attacks. Subsequently, NCI’s IT suspended access to the systems and the campus building was also shut down for staff as well as the students until the IT services are fully recovered from the attacks. 

NCI has also notified the important inquiries pertaining to the attack, to the authorities including the national police service of the Republic of Ireland and the Data Protection Commissioner. 

"Please note that all classes, assessments, and induction sessions planned from today Tuesday 6th until this Thursday 8th April inclusive have been postponed and will be rescheduled for a later date," NCI added in a statement issued today. 

"…The College will issue a further update on Thursday afternoon in relation to classes and other events for Friday and beyond. As well as, Students with assignments due this week were told that "no late penalties will be applied while the outage remains in place." 

Meanwhile, students were also told not to access any system of the campus until Monday, April 12. They were also advised to avoid contacting the IT staff that is at present working on restoring attacked IT systems.
Read more »
National cyber security strategy
Cyber-security Economic crisis Ireland National cyber security strategy

Warning! Ireland's National Cyber Security Strategy; Fight Against Cyber-Crime


Ireland is all set to fight cyber-crime with its recently updated “National Cyber Security Strategy” which is way ahead of the last one the nation had.

This security strategy is just a way to meticulously ensure that the Irish netizens fully enjoy their digital rights and contribute to the internet society.

Per sources, the report cites that any minor or major cyber-attack on the multinational titans of the technological world could directly harm the security of data centers of the county.

The nation’s economic as well as political future depends on its cyber-security. The forthcoming Irish elections could be hindered easily if it were left to un-secure cyber-points.

Per reports, Ireland happens to hold more than 28% of the European Union’s data which in turn, in turn, is the headquarters of numerous big-time technology companies across the globe.

Hence, it is of the utmost importance to keep the country’s networks and devices essentially secured and tight against cyber-attack which is the aim of the Irish “National Cyber Security Strategy”.

If any of the prestigious institutions were to be even slightly compromised it would pose a direct threat to the business encompassed within the EU which in turn could lead to an economic disaster.

Ireland has never been too strong in terms of its cyber defense tactics and strategies as proven by the various attacks it has faced over the years.

Allegedly, the Cyber Security Strategy clearly mentions the challenges the Irish government faces especially regarding sensitive information.

Earlier the concepts of cyber-security were restricted to devices and networks that functioned on the internet wherein the targets could have been technology giants or other individuals.

But ever since the diaspora of the cyber-world and the evolution that it’s enjoyed ever since there are more serious matters that need attention like the electoral processes and other legislative tasks that need excessive secure conditions.

Irish military infrastructure, public sector security, the Irish political processes and almost every other thing that requires interconnected networks and devices, are all strong at the mercy of a safe and secure cyber environment.

Therefore it’s imperative for the nation to completely and effusively realize every single part of the strategy to their utmost capacity.
Read more »
Subscribe to: Posts (Atom)