Queensland hospitals and nursing centers afflicted by cyber attack

Several Queenland hospitals and nursing centers have been affected by a cyberattack, which has caused several disruptions in internal systems.
According to news sources the entire UnitingCare Queensland IT system was attacked by ransomware software, with all UCQ hospitals and nursing homes working without IT systems until further notice.

Among a number of nursing centers that have been affected in Queenland, Wesley and St.Andrews war hospitals in Brisbane have also had inoperable systems.

The cyber attack has impacted all operational IT systems including staff emails and patient’s booking systems for treatments, forcing onsite staff to revert to paper-based operations for the foreseeable future. Doctors have been told not to expect to be able to access vital patient information and details like x-rays. UnitingCare Queensland confirmed the attack but wasn’t able to provide an estimation when the systems could be brought back up.

“On Sunday, 25th of April, UnitingCare Queensland was impacted by a cyber incident. As a result of this incident, some of the organisation’s digital and technology systems are currently inaccessible,” a UnitingCare spokesperson said. “It is not possible to provide a resolution timeframe at this stage, however, our Digital and Technology Team are working to resolve this issue,”

It is currently unclear if any of the patients’ personal data was breached during the attack.

Ukraine accuses Russian networks of massive cyber attacks

Ukraine accuses Russian networks of massive cyber attacks

Ukraine on Monday accused Russian internet networks of massive attacks on Ukrainian security and defence sites, but did not provide details about any damage or say who believed it was behind the attack. Kyiv has accused Moscow of orchestrating major cyber attacks as part of a “hybrid war” against Ukraine, contradicting Russia’s denial.
However, a declaration by the National Security and Defence Council of Ukraine did not show who it believed that had organised the attacks or give any details of the effect that the intrusions had on Ukrainian cybersecurity.

The attacks began on 18 February and were aimed at websites of the Ukrainian Security Service, the Council itself and some other state institutions and strategic companies, it said in a statement. “It was shown that the addresses of certain Russian transport networks were the source of these coordinated attacks,” the Council said. The Council added that the attacks attempted to infect the government’s vulnerable web servers with a virus that added them to a bot-net used for DDoS attacks against other resources.
A DDoS attack is a cyber attack where hackers try to flood a network with unusually high traffic volumes to paralyze it.

Ukraine’s and Russia’s relations have been very problematic since the Russian annexation of Crimea in Ukraine in 2014 and participation in a conflict in the eastern Donbass region of Ukraine, which, according to Kiev, has killed 14000 people.

This month, the Ukrainian army said that five of their staff were killed last week in the east of the country, despite a ceasefire with pro-Russian separatists. On Monday, the military informed another dead soldier who had been killed by a rocket propelled grenade.

France identifies hackers connected to Russia in a large cyberattack

France identifies hackers connected to Russia in the big cyberattack

The hackers breached the software company that listed by Airbus, Orange and the French Ministry of Justice as their clients.

France’s ANSSI cybersecurity agency on Monday said that “several French entities” had been attacked, and linked the attacks to a group of Russian hackers who are thought to be behind some of the most devastating cyberattacks in recent years.

The agency said that it had identified “an intrusion campaign” in which hackers, linked to the Russian military intelligence agency GRU, committed the French software firm Centreon to install two pieces of malware on their clients’ networks. The “support chain attack” is similar to the recently discovered commitment of U.S. business software SolarWinds which breached several US government agencies and many others.

The intrusion campaign began in late 2017 and lasted until 2020, ANSSI said, adding that “it most affected information technology providers, especially web hosting providers.”

Centreon said in a statement that “he has taken note of the information,” adding that “it has not been shown at this stage that the identified vulnerability refers to a commercial version provided by Centreon during the period in question.”

The company lists Airbus, Air France, Thales, ArcelorMittal, Electricité de France (EDF) and the signature of Orange telecommunications among its clients, as well as the French Ministry of Justice. It is not clear how many or what organizations were penetrated through the software hack.

ANSSI said that the campaign “shares several similarities with previous campaigns attributed to the established intrusion called Sandworm,” which “is known to lead consecutive intrusion campaigns before focusing on specific goals that fit their strategic interests within the victim pool.”

