Connect with us

Technology

What’s going on with the HSE cyberattack?

Voice Of EU

Published

on

What is Conti ransomware? Who is Wizard Spider? Here’s what you need to know about the HSE cyberattack.

Overnight last Thursday (13 May), the Irish Health Service Executive (HSE) suffered a “significant and serious” cyberattack.

Said to be the most serious cyberattack ever to hit the State’s critical infrastructure, healthcare services across the country were impacted. Forced to shut down their IT systems on Friday, hospitals and other HSE services were left without access to electronic health records, causing significant disruption.

Disruption continued through the weekend and the HSE continues to provide updates on the impact of the attack via HSE.ie.

As of today (17 May), most healthcare appointments will continue as planned. However, the HSE advised that x-ray appointments in particular are severely affected.

Covid-19 vaccination services continue to operate with no disruption. Emergency health services across the country are also continuing as usual, however there may be delays in service provision.

What happened?

Investigations into the HSE cyberattack are ongoing but what we do know so far is that Cobalt Strike Beacon, a tool that can give remote access to hackers, was found on the HSE’s IT system. This enabled attackers to move within the computer network and execute their malware.

The malware unleashed by the hackers is a form of ransomware known as Conti.

What is Conti ransomware?

“Conti is designed to be operated by the attacker, rather than via an automated process, and it contains unique features that allow a more targeted and quicker attack,” said Patrick Wragg, cyber incident response manager at Integrity360.

“Conti’s ransomware operations have targeted a wide variety of sectors globally, which include construction, manufacturing, and retail,” Wragg added.

Ransomware encrypts the files on a system and demands payment to restore access. The information being held to ransom in this case could include patient data, though this has not yet been confirmed. However, if hackers have gained access to sensitive information such as this via the attack, the HSE could be doubly vulnerable.

Conti is known as ‘double-extortion’ ransomware, meaning that as well as holding access to systems to ransom, the malware might also steal information stored on the system. Hackers can then threaten to release this private information online if a payment is not made.

Has the HSE cyberattack infiltrated other systems?

On Thursday, the National Cyber Security Centre (NCSC) was made aware of the HSE cyberattack as well as an attempted attack on the Department of Health.

The NCSC implemented a response plan that included the suspension of some functions of IT systems as a precautionary measure. In the case of the Department of Health, the attempt to execute the ransomware was detected and prevented by the cybersecurity measures in place.

This attack and the HSE cyberattack are still under investigation by the NCSC, alongside An Garda Síochána, the Office of the Government Chief Information Officer and third-party contractors.

Who is behind the HSE cyberattack?

Wizard Spider, an organised group of cyber-criminals based in eastern Europe, is reportedly behind both the HSE cyberattack and the attempted attack on the Department of Health. This group has taken to targeting large organisations with high ransoms in recent years.

“What we’ve seen in our line of work is that the people behind these ransomware attacks are typically organised crime syndicates,” said Smarttech247 CEO and founder Ronan Murphy.

“Some of the high profile attacks on critical infrastructure in Europe and North America in recent times have been carried out by organised crime syndicates coming out of eastern Europe and Russia.”

Why were HSE IT systems shut down?

Support Silicon Republic

Shutting down the HSE’s IT systems serves both as a precautionary measure and allows cybersecurity teams to investigate the attack.

“In shutting everything down, it would appear HSE were unable to confidently isolate the problem by switching off just part of the network or even just quarantining the problematic IT assets out of the network,” suggested Amit Serper, assistant vice-president of security research at Guardicore Labs.

How long will it take to get HSE services back online?

Currently, specialists are working to clean infected devices and restore the HSE’s IT systems. Brooks Wallace, VP for the EMEA branch of Deep Instinct, explained: “Not only will they have to triage the infected machines, but they will also need to stop the lateral spread, likely using multiple tools, and consoles but with limited resources.”

There is no quick fix. Unpicking this long route out of a tangled web is what has to be done, as the only alternative is to give in to the attackers’ demands. “The more sensible option is to recover compromised data and rebuild systems from scratch, but in some cases this can take weeks,” said Noel O’Grady, director of Sungard Availability Services Ireland.

Why not just pay the ransom?

Paying ransoms for cyberattacks is not advised. “First instinct may be to just give in to demands, but paying hackers sends the message than an organisation is willing to hand over money and can put a target on them for future attacks,” said O’Grady.

Unfortunately, because some victims of ransomware have shelled out big sums to attackers, this has become big business, which leads to more attacks. In the case of the recent Colonial Pipeline cyberattack, it’s reported that the payment of a $5m ransom has only exasperated this escalating problem.

