Connect with us

Technology

Hacker accessed ‘frail’ HSE system two months before ransomware attack

Voice Of EU

Published

on

A report found that the opening of a malicious email attachment gave an attacker access to the HSE’s system eight weeks before the ransomware attack.

There were “missed” opportunities to prevent the ransomware attack that hit Ireland’s health service earlier this year.

That’s according to a report commissioned by the Health Service Executive (HSE) board and carried out by PwC.

The report, released today (10 December), found that the attacker gained access to the HSE’s systems eight weeks before the ransomware was detonated.

They were able to achieve their objectives “with relative ease” due to the “frailty” of the HSE’s IT estate, according to the report, and there was a “lack of structures and processes in place to deal with the incident”.

‘Missed’ opportunities

In May of this year, the HSE was subjected to a cyberattack that infiltrated its IT systems using Conti ransomware. More than 80pc of IT infrastructure was affected and there were severe impacts on the health service in Ireland.

But according to the PwC report, the source of the cyberattack originated eight weeks earlier. An employee clicked on a malicious Microsoft Excel file that was attached to a phishing email sent on 16 March.

The attacker gained unauthorised access to the HSE’s system when that link was opened on 18 March, and operated in the system over an eight-week period leading up to the ransomware detonation on 14 May.

This included compromising a “significant number” of accounts with high levels of privileges, compromising a “significant number” of servers and exfiltrating data, the report found.

It added that there were several detections of the attacker’s activity by a number of hospitals in this period before the ransomware attack, but these did not result in a cybersecurity investigation by the HSE.

“As a result, opportunities to prevent the successful detonation of the ransomware were missed,” the report said.

‘Frail IT estate’

PwC said there were a number of mitigating factors that had a considerable effect in reducing the impact of the attack.

It found that the attacker used relatively well-known techniques and software to execute the attack, while a more sophisticated attack could have had a greater impact.

The release of the decryption key by the attacker on 20 May also allowed for an accelerated recovery process. The report said it is unclear how much data would have been unrecoverable without this development, as “the HSE’s backup infrastructure was only periodically backed up to offline tape”.

It pointed to the swift response to the incident, with HSE staff, State agencies and third parties going “above and beyond” to assist in the response and recovery.

But the report concluded that a low level of cybersecurity maturity combined with the “frailty” of the HSE’s IT systems enabled the attacker to achieve their objectives “with relative ease”.

“The HSE is operating on a frail IT estate that has lacked the investment over many years required to maintain a secure, resilient, modern IT infrastructure. It does not possess the required cybersecurity capabilities to protect the operation of the health services and the data they process from the cyberattacks that all organisations face today,” the report said.

“It does not have sufficient subject matter expertise, resources or appropriate security tooling to detect, prevent or respond to a cyberattack of this scale.”

‘Important lessons’

PwC said the HSE “remains vulnerable” to cyberattacks and made a number of recommendations in its report.

These include appointing a chief technology and transformation officer and a chief information security officer, enhancing its ICT strategy and implementing a cybersecurity transformation programme.

HSE CEO Paul Reid said the report was commissioned to assess how the cyberattack happened and to set out tactical actions needed next.

“The report sets this out in quite a lot of detail,” he added. “We have initiated a range of immediate actions and we will now develop an implementation plan and business case for the investment to strengthen our resilience and responsiveness in this area.”

The HSE said it has already started implementing recommendations in the report and begun engaging with the Department of Health to agree a multi-year ICT and cybersecurity transformation programme.

“It is clear that our IT systems and cybersecurity preparedness need major transformation,” added HSE chair Ciarán Devane.

“This report highlights the speed with which the sophistication of cybercriminals has grown, and there are important lessons in this report for public and private sector organisations in Ireland and beyond.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Technology

Iran reveals use of cryptocurrency to pay for imports • The Register

Voice Of EU

Published

on

Iran has announced it used cryptocurrency to pay for imports, raising the prospect that the nation is using digital assets to evade sanctions.

Trade minister Alireza Peyman Pak revealed the transaction with the tweet below, which translates as “This week, the first official import order was successfully placed with cryptocurrency worth ten million dollars. By the end of September, the use of cryptocurrencies and smart contracts will be widespread in foreign trade with target countries.”

It is unclear what Peman Pak referred to with his mention of widespread use of crypto for foreign trade, and the identity of the foreign countries he mentioned is also obscure.

But the intent of the announcement appears clear: Iran will use cryptocurrency to settle cross-border trades.

That’s very significant because Iran is subject to extensive sanctions aimed at preventing its ability to acquire nuclear weapons and reduce its ability to sponsor terrorism. Sanctions prevent the sale of many commodities and technologies to Iran, and financial institutions aren’t allowed to deal with their Iranian counterparts, who are mostly shunned around the world.

As explained in this advisory [PDF] issued by the US Treasury, Iran has developed numerous practices to evade sanctions, including payment offsetting schemes that let it sell oil in contravention of sanctions. Proceeds of such sales are alleged to have been funnelled to terrorist groups.

While cryptocurrency’s anonymity has been largely disproved, trades in digital assets aren’t regulated so sanctions enforcement will be more complex if Iran and its trading partners use crypto instead of fiat currencies.

Which perhaps adds more weight to the argument that cryptocurrency has few proven uses beyond speculative trading, making the ransomware industry possible, and helping authoritarian states like Iran and North Korea to acquire materiel for weapons.

