Connect with us

Technology

What’s going on with the HSE cyberattack?

Voice Of EU

Published

on

What is Conti ransomware? Who is Wizard Spider? Here’s what you need to know about the HSE cyberattack.

Overnight last Thursday (13 May), the Irish Health Service Executive (HSE) suffered a “significant and serious” cyberattack.

Said to be the most serious cyberattack ever to hit the State’s critical infrastructure, healthcare services across the country were impacted. Forced to shut down their IT systems on Friday, hospitals and other HSE services were left without access to electronic health records, causing significant disruption.

Disruption continued through the weekend and the HSE continues to provide updates on the impact of the attack via HSE.ie.

As of today (17 May), most healthcare appointments will continue as planned. However, the HSE advised that x-ray appointments in particular are severely affected.

Covid-19 vaccination services continue to operate with no disruption. Emergency health services across the country are also continuing as usual, however there may be delays in service provision.

What happened?

Investigations into the HSE cyberattack are ongoing but what we do know so far is that Cobalt Strike Beacon, a tool that can give remote access to hackers, was found on the HSE’s IT system. This enabled attackers to move within the computer network and execute their malware.

The malware unleashed by the hackers is a form of ransomware known as Conti.

What is Conti ransomware?

“Conti is designed to be operated by the attacker, rather than via an automated process, and it contains unique features that allow a more targeted and quicker attack,” said Patrick Wragg, cyber incident response manager at Integrity360.

“Conti’s ransomware operations have targeted a wide variety of sectors globally, which include construction, manufacturing, and retail,” Wragg added.

Ransomware encrypts the files on a system and demands payment to restore access. The information being held to ransom in this case could include patient data, though this has not yet been confirmed. However, if hackers have gained access to sensitive information such as this via the attack, the HSE could be doubly vulnerable.

Conti is known as ‘double-extortion’ ransomware, meaning that as well as holding access to systems to ransom, the malware might also steal information stored on the system. Hackers can then threaten to release this private information online if a payment is not made.

Has the HSE cyberattack infiltrated other systems?

On Thursday, the National Cyber Security Centre (NCSC) was made aware of the HSE cyberattack as well as an attempted attack on the Department of Health.

The NCSC implemented a response plan that included the suspension of some functions of IT systems as a precautionary measure. In the case of the Department of Health, the attempt to execute the ransomware was detected and prevented by the cybersecurity measures in place.

This attack and the HSE cyberattack are still under investigation by the NCSC, alongside An Garda Síochána, the Office of the Government Chief Information Officer and third-party contractors.

Who is behind the HSE cyberattack?

Wizard Spider, an organised group of cyber-criminals based in eastern Europe, is reportedly behind both the HSE cyberattack and the attempted attack on the Department of Health. This group has taken to targeting large organisations with high ransoms in recent years.

“What we’ve seen in our line of work is that the people behind these ransomware attacks are typically organised crime syndicates,” said Smarttech247 CEO and founder Ronan Murphy.

“Some of the high profile attacks on critical infrastructure in Europe and North America in recent times have been carried out by organised crime syndicates coming out of eastern Europe and Russia.”

Why were HSE IT systems shut down?

Support Silicon Republic

Shutting down the HSE’s IT systems serves both as a precautionary measure and allows cybersecurity teams to investigate the attack.

“In shutting everything down, it would appear HSE were unable to confidently isolate the problem by switching off just part of the network or even just quarantining the problematic IT assets out of the network,” suggested Amit Serper, assistant vice-president of security research at Guardicore Labs.

How long will it take to get HSE services back online?

Currently, specialists are working to clean infected devices and restore the HSE’s IT systems. Brooks Wallace, VP for the EMEA branch of Deep Instinct, explained: “Not only will they have to triage the infected machines, but they will also need to stop the lateral spread, likely using multiple tools, and consoles but with limited resources.”

There is no quick fix. Unpicking this long route out of a tangled web is what has to be done, as the only alternative is to give in to the attackers’ demands. “The more sensible option is to recover compromised data and rebuild systems from scratch, but in some cases this can take weeks,” said Noel O’Grady, director of Sungard Availability Services Ireland.

