Change Healthcare’s Ransomware Attack

Let's repeat the painful truth once more: Lack of cybersecurity countermeasures can cost you much more than you expected.

The cyber attacks (especially ransomware attacks) on the health sector have been increasing in recent years. Health sector players have to take this fact into consideration in order to avoid being the next cyber victim of the cyber crime market.

UnitedHealth states that the total costs of the February cyber attack for the first quarter of 2024 stands at $872 million. The total cost reached "$1 billion" with the remediation costs, including a $22 million payment to the ALPHV/BlackCat-affiliated ransomware group. (If you hire 20 cyber security experts each for $250,000, it will cost you $5 million per year.)

This attack also had effects on their shares. ($0.74 per share.)

https://bit.ly/3wcOdHF

"It's a charge that eclipsed that of casino group MGM, which didn't pay a ransom following an attack on its systems last year, and which faces recovery costs of $100 million to rebuild its systems and paying for the fallout from outages, operational disruptions, allegedly leaked data and more."

"The company warned that, financially, the total cost of the cyberattack is estimated to be between $1.35 billion and $1.6 billion for calendar year 2024."

Ransomware Gang Stole Health Data of 533,000 People

 Yet another hack and another health service provider: Group Health Cooperative of South Central Wisconsin (GHC-SCW).

The ransomware gang could not encrypt the data this time but they could steal it well.

The BlackSuit ransomware gang claimed to sell patients' MRN numbers, SSN numbers, patient IDs, telephone numbers, residential addresses, medical history, and potentially other sensitive information.

https://bit.ly/3vTq8pi

"According to the attackers' claims, the stolen files also contain affected patients' financial information, employees' data, business contracts, and e-mail correspondence."

About 17,000 Unpatched Microsoft Exchange Servers in Germany

If you are living in Germany and administering some Exchange Servers then you can begin to worry.

The German Fededal Office for Information Security (Bundesamt für Sicherheit in der Informationtechnik - BSI) has identified a critical security concern about the poor state of Microsoft Exchange server patching in the country.

Of these servers in Germany, 12% are running a version which is no longer supported (such as Exchange 2010 or 2013) and around 25% are running Exchange 2016 or 2019 without vital patches. This means that at least 37% of Microsoft Exchange Servers in Germany are vulnerable to cyber attacks.

And this case shows us how vital are vulnerability and patch management systems for a company.

https://bit.ly/3THFk0K

"The government regulator says there are 17,000 or more Exchange Server instances in Germany vulnerable to at least one critical vulnerability, out of around 45,000 public-facing servers in the Euro nation running the software."

"Of particular concern is fixing CVE-2024-21410, an elevation-of-privilege vulnerability that Microsoft patched last month. According to German investigators, it's not clear whether as much as 48 percent or so of the country's Exchange servers have fixed up this hole yet, and Microsoft did warn it's a trickier-than-normal update to apply."

"We're told BSI is now emailing network providers on a daily basis reminding them to shore up any vulnerable system it detects. It warns that criminals are already on the lookout to exploit these reported flaws and 'schools and universities, clinics, doctors' practices, nursing services and other medical facilities, lawyers and tax advisors, local governments and many medium-sized companies are particularly affected.'"

Some VPN Applications Can Turn Your Android Device into a Zombi Device

 Some Free VPN apps can turn your Android device into a zombi device.

An investigation by Satori Threat Intelligence and Research Team revealed a set of 28 apps that utilized the ProxyLib library to convert Android devices into proxies, which are listed below:

1. Lite VPN

2. Anims Keyboard

3. Blaze Stride

4. Byte Blade VPN

5. Android 12 Launcher (by CaptainDroid)

6. Android 13 Launcher (by CaptainDroid)

7. Android 14 Launcher (by CaptainDroid)

8. CaptainDroid Feeds

9. Free Old Classic Movies (by CaptainDroid)

10. Phone Comparison (by CaptainDroid)

11. Fast Fly VPN

12. Fast Fox VPN

13. Fast Line VPN

14. Funny Char Ging Animation

15. Limo Edges

16. Oko VPN

17. Phone App Launcher

18. Quick Flow VPN

19. Sample VPN

20. Secure Thunder

21. Shine Secure

22. Speed Surf

23. Swift Shield VPN

24. Turbo Track VPN

25. Turbo Tunnel VPN

26. Yellow Flash VPN

27. VPN Ultra

28. Run VPN

(Source: BleepingComputer https://bit.ly/3TQhXmK)

The details of the analysis can be found in the below link:

https://bit.ly/3VBe4mV

Stanford University Was Victim of a Ransomware Attack

 

Being the 3rd best university in the world doesn't make you invincible to hackers. Stanford University, which is 3rd in the world university rankings in 2023, was victim of a ransomware attack, the university announced. The data breach first occurred on May 12, 2023 and could only be detected until September 27, 2023. (After 139 days)

It is not fully clear what information was compromised but Akira, the ransomware attacker group, claimed that they have stolen 430GB worth of data, including personal information and confidential documents from Stanford University.

It seems that only a few organizations will be an exception of being ransomware victims in the future.

Be aware that cyber security threats are real and they will have a cost for you if you will be hit by them. Take necessary countermeasures against cyber threats. Most of the people are not aware of this fact but yep, they are for REAL!

https://bit.ly/48YocJK

"...toward the end of October 2023 after Akira posted Stanford to its shame site..."

"...the data breach occurred on May 12 2023 but was only discovered on September 27 of last year..."

"Akira's post dedicated to Stanford on its leak site claims it stole 430 GB worth of data, including personal information and confidential documents."

"Akira has been in operation since March 2023 and according to previous negotiations with anonymized victims that have since been published online, the group's ransom demands were varied, from multiple millions of dollars to low six-figure sums."