The hacker group Sandworm has been linked to GRU by cybersecurity authorities and experts. The group is believed to be behind some of the most damaging cyberattacks in recent history, including the NotPetya ransomware outbreak in 2017 and the attacks on the Winter Olympic Games in South Korea.

European diplomats imposed sanctions on several officers of the Russian intelligence unit linked to Sandworm in relation to cyberattacks. The U.S. authorities also accused the hackers belonging to the same group and said the group was suspected to be behind the 2017 cyberattack at the then president of the Emmanuel Macron La République En Marche party.

The public mention of Sandworm by the French authorities is rare, as the country has traditionally been hesitant to attribute cyberattacks.

Cyberpunk 2077 developer, CD Projekt, hit by cyber attack

Cyberpunk 2077 developer, CD Projekt, hit by cyber attack

CD Projekt has been hit by a cyber attack, which compromised some of its internal systems including the source code to its flagship Cyberpunk 2077 game, dealing another blow for the Polish video game maker.

“An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note,” the company said on Twitter on Tuesday, adding it would not negotiate with the actor.

CD Projekt has been in the limelight recently amid the troubled roll-out of Cyberpunk 2077, leading Sony to pull the game from its PlayStation Store after just a week.

The cyber attacker gained access to source codes to Cyberpunk 2077, Wither 3, card game Gwent and an as yet unreleased version of Witcher 3, CD Projekt said.

The company’s shares were down 3% at 276 zlotys by 0948 GMT after dropping as much as 6.3%.

CD Projekt said its backup systems remained intact and it was still investigating the incident but to the best of its knowledge, the compromised systems did not contain any personal data of its players or users of its services.

VTB Capital analyst Vladimir Bespalov said the most immediate negative effect would be the need to allocate resources to repair the damage, which might slow down somewhat the company’s work on fixing Cyberpunk 2077.

“It is possible that since CD Projekt informed about the attack on its Twitter account and not via a regulatory filing, it is not worried that the attack has caused significant negative effect or the data might be irrelevant,” said Kacper Kopron, an analyst at Trigon DM.

Kopron saw the main risk for CD Projekt would be further losing trust among customers after the disappointing premiere of Cyberpunk 2077.

CD Projekt said it would not comment beyond the statement published on its social media account.

Shares in the company plunged at the end of last year amid the Cyberpunk roll-out problems, from a record high of 464.2 zlotys. They recovered losses after the recent Reddit-fueled retail frenzy caused short sellers to close their positions.

Reserve Bank of New Zealand’s IT system breached in cyber attack

The Reserve Bank of New Zealand's IT system breached in cyber attack

New Zealand’s reserve bank is working with cyber security specialists to assist it understand the affects of a breach of a third-party file-sharing system used to share and store info.

The Reserve Bank of New Zealand (Te Pūtea Matua) stated it had been instructed the assault was not particularly geared toward it, and other users of the file-sharing system from Accellion, generally known as File Transfer Application, have been also compromised.

The financial institution, alongside cyber safety specialists, is working to ascertain “the nature and extent of information that has been potentially accessed” and stated the compromised information “may include” commercially and personally delicate info.

Adrian Orr, governor of the Reserve Bank of New Zealand, stated the breach is contained and the financial institution is at present working to establish what info has been affected.

“We are actively working with domestic and international cyber security experts and other relevant authorities as part of our investigation,” Orr stated in a press release. “This contains the Government Communications Security Bureau’s National Cyber Security Centre [NCSC], which has been notified and is offering steering and recommendation.

No additional particulars of the assault have been accessible. “We recognise the public interest in this incident,” Orr added. “However, we are not in a position to provide further details at this time.”

Part of the explanation for not revealing extra particulars is to keep away from adversely have an effect on the investigation and the steps being taken to mitigate the breach, stated the financial institution.

The financial institution stated its predominant features are unaffected and it stays open for enterprise. “Our core functions and New Zealand’s financial system remain sound, and Te Pūtea Matua is open for business,” stated Orr. “This includes our markets operations and management of the cash and payments systems.”

