Tag: hackers | SpinSafe

Hackers Were in Change Healthcare 9 Days Before Attack

April 23, 2024/in Internet Security

Hackers were reportedly in the networks of UnitedHealth Group’s Change Healthcare unit for days before launching their ransomware strike.

They gained entry to the networks on Feb. 12, using compromised credentials on an application that allows staff to remotely access systems, The Wall Street Journal (WSJ) reported Monday (April 22).

During the nine days they were in the system before launching the attack on Feb. 21, they may have been able to steal “significant” amounts of data, Seeking Alpha reported Monday, citing a WSJ article.

Change Healthcare posted its first update reporting connectivity issues Feb. 21, saying that “some applications are currently unavailable” and that the company was triaging the issue.

On April 16, UnitedHealth Group CEO Andrew Witty said during an earnings call that the cyberattack cost the company $872 million.

Witty said that the incident “was straight out an attack on the U.S. health system and designed to create maximum damage,” adding: “I think we’ve got through that very well in terms of the remediation and the build back to functionality.”

In the wake of that attack, the federal government announced it is offering a $10 million reward to help identify the people behind the organization that launched the attack: the ransomware-as-a-service group ALPHV BlackCat.

In addition, U.S. Sen. Mark R. Warner, D-Va., introduced a bill that would accelerate Medicare payments to healthcare providers that have suffered a cyberattack.

The bill, the “Health Care Cybersecurity Improvement Act of 2024,” is meant to incentivize cybersecurity in the healthcare industry.

“The recent hack of Change Healthcare is a reminder that the entire healthcare industry is vulnerable and needs to step up its game,” Warner said in a March 22 press release announcing the introduction of the bill. “This legislation would provide some important financial incentives for providers and vendors to do so.”

PYMNTS Intelligence has found that 82% of eCommerce merchants endured cyber or data breaches in the last year. Forty-seven percent of those merchants said the breaches resulted in both lost revenue and lost…

Source…

Hackers are threatening to leak World-Check, a huge sanctions and financial crimes watchlist

April 21, 2024/in Computer Security

A financially motivated criminal hacking group says it has stolen a confidential database containing millions of records that companies use for screening potential customers for links to sanctions and financial crime.

The hackers, which call themselves GhostR, said they stole 5.3 million records from the World-Check screening database in March and are threatening to publish the data online.

World-Check is a screening database used for “know your customer” checks (or KYC), allowing companies to determine if prospective customers are high risk or potential criminals, such as people with links to money laundering or who are under government sanctions. The hackers told TechCrunch that they stole the data from a Singapore-based firm with access to the World-Check database, but did not name the firm.

A portion of the stolen data, which the hackers shared with TechCrunch, includes individuals who were sanctioned as recently as this year.

Simon Henrick, a spokesperson for the London Stock Exchange Group, which maintains the database, told TechCrunch: “This was not a security breach of LSEG/our systems. The incident involves a third party’s data set, which includes a copy of the World-Check data file. This was illegally obtained from the third party’s system. We are liaising with the affected third party, to ensure our data is protected and ensuring that any appropriate authorities are notified.”

LSEG did not name the third-party company, but did not dispute the amount of data stolen.

The portion of stolen data seen by TechCrunch contains records on thousands of people, including current and former government officials, diplomats, and private companies whose leaders are considered “politically exposed people,” who are at a higher risk of involvement in corruption or bribery. The list also contains individuals accused of involvement in organized crime, suspected terrorists, intelligence operatives and a European spyware vendor.

The data varies by record. The database contains names, passport numbers, Social Security numbers, online crypto account identifiers and bank account numbers, and more.

World-Check is currently owned by the London Stock Exchange Group following…

Source…

Carpetright is latest British business to be hit by cyber attack as hackers target company HQ to affect hundreds of customer orders

April 20, 2024/in Computer Security

Hackers targeted the company HQ in Purfleet, Essex on Tuesday

Flooring chain Carpetright is the latest British business to be hit by a cyber attack affecting hundreds of customer orders.

Hackers targeted the company HQ in Purfleet, Essex on Tuesday, sending malware to gain unauthorised access.

Carpetright’s network was taken offline due to the cyber attack but bosses insist that the virus was isolated before any data was swiped.

However phone lines are still down with callers met with the automated message ‘Thank you for your patience while we work on a solution’.

Staff and hundreds of customers were affected by the malicious virus with employees reportedly unable access their payroll information.

Flooring chain Carpetright is the latest British business to be hit by a cyber attack affecting hundreds of customer orders (file pic)

Hackers targeted the company HQ in Purfleet, Essex on Tuesday, sending malware to gain unauthorised access (stock photo)

A source told The Sun: ‘Some staff networks were taken down including the portals that workers use to book time off and look at payslips.

‘It happened abruptly and was worrying because customers couldn’t get through to helplines.

READ MORE: Hackers publish NHS patients’ data after cyber attack including names, addresses and medical conditions – as they vow to post thousands more unless ransom is paid

‘Everything at HQ was taken offline as that was the best way to stop the attack spreading to customer data.’

A spokesperson for Carpetright said: ‘We would like to apologise for any inconvenience caused.

‘We are not aware of any customer or colleague data being impacted by this incident and are testing and resetting systems, with investigations ongoing.’

The cyber attack at the flooring chain comes after hackers managed to access a ‘small number’ of patients’ data last month.

Ransomware group – INC Ransom – targeted NHS Dumfries and Galloway and claimed it was in possession of three terabytes of data from NHS Scotland.

A post on its dark web blog included a ‘proof pack’ of some of the data, which was…

Source…

FBI’s Chris Wray warns Chinese hackers preparing to attack US infrastructure ‘to induce panic’

April 19, 2024/in Computer Security

FBI Director Christopher Wray warned Thursday that a hacking group linked to the Chinese government is waiting for the right moment to “deal a devastating blow” to U.S. critical infrastructure.

Wray delivered a keynote speech at the Vanderbilt Summit on Modern Conflict and Emerging Threats in Nashville, and told national security and intelligence experts that the risks posed by the government of China to U.S. national and economic security are “upon us now.”

The director said a recent bureau investigation found that the Chinese government had gained illicit access to networks within America’s “critical telecommunications, energy, water, and other infrastructure sectors.”

“The PRC [People’s Republic of China] has made it clear that it considers every sector that makes our society run as fair game in its bid to dominate on the world stage, and that its plan is to land low blows against civilian infrastructure to try to induce panic and break America’s will to resist,” Wray said — the FBI explained “these vital sectors—everything from water treatment facilities and energy grids to transportation and information technology—form the backbone of our society.”

“The fact is, the PRC’s targeting of our critical infrastructure is both broad and unrelenting,” he added. “It’s using that mass, those numbers, to give itself the ability to physically wreak havoc on our critical infrastructure at a time of its choosing,”

Wray said CCP-sponsored cyber actors “prepositioned” themselves to potentially mount cyber offenses against American energy companies in 2011—targeting 23 different pipeline operators, with Wray saying this helps understand current motivations.

“When one victim company set up a honeypot—essentially, a trap designed to look like a legitimate part of a computer network with decoy documents—it took the hackers all of 15 minutes to steal data related to the control and monitoring systems, while ignoring financial and business-related information, which suggests their goals were even more sinister than stealing a leg up economically,” he said.

The CCP also targeted critical infrastructure organizations through more…

Source…

Tag Archive for: hackers