The HSE, on the other hand, “is absolutely correct in containing the problem”, according to Paul Donegan, Palto Alto Networks country manager for Ireland.

According to a study from Unit 42, the threat intelligence arm of Palo Alto Networks, the average ransom paid more than tripled in 2020 to more than $300,000, while the highest demand from cyber-extortionists reached $30m. This is already heightening in 2021, with average pay-outs almost tripling again and a new record demand of $50m reported by Unit 42.

Should other organisations be on alert for similar attacks?

In a word, yes. The NCSC issued an advisory on the HSE cyberattack which offers guidance for other organisations to detect and prevent a similar attack. This advisory will be updated as more details are revealed through the investigation.

Brian Honan, CEO and founder of BH Consulting and former special adviser on cybersecurity to Europol, strongly recommended all government agencies and private sector companies follow the NCSC guidance and to check systems for the indicators of compromise in its advisory.

Honan also recommended the DFIR Report’s information on Conti ransomware for more indicators as well as the known tactics, techniques and procedures of this cyber threat.

What can be done to effectively guard against such attacks in future?

In response to the HSE cyberattack, some cybersecurity professionals have pointed to the principle of ‘zero trust’ as an answer to these increasing threats from attackers.

“The driving principle of zero trust is ‘trust nothing and verify everything’,” explained Donegan. “It helps those that implement it to defend against all known attack vectors, including malicious insider and phishing attacks, by restricting the attacker’s ability to move through the network and alerting on their activities as they attempt to do so.”

Others have pointed to the dangers of overworked staff present to effective cybersecurity policies. “Given the nature of the industry, healthcare personnel are often severely time constrained, leading them to click, download, and rapidly handle email, while possibly falling victim to carefully-crafted social engineering based email attacks,” said Peter Carthew, director of public sector for UK and Ireland at Proofpoint.

“Nearly all targeted attacks rely on human interaction to work. Educating and training workers on what to watch out for, maintaining offline backups, implementing strong password policies, and developing ransomware response playbooks are vital defences against the numerous threats facing the sector today,” he said.

Oz Alashe, CEO and founder of CybSafe, emphasised this need to focus on the human factors of cybersecurity risk. “It’s crucial that public sector organisations are taking steps to not only raise awareness of such cyber threats, but also provide security training and support that takes this human aspect into consideration in order to help prevent these attacks in future.”

This all-hands approach is one way to alleviate the burden on cybersecurity teams, who are struggling to protect against the variety and strength of attacks out there. A recent Proofpoint survey of global chief information security officers (CISOs) showed that they are feeling overwhelmed by the vast array of threats coming from all angles. With so many threats to protect from, prioritisation becomes an issue, with only 25pc of public sector CISOs listing ransomware in their top three cyber threats.

For further guidance on preventing ransomware, BH Consulting’s whitepaper offers advice on where to start in planning these defences.



Source link

Technology

Chinese could hack data for future quantum decryption, report warns | Hacking

Voice Of EU

Published

on

Chinese hackers could target heavily encrypted datasets such as weapon designs or details of undercover intelligence officers with a view to unlocking them at a later date when quantum computing makes decryption possible, a report warns.

Analysts at Booz Allen Hamilton, a consulting firm, say Chinese hackers could also steal pharmaceutical, chemical and material science research that can be processed by quantum computers – machines capable of crunching through numbers at unprecedented speed.

In a report titled “Chinese threats in the quantum era”, the consultancy says encrypted data could be stolen by “Chinese threat groups”. It says quantum-assisted decryption will arrive faster than quantum-assisted encryption, giving hackers an edge.

“Encrypted data with intelligence longevity, like biometric markers, covert intelligence officer and source identities, social security numbers, and weapons’ designs, may be increasingly stolen under the expectation that they can eventually be decrypted,” the report says. It says “state-aligned cyber threat actors” will start to steal or intercept previously unusable encrypted data.

However, it adds there is a “very small” likelihood that quantum computing could break the latest encryption methods before 2030. The analysts say quantum computing’s advantages over classical computing – the computing used in everything from laptops to mobile phones – are at least a decade away.

“Although quantum computers’ current abilities are more demonstrative than immediately useful, their trajectory suggests that in the coming decades quantum computers will likely revolutionize numerous industries – from pharmaceuticals to materials science – and eventually undermine all popular current public-key encryption methods,” the report says.

Quantum computing is viewed as an exciting development. For example, experts say it could predict accurately what a complex molecule might do and thus pave the way for new drugs and materials.

China is already a strong player in the field, and Booz Allen Hamilton says it expected the country to surpass Europe and the US – where IBM recently made the most powerful quantum processor – in quantum-related research and development.