The system has been secured and brought offline whereas investigations are below means and the financial institution is speaking with system customers about other ways to share information securely. “It will take time to understand the full implications of this breach, and we are working with system users whose information may have been accessed,” it stated.

New Zealand’s monetary sector was shaken just lately by a significant attack on the country’s stock exchange, which was hit by an unprecedented volumetric distributed denial of service (DDoS) attack final August. That assault was one other instance of cyber attackers breaching by a third-party provider’s service. 

Like central banks, inventory exchanges are very important to a functioning economic system, and even a brief outage may cause financial havoc.

New Zealand’s NCSC published a report in November that stated the nation’s “nationally significant organisations continue to be the target of frequent cyber attacks from a range of malicious actors”.

The report stated that from July 2019 to the tip of June 2020, the NCSC recorded 352 cyber safety incidents at nationally important organisations, in contrast with 339 incidents within the earlier 12 months. It added that 30% have been linked to state-sponsored actors.

The NCSC identified that the variety of incidents recorded was a small proportion of the overall incidents affecting New Zealand and New Zealanders. “This is because of our focus on providing support for nationally significant organizations and response to potentially high-impact cyber security events,” it stated.

Top 10 biggest cyber attacks of 2020

Toll Group cyber attack

Here is a list of 10 of the largest cyber attacks of a pandemic-dominated 2020, including several devastating ransomware incidents and a massive supply chain attack.

A pandemic-focused year made the events of 2020 unprecedented in numerous ways, and the cyber attacks were no different.

As the world transitioned to virtual everything — work, school, meetings and family gatherings — attackers took notice. Attackers embraced new techniques and a hurried switch to remote access increased cyberthreats across the board. For example, K-12 schools took a brunt of the hit, and new lows were reached like the exfiltration of student data. The list of top cyber attacks from 2020 include ransomware, phishing, data leaks, breaches and a devastating supply chain attack with a scope like no other. The virtually-dominated year raised new concerns around security postures and practices, which will continue into 2021.

While there were too many incidents to choose from, here is a list of 10 of the biggest cyber attacks of 2020, in chronological order.

  1. Toll Group

Toll Group tops the list for the year’s worst cyber attacks because it was hit by ransomware twice in three months. However, a spokesperson for Toll Group told SearchSecurity the two incidents were not connected and were “based on different forms of ransomware.” On Feb. 3 the Australia-based logistics company announced on Twitter that it had suffered a cyber attack. “As a precautionary measure, Toll has made the decision to shut down a number of systems in response to a cyber security incident. Several Toll customer-facing applications are impacted as a result. Our immediate priority is to resume services to customers as soon as possible,” Toll Group wrote on Twitter. The most recent attack occurred in May and involved a relatively new ransomware variant: Nefilim.

  1. Marriott International

For the second time in two years, the popular hotel chain suffered a data breach. On March 31, Marriott released a statement disclosing the information of 5.2 million guests was accessed using the login credentials of two employees at a franchise property. According to the notice, the breach affected an application used by Marriott to provide guest services. “We believe this activity started in mid-January 2020,” the statement said. “Upon discovery, we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests.” While the investigation is ongoing, Marriott said it has no reason to believe that the information included the Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers. However, compromised information may have involved contact details and information relating to customer loyalty accounts, but not passwords.

  1. Magellan

On May 12, the healthcare insurance giant issued a letter to victims stating it had suffered a ransomware attack. Threat actors had successfully exfiltrated logins, personal information and tax information. The scope of the attack included eight Magellan Health entities and approximately 365,000 patients may have been impacted. “On April 11, 2020, Magellan discovered it was targeted by a ransomware attack. The unauthorized actor gained access to Magellan’s systems after sending a phishing email on April 6 that impersonated a Magellan client,” the letter said. The company, which has over 10,000 employees, said at the time of the letter they were not aware of any fraud or misuse of any of the personal information. Phishing, a common attack vector, intensified over the year as threat actors refined their impersonation skills.