Why not just pay the ransom?

Paying ransoms for cyberattacks is not advised. “First instinct may be to just give in to demands, but paying hackers sends the message than an organisation is willing to hand over money and can put a target on them for future attacks,” said O’Grady.

Unfortunately, because some victims of ransomware have shelled out big sums to attackers, this has become big business, which leads to more attacks. In the case of the recent Colonial Pipeline cyberattack, it’s reported that the payment of a $5m ransom has only exasperated this escalating problem.

The HSE, on the other hand, “is absolutely correct in containing the problem”, according to Paul Donegan, Palto Alto Networks country manager for Ireland.

According to a study from Unit 42, the threat intelligence arm of Palo Alto Networks, the average ransom paid more than tripled in 2020 to more than $300,000, while the highest demand from cyber-extortionists reached $30m. This is already heightening in 2021, with average pay-outs almost tripling again and a new record demand of $50m reported by Unit 42.

Should other organisations be on alert for similar attacks?

In a word, yes. The NCSC issued an advisory on the HSE cyberattack which offers guidance for other organisations to detect and prevent a similar attack. This advisory will be updated as more details are revealed through the investigation.

Brian Honan, CEO and founder of BH Consulting and former special adviser on cybersecurity to Europol, strongly recommended all government agencies and private sector companies follow the NCSC guidance and to check systems for the indicators of compromise in its advisory.

Honan also recommended the DFIR Report’s information on Conti ransomware for more indicators as well as the known tactics, techniques and procedures of this cyber threat.

What can be done to effectively guard against such attacks in future?

In response to the HSE cyberattack, some cybersecurity professionals have pointed to the principle of ‘zero trust’ as an answer to these increasing threats from attackers.

“The driving principle of zero trust is ‘trust nothing and verify everything’,” explained Donegan. “It helps those that implement it to defend against all known attack vectors, including malicious insider and phishing attacks, by restricting the attacker’s ability to move through the network and alerting on their activities as they attempt to do so.”

Others have pointed to the dangers of overworked staff present to effective cybersecurity policies. “Given the nature of the industry, healthcare personnel are often severely time constrained, leading them to click, download, and rapidly handle email, while possibly falling victim to carefully-crafted social engineering based email attacks,” said Peter Carthew, director of public sector for UK and Ireland at Proofpoint.

“Nearly all targeted attacks rely on human interaction to work. Educating and training workers on what to watch out for, maintaining offline backups, implementing strong password policies, and developing ransomware response playbooks are vital defences against the numerous threats facing the sector today,” he said.

Oz Alashe, CEO and founder of CybSafe, emphasised this need to focus on the human factors of cybersecurity risk. “It’s crucial that public sector organisations are taking steps to not only raise awareness of such cyber threats, but also provide security training and support that takes this human aspect into consideration in order to help prevent these attacks in future.”

This all-hands approach is one way to alleviate the burden on cybersecurity teams, who are struggling to protect against the variety and strength of attacks out there. A recent Proofpoint survey of global chief information security officers (CISOs) showed that they are feeling overwhelmed by the vast array of threats coming from all angles. With so many threats to protect from, prioritisation becomes an issue, with only 25pc of public sector CISOs listing ransomware in their top three cyber threats.

For further guidance on preventing ransomware, BH Consulting’s whitepaper offers advice on where to start in planning these defences.



Source link

Technology

Web ad firms scrape email addresses before you know it • The Register

Voice Of EU

Published

on

Tracking, marketing, and analytics firms have been exfiltrating the email addresses of internet users from web forms prior to submission and without user consent, according to security researchers.

Some of these firms are said to have also inadvertently grabbed passwords from these forms.

In a research paper scheduled to appear at the Usenix ’22 security conference later this year, authors Asuman Senol (imec-COSIC, KU Leuven), Gunes Acar (Radboud University), Mathias Humbert (University of Lausanne) and Frederik Zuiderveen Borgesius, (Radboud University) describe how they measured data handling in web forms on the top 100,000 websites, as ranked by research site Tranco.

