Hong Kong private hospital given 4 weeks to submit report over US$10 million ransomware attack
The Department of Health said on Saturday that it was investigating the incident at Union Hospital in Tai Wai, with its initial findings showing the ransomware attack had not compromised any patient data or medical services.
“Our initial understanding is that it did not involve [the release of] patients’ data nor did it affect the service security of the hospital,” it said. “The Department of Health has requested the hospital to hand in a detailed report in four weeks.”
Health authorities said they had also notified law enforcement agencies, including police and the city’s privacy commissioner.
Union Hospital revealed on Thursday that it had fallen prey to the ransomware attack on Monday morning, resulting in some “operational disruptions”.
“In response to the attack, the hospital has activated the emergency response system and stepped up cyber security measures to block further intrusion … Union Hospital condemns any form of cyberattack,” the hospital said.
“A team of cybersecurity experts has been appointed to conduct thorough system inspection and recovery in order to ensure medical service continuity.”
The hospital stressed that its staff had been vigilant over cybersecurity threats and ensured that all patient records were encrypted and password-protected.
“The leakage of patient data is unfounded as of now. An investigation into the attack is in progress,” it said.
Record 73% of Hong Kong companies hit by cyberattacks in past year: watchdog poll
Record 73% of Hong Kong companies hit by cyberattacks in past year: watchdog poll
Hackers reportedly used ransomware called “LockBit” to target the hospital and demand the US$10 million ransom, which the latter refused to pay.
Police said they received a report from a hospital employee on Monday over abnormalities in the hospital’s network system including some computer files going missing, but no personal data was involved.
Source…
Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds (Video)
When thousands of security researchers descend on Las Vegas every August for what’s come to be known as “hacker summer camp,” the back-to-back Black Hat and Defcon hacker conferences, it’s a given that some of them will experiment with hacking the infrastructure of Vegas itself, the city’s elaborate array of casino and hospitality technology.
But at one private event in 2022, a select group of researchers were actually invited to hack a Vegas hotel room, competing in a suite crowded with their laptops and cans of Red Bull to find digital vulnerabilities in every one of the room’s gadgets, from its TV to its bedside VoIP phone.
One team of hackers spent those days focused on the lock on the room’s door, perhaps its most sensitive piece of technology of all. Now, more than a year and a half later, they’re finally bringing to light the results of that work: a technique they discovered that would allow an intruder to open any of millions of hotel rooms worldwide in seconds, with just two taps.
Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries.
By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock’s data, and the second opens it.
“Two quick taps and we open the door,” says Wouters, a researcher in the…
Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts
A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million.
Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in December 2023 following his arrest in July.
“At the time of both attacks, Ahmed, a U.S. citizen, was a senior security engineer for an international technology company whose resume reflected skills in, among other things, reverse engineering smart contracts and blockchain audits, which are some of the specialized skills Ahmed used to execute the hacks,” the U.S. Department of Justice (DoJ) noted at the time.
While the name of the company was not disclosed, he was residing in Manhattan, New York, and working for Amazon before he was apprehended.
Court documents show that Ahmed exploited a security flaw in an unnamed cryptocurrency exchange’s smart contracts to insert “fake pricing data to fraudulently generate millions of dollars’ worth of inflated fees,” which he was able to withdraw.
Subsequently, he initiated contact with the company and agreed to return most of the funds except for $1.5 million if the exchange agreed not to alert law enforcement about the flash loan attack.
It’s worth noting that CoinDesk reported in early July 2022 that an unknown attacker returned more than $8 million worth of cryptocurrency to a Solana-based crypto exchange called Crema Finance, while keeping $1.68 million as a “white hat” bounty.
Ahmed has also been accused of carrying out an attack on a second decentralized cryptocurrency exchange called Nirvana Finance, siphoning $3.6 million in the process, ultimately leading to its shutdown.
“Ahmed used an exploit he discovered in Nirvana’s smart contracts to allow him to purchase cryptocurrency from Nirvana at a lower price than the contract was designed to allow,” the DoJ said.
“He then immediately resold that cryptocurrency to Nirvana at a higher price. Nirvana offered Ahmed a ‘bug bounty’ of as much as $600,000 to return the stolen funds, but Ahmed instead demanded $1.4 million, did not reach…
AT&T acknowledges data leak that hit 73 million current and former users
Getty Images | VIEW press
AT&T reset passcodes for millions of customers after acknowledging a massive leak involving the data of 73 million current and former subscribers.
“Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders,” AT&T said in an update posted to its website on Saturday.
An AT&T support article said the carrier is “reaching out to all 7.6 million impacted customers and have reset their passcodes. In addition, we will be communicating with current and former account holders with compromised sensitive personal information.” AT&T said the leaked information varied by customer but included full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers, and passcodes.
AT&T’s acknowledgement of the leak described it as “AT&T data-specific fields [that] were contained in a data set released on the dark web.” But the same data appears to be on the open web as well. As security researcher Troy Hunt wrote, the data is “out there in plain sight on a public forum easily accessed by a normal web browser.”
The hacking forum has a public version accessible with any browser and a hidden service that requires a Tor network connection. Based on forum posts we viewed today, the leak seems to have appeared on both the public and Tor versions of the hacking forum on March 17 of this year. Viewing the AT&T data requires a hacking forum account and site “credits” that can be purchased or earned by posting on the forum.
Hunt told Ars today that the term “dark web” is “incorrect and misleading” in this case. The forum where the AT&T data appeared “does not meet the definition of dark web,” he wrote in an email. “No special software, no special network, just a plain old browser. It’s easily discoverable via a Google search and immediately shows many PII [Personal Identifiable Information] records from the AT&T breach. Registration is then free for anyone with the only remaining barrier being obtaining…