  1. Twitter

The popular social media company was breached in July by three individuals in an embarrassing incident that saw several high-profile Twitter accounts hijacked. Through a social engineering attack, later confirmed by Twitter to be phone phishing, the attackers stole employees’ credentials and gained access to the company’s internal management systems; dozens of high-profile accounts including those of former President Barack Obama, Amazon CEO Jeff Bezos, and Tesla and SpaceX CEO Elon Musk, were hacked. The threat actors then used the accounts to tweet out bitcoin scams that earned them over $100,000. Two weeks after the breach, the Department of Justice (DoJ) arraigned the three suspects and charged 17-year-old Graham Ivan Clark as an adult for the attack he allegedly “masterminded,” according to authorities.

  1. Garmin

The navigation tech supplier suffered a cyber attack that encrypted some of its systems and forced services offline. Though Garmin first reported it as an outage, the company revealed on July 27 that it was the victim of a cyber attack which resulted in the disruption of “website functions, customer support, customer-facing applications, and company communications.” The press release also stated there was no indication that any customer data was accessed, lost or stolen. Speculation rose that the incident was a ransomware attack, although Garmin never confirmed. In addition, several media outlets reported that they gave in to the attackers’ demands, and a ransom had been paid. Some news outlets reported it as high as $10 million.

  1. Clark County School District

The attack on the Clark County School District (CCSD) in Nevada revealed a new security risk: the exposure of student data. CCSD revealed it was hit by a ransomware attack on Aug. 27 which may have resulted in the theft of student data. After the district declined to pay the ransom, an update was posted saying it was aware of media reports claiming student data had been exposed on the internet as retribution. While it’s unclear what information was, the threat of exposing stolen student data was a new low for threat actors and represented a shift to identity theft in attacks on schools.

  1. Software AG

The German software giant was the victim of a double extortion attack that started on Oct. 3, which resulted in a forced shutdown of internal systems and ultimately a major data leak. Files were encrypted and stolen by operators behind the Clop ransomware. According to multiple news outlets, a $20 million ransom was demanded, which Software AG declined to pay. As a result, the ransomware gang followed through with its promise and published confidential data on a data leak site including employees’ passport details, internal emails and financial information. Operators behind the Clop ransomware weren’t the only group utilizing a double extortion attack. The name-and-shame tactic became increasingly common throughout 2020 and is now the standard practice for several ransomware gangs.

  1. Vastaamo Psychotherapy Centre

The largest private psychotherapy provider in Finland confirmed it had become the victim of a data breach on October 21, where threat actors stole confidential patient records. The attack set a new precedent; rather than making demands of the organization, patients were blackmailed directly. As of last month, 25,000 criminal reports had been submitted to Finland police. In addition, the government’s overall response to the incident was significant, both in urgency and sensitivity. Finland’s interior minister called an emergency meeting with key cabinet members and provided emergency counseling services to potential victims of the extortion scheme.

  1. FireEye and SolarWinds supply chain attack victims

FireEye set off a chain of events on Dec. 8th when it disclosed that suspected nation-state hackers had breached the security vendor and obtained FireEye’s red team tools. On Dec. 13, the company disclosed that the nation-state attack was the result of a massive supply chain attack on SolarWinds. FireEye dubbed the backdoor campaign “UNC2452” and said it allowed threat actors to gain access to numerous government and enterprise networks across the globe. According to a joint statement Dec. 17 by the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency and the Office of the Director of National Intelligence, the attacks are ongoing. Additionally, the statement revealed that the supply chain attack affected more than just the Orion platform. CISA said it has “evidence that the Orion supply chain compromise is not the only initial infection vector leveraged by the APT actor.” Since the statement, major tech companies such as Intel, Nvidia and Cisco disclosed they had received the malicious SolarWinds updates, though the companies said they’ve found no evidence that threat actors exploited the backdoors and breached their networks. However, Microsoft disclosed on Dec. 31 that threat actors infiltrated its network and viewed — but did not alter or obtain — the company’s source code. Microsoft also said there is no evidence the breach affected customer data or the company’s products and services.