The boffins created their own software to measure email and password data gathering from web forms – structured web input boxes through which site visitors can enter data and submit it to a local or remote application.

Providing information through a web form by pressing the submit button generally indicates the user has consented to provide that information for a specific purpose. But web pages, because they run JavaScript code, can be programmed to respond to events prior to a user pressing a form’s submit button.

And many companies involved in data gathering and advertising appear to believe that they’re entitled to grab the information website visitors enter into forms with scripts before the submit button has been pressed.

“Our analyses show that users’ email addresses are exfiltrated to tracking, marketing and analytics domains before form submission and without giving consent on 1,844 websites in the EU crawl and 2,950 websites in the US crawl,” the researchers state in their paper, noting that the addresses may be unencoded, encoded, compressed, or hashed depending on the vendor involved.

Most of the email addresses grabbed were sent to known tracking domains, though the boffins say they identified 41 tracking domains that are not found on any of the popular blocklists.

“Furthermore, we find incidental password collection on 52 websites by third-party session replay scripts,” the researchers say.

Replay scripts are designed to record keystrokes, mouse movements, scrolling behavior, other forms of interaction, and webpage contents in order to send that data to marketing firms for analysis. In an adversarial context, they’d be called keyloggers or malware; but in the context of advertising, somehow it’s just session-replay scripts.

Gunes Acar, one of the report co-authors, was also the co-author of a similar research project in 2017 that looked at data gathering by session-replay companies Yandex, FullStory, Hotjar, UserReplay, Smartlook, Clicktale, and SessionCam.

Evidently, not much has changed since then, except perhaps that email addresses have become more desirable as unique identifiers now that privacy-oriented browsers like Brave, Firefox, and Safari are taking more steps to block cookies and tracking scripts.

Email addresses, the researchers observe, represent a cookie replacement because they’re unique, persistent, and can be used to track people across applications, platforms, and even offline interactions that may be tied to an email address like loyalty card transactions.

The website categories with the most leaking forms include: Fashion/Beauty (11.1 per cent, EU; 19 per cent US); Online Shopping (9.4 per cent EU; 15.1 per cent US); and General News (6.6 per cent EU; 10.2 per cent US).

Websites categorized as Pornography had the best privacy when it comes to surreptitious form data harvesting.

“A somehow surprising result was the following: despite filling email fields on hundreds of websites categorized as Pornography, we have not a single email leak,” the researchers say, noting that previous studies of adult-oriented websites have relatively fewer third-party trackers than similarly popular general interest websites.

Those pesky regulations

The report authors say that EU websites practicing email exfiltration may be in violation of at least three GDPR requirements: transparency, purpose limitation, and prior consent. Firms found to be violating these rules can be fined up to $20m euros or 4 per cent of annual revenue, per Article 83(5).

The US doesn’t have a federal data privacy law, though it’s conceivable one of the handful of US states with applicable privacy rules could take action against pre-submission form harvesting. But given the toothlessness of US privacy regulation over the past decade, don’t expect much.

The authors say they attempted to contact 58 first-parties and 28 third-parties with GDPR requests. They report receiving 30 responses from the first-parties, which varied from surprise and remediation to justifications of one sort or another.

“fivethirtyeight.com (via Walt Disney’s DPO), trello.com (Atlassian), lever.co, branch.io and cision.com were among the websites that said they had not been aware of the email collection prior to form submission on their websites and removed the behavior,” the report says.

Marriott, meanwhile, said the information collected by digital analytics firm Glassbox helps with customer care, technical support, and fraud prevention.

Third-parties Taboola, Zoominfo, and ActiveProspect defended their data collection practices.

Facebook, aka Meta, is among the third-parties involved in this. The researchers say that email addresses or their hashes were spotted being sent to facebook.com from 21 different websites in the EU.

“On 17 of these, Facebook Pixel’s Automatic Advanced Matching feature was responsible for sending the SHA-256 of the email address in a SubscribedButtonClick event, despite not clicking any submit button,” the report says.