Peyman Pak’s mention of “widespread” cross-border crypto deals, facilitated by automated smart contracts, therefore represents a challenge to those who monitor and enforce sanctions – and something new to worry about for the rest of us. ®



Source link

Continue Reading

Technology

Edwards Lifesciences is hiring at its ‘key’ Shannon and Limerick facilities

Voice Of EU

Published

on

The medtech company is hiring for a variety of roles at both its Limerick and Shannon sites, the latter of which is being transformed into a specialised manufacturing facility.

Medical devices giant Edwards Lifesciences began renovations to convert its existing Shannon facility into a specialised manufacturing centre at the end of July.

The expansion will allow the company to produce components that are an integral part of its transcatheter heart valves. The conversion is part of Edwards Lifesciences’ expansion plan that will see it hire for hundreds of new roles in the coming years.

“The expanded capability at our Shannon facility demonstrates that our operations in Ireland are a key enabler for Edwards to continue helping patients across the globe,” said Andrew Walls, general manager for the company’s manufacturing facilities in Ireland.

According to Walls, hiring is currently underway at the company’s Shannon and Limerick facilities for a variety of functions such as assembly and inspection roles, manufacturing and quality engineering, supply chain, warehouse operations and project management.

Why Ireland?

Headquartered in Irvine, California, Edwards Lifesciences established its operations in Shannon in 2018 and announced 600 new jobs for the mid-west region. This number was then doubled a year later when it revealed increased investment in Limerick.

When the Limerick plant was officially opened in October 2021, the medtech company added another 250 roles onto the previously announced 600, promising 850 new jobs by 2025.

“As the company grows and serves even more patients around the world, Edwards conducted a thorough review of its global valve manufacturing network to ensure we have the right facilities and talent to address our future needs,” Walls told SiliconRepublic.com

“We consider multiple factors when determining where we decide to manufacture – for example, a location that will allow us to produce close to where products are utilised, a location that offers advantages for our supply chain, excellent local talent pool for an engaged workforce, an interest in education and good academic infrastructure, and other characteristics that will be good for business and, ultimately, good for patients.

“Both our Shannon and Limerick sites are key enablers for Edwards Lifesciences to continue helping patients across the globe.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Technology

Meta’s new AI chatbot can’t stop bashing Facebook | Meta

Voice Of EU

Published

on

If you’re worried that artificial intelligence is getting too smart, talking to Meta’s AI chatbot might make you feel better.

Launched on Friday, BlenderBot is a prototype of Meta’s conversational AI, which, according to Facebook’s parent company, can converse on nearly any topic. On the demo website, members of the public are invited to chat with the tool and share feedback with developers. The results thus far, writers at Buzzfeed and Vice have pointed out, have been rather interesting.

Asked about Mark Zuckerberg, the bot told BuzzFeed’s Max Woolf that “he is a good businessman, but his business practices are not always ethical. It is funny that he has all this money and still wears the same clothes!”

The bot has also made clear that it’s not a Facebook user, telling Vice’s Janus Rose that it had deleted its account after learning about the company’s privacy scandals. “Since deleting Facebook my life has been much better,” it said.

The bot repeats material it finds on the internet, and it’s very transparent about this: you can click on its responses to learn where it picked up whatever claims it is making (though it is not always specific).

This means that along with uncomfortable truths about its parent company, BlenderBot has been spouting predictable falsehoods. In conversation with Jeff Horwitz of the Wall Street Journal, it insisted Donald Trump was still president and would continue to be “even after his second term ends in 2024”. (It added another dig at Meta, saying Facebook “has a lot of fake news on it these days”.) Users have also recorded it making antisemitic claims.

BlenderBot’s remarks were foreseeable based on the behavior of older chatbots such as Microsoft’s Tay, which Twitter users quickly taught to be a racist conspiracy theorist, forcing the company to apologize for its “wildly inappropriate and reprehensible words and images”. GPT-3, another AI system, has also delivered racist, misogynist and homophobic remarks. A South Korean startup’s chatbot, designed to resemble a 20-year-old college student, had to be suspended after it rattled off racial slurs and anti-LGBTQ+ remarks.

Given the cesspool that is the internet, Meta appears to have expected similar things from its own service. Before logging on, users must acknowledge that BlenderBot is “likely to make untrue or offensive statements”. As Vice notes, Meta researchers have described the AI tech behind the bot as having “a high propensity to generate toxic language and reinforce harmful stereotypes, even when provided with a relatively innocuous prompt”.

“Everyone who uses Blender Bot is required to acknowledge they understand it’s for research and entertainment purposes only, that it can make untrue or offensive statements, and that they agree to not intentionally trigger the bot to make offensive statements,” said a Meta spokesperson in a statement.

My own conversation with BlenderBot did not veer into that territory, but it did highlight another flaw in the service: its utter inanity.

The bot began by asking me what subject I liked in school. The bot is open about which “persona” it is using in the conversation; our discussion involved a persona it described as “I like to read. I went to college.” When I asked it tough questions, such as which colleges accepted AI bot students, it offered nonsensical replies (“in some ways, aren’t we all chatbots?” No) and offered further reading by saying, “Here’s the link”, without providing a link. It also kept steering the conversation back to chatbots.

It did, however, maintain its firm stance against its own creators. When I said I wasn’t a fan of Facebook’s ethics, it wholeheartedly agreed: “Me too! That is why I stopped using it and just stick with reading books instead.”



Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!