  1. SolarWinds

The scope of the attack, the sophistication of the threat actors and the high-profile victims affected make this not only the biggest attack of 2020, but possibly of the decade. The incident also highlights the dangers of supply chain attacks and brings into question the security posture of such a large company. Threat actors, who had performed reconnaissance since March, planted a backdoor in SolarWinds’ Orion platform, which was activated when customers updated the software. SolarWinds issued a security advisory about the backdoor which the vendor said affected Orion Platform versions 2019.4 HF5 through 2020.2.1, which were released between March 2020 and June 2020. “We have been advised this attack was likely conducted by an outside nation-state and intended to be a narrow, extremely targeted and manually executed attack, as opposed to a broad, system-wide attack,” the company said. In the three-week-long investigation since, the full breadth of the attack has grown immensely, but is still not yet fully understood.

Cyber-Attack on US Laboratory

Cyber-Attack on US Laboratory

An American laboratory specializing in home phlebotomy has disclosed a cyber-attack that occurred five months ago after data stolen in the attack turned up online.

Apex Laboratory opened in 1997 and is based in Farmingdale, New York. The company has provided medical testing services to hundreds of home health agencies and thousands of physicians in New York and South Florida.

On July 25, 2020, Apex learned that it had become the victim of a cyber-attack that rendered certain files and systems inaccessible. Network access was restored along with the impacted data, and the company resumed normal operations on July 27. 

A third-party cyber forensic analyst was hired by Apex to investigate the attack. The investigation found no evidence of unauthorized access or acquisition of patient information, and Apex did not disclose the incident. 

However, Apex discovered last month that the cyber-criminals behind the attack had stolen “personal and health information for some patients” and posted it online on their blog. Information believed to have been taken includes patient names, dates of birth, test results, and, for some individuals, Social Security numbers and phone numbers.

Apex is yet to reveal how many patients were impacted by the incident, but the laboratory did say that the information stolen by the threat actors could have been pinched over a four-day period. 

“It is believed that this information may have been acquired from Apex’s systems between July 21, 2020 and July 25, 2020,” stated Apex. 

From a notice of data event posted by Apex on December 31, the attack sounds like it might have involved ransomware.  

The notice states: “On July 25, 2020, Apex Laboratory of Farmingdale, NY (‘Apex’) discovered that it was the victim of a cyber-attack and that certain systems in its environment were encrypted and inaccessible.”

Apex didn’t say that it paid a ransom to the cyber-attackers; however, the speedy restoration of the impacted data and the removal of the stolen data from the hacker’s blog might suggest some communication between the criminals and their victim has occurred. 

The company said that it is “unaware of any actual or attempted misuse of any information other than the extracting of this data as part of the cyber-attack.”

Developer Koei Tecmo Shuts Down Official Sites After Cyber Attack

Developer Koei Tecmo Shuts Down Official Sites After Cyber Attack

Koei Tecmo’s European department not too long ago succumbed to a cyber assault, which has pressured the shut down of two of the corporate’s official web sites.

Dynasty Warriors and Nioh writer Koei Tecmo has succumbed to a cyber assault at its European department, leading to the shut down of the corporate’s official American and European web sites. In early November, Capcom, too, grew to become the sufferer of a ransomware assault. Thus far, it appears as if the assault on Koei Tecmo just isn’t fairly as extreme.

The hack on Capcom’s community and servers resulted within the leaking of worker emails and different delicate info. In the weeks for the reason that hack, a complete host of different particulars have surfaced as properly, a lot of it associated to the writer’s future plans. For instance, story spoilers for Resident Evil Village surfaced two weeks in the past as a result of information breach. Previously unannounced video games have been prematurely outed, too, main many to surprise how the writer intends to navigate reveals and data drops going ahead.

As reported by DualShockers, Koei Tecmo divulged that its European department had suffered a cyber assault. As such, login particulars for upwards of 65,000 person accounts on the writer’s official European boards could also be in danger. An investigation into the matter revealed the doubtlessly susceptible info consists of accounts names, mail addresses, and passwords, although the latter is supposedly in an “encrypted state.” Fortunately, the investigation additionally concluded that, up to now, bank card particulars and the like have not been compromised. The similar holds true for different delicate employees and person information.