Advanced Matching – called out recently for harvesting student loan data – is designed to collect hashed customer data, such as email addresses, phone numbers, and names from checkout, sign-in, and registration forms. The researchers speculate that on these sites, Facebook’s script treats clicks on non-submit buttons as a click event for the submit button.

Facebook did not respond to a request for comment.

The report concludes that browser vendors, regulators, and privacy tool makers need to deal with this issue because it isn’t going away. “Based on our findings, users should assume that the personal information they enter into web forms may be collected by trackers – even if the form is never submitted,” the report concludes. ®

Source link

Continue Reading

Technology

VC funding in Ireland rose in Q1, but not for deals under €10m

Voice Of EU

Published

on

A William Fry-commissioned report has found that funding deals under €10m have taken a big hit in the first three months of 2022.

Venture capital funding into Irish tech businesses was up by more than 50pc in the first quarter of this year, but there’s an unfortunate and potentially troubling caveat to that.

The Irish Venture Capital Association (IVCA) has published today (15 May) its latest report on VC funding into tech start-ups and SMEs in Ireland, which found that the investments increased by 52pc to €379.7m in the first three months of 2022, compared to the same period last year.

Future Human

But the report, commissioned by Dublin law firm William Fry, also found that VC funding in deals valued less than €10m have taken a hit.

IVCA chair Nicola McClafferty said that the headline figure of a funding boost conceals a “potentially worrying fall” of 30 to 50pc across all categories of deals under €10m – including seed funding.

“All the growth came from eight deals worth over €10m each, including three over €30m. While the momentum carried over from last year has continued for more established companies raising large rounds, some of that impetus seems to have stalled for earlier stage companies.”

Even the total number of deals overall fell by almost a third to 50 from 74 in the same period last year.

McClafferty said that this could be related to international trends affecting the business world right now, such as Russia’s invasion of Ukraine.

“While challenging market conditions may continue, we also know that many great companies are started and built in times of downturn, so we await with interest the data in the coming quarters,” she added.

Deals in the €5m to €10m range fell in value by more than half, while those in the €1m to €5m range also halved from €70.3m last year to €34.5m in Q1 2022. The value of deals below €1m dropped by 31pc to €8.9m.

Seed funding also took a hit, falling by nearly 40pc to €22.3m from €36.5m last year.

Nearly four-fifths of all funding came from overseas sources, according to IVCA director-general Sarah-Jane Larkin.

“While this is to be welcomed and emphasises the quality of Irish tech firms and their appeal to international investors, we have expressed concern before about where any shortfall would be made up if the global economy contracts,” she said.

Wayflyer, Ireland’s latest tech unicorn, led the way in terms of total value of funding received with a $150m in Series B funding valuing the start-up at $1.6bn. Flipdish, another Irish tech start-up that became a unicorn this year, raised $100m reaching a $1.25bn valuation.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Technology

Taking his advice was like ‘chewing broken glass’: the short life of dating guru Kevin Samuels | Relationships

Voice Of EU

Published

on

As a source of dating advice, Kevin Samuels would seem a last resort for America’s Black women. On his YouTube show and podcasts, Samuels criticized Black women for being old and out of shape, and for having children out of wedlock. He sneered at “modern women” who flaunted their multiple college degrees and boasted of their independence. He dropped these bombs in the softest voice, in a tailored suit, and bathed in mood lighting with a funky kinetic energy sculpture on his desk.

Yet many women not only tuned in to Samuels in droves, they cued up to Zoom into his show – some in hopes of putting the self-made image consultant turned relationship expert in his place. When Samuels suddenly died last Thursday in Atlanta at 57, as his star was still rising (the Fulton county medical examiners office has not yet revealed a cause of death), his many detractors reacted like Munchkins at the feet of the Wicked Witch of the East. The overwhelming lack of sympathy for Samuels – whose mother reportedly found out about his death as speculation raged online – comes down to his profiting from dismissing single Black women over 35 as “leftovers” whose unrealistic desire for “high-value men” would doom them to a lonely death.

