Tuesday, May 21, 2024

Norway Recommends Replacing SSL VPN to Prevent Breaches


 A nice cybersecurity step from Norwegian National Cyber Security Centre (NCSC).

The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.


NCSC's official recommendation for users of Secure Socket Layer Virtual Private Network (SSL VPN/WebVPN) products is to switch to Internet Protocol Security (IPsec) with Internet Key Exchange (IKEv2).


IKEv1 has some vulnerabilities for some product families i.e. "IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products (CVE-2016-6415)" (CVSS 3.0 score is 7.5)


https://bit.ly/4dGmfVI


"The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks."


"While the cybersecurity organization admits IPsec with IKEv2 isn't free of flaws, it believes switching to it would significantly reduce the attack surface for secure remote access incidents due to having reduced tolerance for configuration errors compared to SSLVPN."


"Unlike IPsec, which is an open standard that most companies follow, SSLVPN does not have a standard, causing network device manufacturers to create their own implementation of the protocol."


"As an example, Fortinet revealed in February that the Chinese Volt Typhoon hacking group exploited two FortiOS SSL VPN flaws to breach organizations, including a Dutch military network."


"In 2023, the Akira and LockBit ransomware operations exploited an SSL VPN zero-day in Cisco ASA routers to breach corporate networks, steal data, and encrypt devices.

Earlier that year a Fortigate SSL VPN vulnerability was exploited as a zero-day against government, manufacturing, and critical infrastructure."

Monday, May 13, 2024

Payroll Data Breach of Ministry of Defence of UK



If your systems rely on digital platforms (which is inevitable today) then you cannot be an exception of cyber attacks. If you did not take necessary cybersecurity countermeasures then your end is not difficult to guess.

The cyber victim of this week was the Ministry of Defense of the United Kingdom.


UK Government has confirmed a cyberattack on the payroll system used by the Ministry of Defence (MoD) where hackers have accessed personal information of former armed forces personnel, including names, financial data, and in some cases home addresses.


The affected systems have been pulled offline but there is no indication as to how long the attackers had access to the data.


https://bit.ly/3JWRXAz


"UK Government has confirmed a cyberattack on the payroll system used by the Ministry of Defence (MoD) led to "malign" forces accessing data on current and a limited number of former armed forces personnel.


There is no evidence to suggest that the criminals who broke into the systems actually removed any data, but they did access personal information including names, financial data, and in some cases home addresses."


"The UK isn't formally attributing the activity to any specific individual or group, but sources speaking to Sky, which broke the news, suggested China was behind it."

Tuesday, May 7, 2024

Vastaamo Hack: Therapy Notes Hacker Jailed for Blackmail

Julius Kivimäki who is (was) one of Europe's most wanted cyber criminals has been jailed for attempting to blackmail 33,000 people whose confidential notes he stole.

He broke the database of Finland's largest psychotherapy company (Vastaamo). We saw once again the well-known but neglected fact: It's not important how big your company is. You can be hacked if you didn't take the necessary countermeasures against cyber attacks.


Investigations found that the databases of the company were vulnerable and open to the internet without proper protections. Yes, it can sound unbelievable but there may be too many similar companies on the world.


It is also worth to mention that the boss of Vastaamo was convicted of failing to protect his customers' sensitive data. (3-month prison) The managers DO have to be aware of that they also have a responsibility to protect the data of their customers. Otherwise they can face a prison sentence.


https://bit.ly/4abmYvl


"In terms of the number of victims, his trial was the biggest criminal case in Finnish history."


"He demanded a 400,000 Euro (£340,000) ransom from the company.


When it refused, he emailed thousands of patients asking for 200 Euros and threatening to publish their notes and personal details on the darknet which he did anyway in full."


"The boss of Vastaamo, Ville Tapio, was also convicted of failing to protect his customers' sensitive data.


Investigations found that the databases were vulnerable and open to the internet without proper protections.


He was given a suspended three-month prison sentence last year.


The company which was once a highly regarded and successful business in Finland collapsed after the hack."

Tuesday, April 23, 2024

Change Healthcare’s Ransomware Attack

Let's repeat the painful truth once more: Lack of cybersecurity countermeasures can cost you much more than you expected.

The cyber attacks (especially ransomware attacks) on the health sector have been increasing in recent years. Health sector players have to take this fact into consideration in order to avoid being the next cyber victim of the cyber crime market.


UnitedHealth states that the total costs of the February cyber attack for the first quarter of 2024 stands at $872 million. The total cost reached "$1 billion" with the remediation costs, including a $22 million payment to the ALPHV/BlackCat-affiliated ransomware group. (If you hire 20 cyber security experts each for $250,000, it will cost you $5 million per year.)


This attack also had effects on their shares. ($0.74 per share.)


https://bit.ly/3wcOdHF


"It's a charge that eclipsed that of casino group MGM, which didn't pay a ransom following an attack on its systems last year, and which faces recovery costs of $100 million to rebuild its systems and paying for the fallout from outages, operational disruptions, allegedly leaked data and more."


"The company warned that, financially, the total cost of the cyberattack is estimated to be between $1.35 billion and $1.6 billion for calendar year 2024."

Monday, April 15, 2024

Ransomware Gang Stole Health Data of 533,000 People


 Yet another hack and another health service provider: Group Health Cooperative of South Central Wisconsin (GHC-SCW).

The ransomware gang could not encrypt the data this time but they could steal it well.


The BlackSuit ransomware gang claimed to sell patients' MRN numbers, SSN numbers, patient IDs, telephone numbers, residential addresses, medical history, and potentially other sensitive information.


https://bit.ly/3vTq8pi


"According to the attackers' claims, the stolen files also contain affected patients' financial information, employees' data, business contracts, and e-mail correspondence."