In an effort to mitigate additional injury, Koei Tecmo has shuttered websites hooked up to each its American and European branches. Upon visiting both web site, customers will discover a white web page that reads, “Due to the possibility of an external cyberattack on this website, it is temporarily closed as we investigate the issue.” And whereas nothing appears clear minimize as of but, it is believed the assault was initially launched on December 25.

It would not appear as if this explicit assault is sort of as extreme because the hack that struck Capcom’s networks in November. Thus, Koei Tecmo, its staff, and customers needs to be spared from fears of delicate info doubtlessly leaking on-line. However, anybody who makes use of Koei Tecmo web sites, even perhaps by way of American servers, can be sensible to alter their log in info as quickly as attainable.

This is undoubtedly an unlucky approach to shut out what was an in any other case good yr for the Japanese firm. For one, Team Ninja’s Nioh 2 launched on PlayStation 4 this previous spring, promoting appreciably with a million copies offered as of May. Plus, Koei Tecmo revealed Omega Force’s and P-Studio’s Persona 5 Strikers in Japan, with a worldwide launch set for early 2021.

Antwerp laboratory becomes latest victim of cyber-attack

Antwerp laboratory becomes latest victim of cyber-attack

An Antwerp laboratory working closely on the management of the Covid-19 epidemic has been the victim of a cyber-attack. The hackers are demanding a ransom.

The attack took place on the General Medical Laboratory (AML) in the Antwerp district of Hoboken. Hackers installed ransomware on the lab’s website, bringing it to a standstill. As is typical in a case of a ransomware attack, the hackers are demanding a ransom before they release the site from captivity.

Attempts this morning to contact the AML site failed.

“After an extensive analysis by our security teams, it was decided to disconnect the network as a precaution,” said ICT manager Maarten Vanheusden. “That way we can see step by step what exactly is infected.”

The AML, a private enterprise, handles about 3,000 Covid-19 tests a day, or about 5% of he national total. As such, it is the largest private lab in the country dealing with the Covid-19 crisis.

It remains unclear if the attack was also aimed at data theft. Ransomware attacks are typically an end in themselves, the attacker only interested in extracting a ransom. Data thieves try to cover their tracks, while ransomware attackers do the very opposite.

“At the moment it seems that no patient data has been stolen,” Vanheusden said.

“This hostage action rather points to specific economic blackmail. We also have no idea from which source this attack comes.”

The lab reported the attack to the Antwerp prosecutor’s office, and the case is now in the hands of the federal Computer Crimes Unit.

The AML attack is the latest in a series of attacks on sites related to the Covid-19 pandemic, the VRT reports. Earlier this month, the European Medicines Agency (EMA) in Amsterdam was the target of an attack. The hackers were able to obtain documents about Pfizer’s corona vaccine.

Cyber attack in Finland hits email accounts of MPs and parliament

The Speaker of the Parliament described the breach as "a serious attack on our democracy and Finnish society".

Email accounts belonging to Finnish MPs have been compromised throughout a cyberattack on the nation’s parliament within the autumn, it is emerged.

Police say they’re investigating the “suspected gross hacking and espionage” however haven’t revealed particulars of what info was misplaced.

“The act is not accidental,” mentioned crime commissioner Tero Muurman, revealing the incident in a statement on December 28.

“At this stage, there is a possibility that unknown actors have been able to obtain information through the hacking, either for the benefit of a foreign state or to harm Finland.”

“The burglary has affected more than one person, but unfortunately we cannot tell the exact number without jeopardising the ongoing preliminary investigation.”

While Finland has seen numerous service assaults on state our bodies in recent times, closing down web sites for a number of hours, Muurman mentioned this breach was of explicit concern.

“This case is exceptional in Finland, serious due to the quality of the target and unfortunate for the victims,” he mentioned.

Finland’s parliament mentioned it was cooperating with the investigation into the assault, which was detected throughout “internal technical controls”.

“The cyber strike on parliament is a serious attack on our democracy and on Finnish society,” Anu Vehvilainen, speaker of Finland’s parliament, mentioned in a statement.

“We must make every effort to ensure a high level of security in both the public and private sectors.”

“In order to strengthen cybersecurity, we need our own national actions as well as active action at EU level and other international cooperation.”