On a recent episode of the Fox Soul streaming show Cocktails with Queens, the actor Vivica A Fox called Samuels’ death karma payback. “This man was a hypocrite, in my honest opinion,” she said. “He insulted African American women on a consistent basis.” In a Mother’s Day sermon, the preacher-influencer Jamal Bryant indirectly singled out this “high-powered man” for allegedly needing “a GoFundMe for his funeral”. The many women in Bryant’s congregation ate this up.

Still, just as many Black celebrities have rushed to defend Samuels. “Love him or hate him,” said the actor Marlon Wayans, “he spoke his truth. If you hated [him] why tune in?” The rapper turned comedian TI scorned the gleeful reactions to his death as a “fucking travesty” while branding Samuels’ haters as “despicable” and “bullies”. “Whatever he did, he did it, and [he’s] gone,” said the Why You Wanna emcee. “He got away with it.”

Besides his mother and daughter, Samuels is survived by his legion followers in the online community known as the “manosphere”, a sort of digital bathhouse for naked pushback against feminist ideology and the reprisal of traditional gender norms.

Casually drawing on relationship and income statistics, Samuels delighted in playing the role of market adjuster and scolding “average” Black women for pursuing Black men in the Talented Tenth – good-looking men with minimum six-figure incomes, no kids, no priors, and no hangups in bed. According to Samuels, guys mainly wanted women who were “fit, feminine, friendly, cooperative and submissive”. He barely had patience for callers who defied that description, and regularly played those clashes with them for laughs. And this was against the backdrop of Black women having a tough enough time being taken seriously online, let alone settling down.

More than 30,000 people signed an online petition calling on YouTube and Instagram to de-platform Samuels, believing he had “galvanised a community of men of all races and nationalities in the outspoken hatred of women”. To many, Samuel’s polished and bespectacled presentation was little more than a pseudo-intellectual cover for misogynoir. “I think he has had an outsized impact on poisoning the social discourse between Black men and Black women around matters of love, dating and intimacy,” the Rutgers women’s studies professor Brittney Cooper wrote in a recent Facebook post, after Samuels used a clip of her talking about racism and fatphobia as an example of a low-value woman. “I hope that the Black women who liked Kevin’s work stop letting the latest brother with relationship advice exploit your pain.”

Samuels’ public persona wasn’t always such a troll. A chemical engineering major who segued into a career in marketing, Samuels established himself on social media as a self-improvement coach and tastemaker (“the godfather of style”, he called himself), hipping men to the coolest clothes, watches and fragrances.

But Samuels eventually saw the bigger audience for relationship content, and quickly distinguished himself by doubling down on the “negging” techniques that undergirded the pickup artist craze of the early aughts. It’s a blueprint that launched the mainstream success of Steve Harvey. Before he was widely known as the avuncular host of Family Feud and the Miss Universe pageant, Harvey was writing plainspoken relationship manuals for Black women and spinning them into the box-office topping Think Like a Man franchise.

After one video sizing up a woman as “average at best” drew millions of views, Samuels was essentially rebooted as a relationship expert. In another oft-shared video he writes off a proudly curvy Black female caller as “running back-sized.” Before his death, Samuels had amassed more than 1.4 million YouTube subscribers and more than 1.2 million Instagram followers. Mainstream renown wasn’t much farther off.

Already, Samuels was a fixture of the Black gossip blogs for his viral put-downs and for his interviews with Nicki Minaj, Future, and the social media influencer Brittany Renner. Those same blogs were quick to hypothesise about the chaotic circumstances of Samuels’ death and echo reports that the ultimate high-value man died broke.

But his village of YouTube peers have rallied to debunk those rumours and rebuff what they characterise as efforts to defame Samuels in death. Mostly, they claim he was a tireless worker and shrewd businessman who could be harsh, but all in the interest of uplifting the community overall. In a YouTube eulogy, Melanie King, a Samuels protege who credits him for helping her rebuild from an agonising divorce, likened taking advice from him to “chewing broken glass”.

“We needed that shock,” said King, who thought of Samuels more like a tough dad. “Because, let’s be honest, if he had not been so shocking to so many people, would you even know about him?”

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!