“Chinese threat groups will likely soon collect encrypted data with long-term utility, expecting to eventually decrypt it with quantum computers,” the report says. “By the end of the 2020s, Chinese threat groups will likely collect data that enables quantum simulators to discover new economically valuable materials, pharmaceuticals and chemicals.”

Source link

Continue Reading

Technology

UK Space Agency asks kids to make a logo for first launches • The Register

Voice Of EU

Published

on

Good news for those in the UK with primary school-aged kids and wondering what to do when the next bout of home-schooling hits: design a logo for the first UK satellite launches.

2022 could be a big year for launching satellites from Blighty’s shores as the first launchers gear up for a historic blast-off. Assuming the facilities have been built and all the necessary consents given and boxes ticked.

There are currently seven possible spaceport sites across the UK, from Cornwall in England through Llanbedr in Wales and up to the Western Isles in Scotland. Cash has been lobbed Cornwall’s way to support a horizontal launch by Virgin Orbit from Spaceport Cornwall and more toward Scotland for Orbex’s ambitions to launch vertically from Sutherland.

Should all the approvals happen and construction be completed, there is every chance the UK might host its first launch at some point in 2022.

Hence the need for a logo and thus a competition aimed at inspiring kids to consider a career in the space industry. And, of course, it is all worthy stuff: “Logo designs,” intoned the UK Space Agency, “should reflect how data from small satellites can help inform solutions to climate change as well as generate a source of pride in the UK’s space ambitions.”

What, we wondered, could possibly go wrong?

We put this question to Rob Manuel, one of those behind web stalwart b3ta.com. B3ta has a long history of (among other things) image challenges, the results of which tend to pop up, often unattributed, in timelines around the world. Now heading into its third decade, the site continues to push out a weekly Friday newsletter to email subscribers.

In terms of how to engage participants, Manuel said: “If anyone asks me, and they rarely do, I encourage competitions to be as open as possible – publish the results as they’re coming in. Try and create a buzz that something is happening rather than everything going in the bin.”

“As for things going wrong,” he went on, “well, there’s always an element who’ll want to subvert it.”

The competition is open to children aged 4-11 and will run until 11 March 2022. There are two age categories (4-7 and 7-11) over 12 regions in the UK. Designs can be drawn, painted, or created on a computer and either submitted on the logoliftoff.org.uk site or via post. Some basic questions also need to be answered, and children can work on their own or in a team of up to four.

We asked the UK Space Agency if it would take Manuel’s advice and post entries ahead of the competition close. We will update should it respond. ®

Source link

Continue Reading

Technology

Video analytics platform RugbySmarts named ‘most investable’ at SportX

Voice Of EU

Published

on

The Galway tech start-up was one of two winners at the sport-focused pre-accelerator programme.

A start-up developing real-time video analytics for sports has been named ‘most investable’ at SportX, a new pre-accelerator in Ireland for founders with sports and wellness business ideas.

RugbySmarts took the title at the inaugural SportX showcase last week, securing a cash prize.

The Galway-based start-up aims to automate and simplify sports analytics using AI,  machine learning and computer vision, helping coaches to improve player and team performance with a platform that could also be transferred to other sports.

RugbySmarts was founded last year by CTO William Johnstone, who has previously worked with Connacht Rugby, and CEO Yvonne Comer, who is a former Ireland international rugby player.

Meanwhile, the award of ‘best impact on sport’ was given to TrojanTrack. This start-up, founded in 2021 by Dublin-based Stephen O’Dwyer, is looking to combine quantitative biomechanical analysis with deep neural network tech in the equine industry.

The aim is to gain feedback on a horse’s injury or gait imbalance without using invasive technology, such as motion-tracking software that requires markers to be attached to the animal’s skin.

‘Next-gen sports-tech entrepreneurs’

SportX was launched earlier this year by advisory firm Resolve Partners, Sport Ireland and ArcLabs – the research and innovation centre at Waterford Institute of Technology.

The aim of the pre-accelerator programme was to build on tech and business ideas for the sport and wellness industries, giving founders access to academic, clinical and commercial resources.

The six-week programme involved workshops and engagement with advisers, entrepreneurs, subject experts and investors. Participants also had the opportunity to pitch to the US-based Techstars Sports Accelerator.

At the SportX showcase last week, nine teams had five minutes each to pitch their business ideas to a panel of judges.

The two winners were selected by the panel, which featured Gary Leyden of the ArcLabs Fund 1 GP, Sport Ireland’s Benny Cullen and Niall McEvoy of Enterprise Ireland.

At the launch of SportX earlier this year, Leyden said the goal of the programme was to find “the next generation of sports-tech entrepreneurs who can leverage the amazing enterprise and sports-related supports within the south-east of Ireland”.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!