Tag Archive for: network

Lurie Children’s Hospital faces computer network outage amid nationwide cybersecurity alert

/in


Computer outage impacts Lurie Childrens Hospital

The Chicago areas largest childrens hospital is currently grappling with a computer network outage, coinciding with a nationwide alert regarding cyber attacks targeting hospitals.

CHICAGOThe Chicago area’s largest children’s hospital is currently grappling with a computer network outage, coinciding with a nationwide alert regarding cyber attacks targeting hospitals.

This is not the first time Lurie Children’s Hospital has faced data-related issues. Last year, the hospital experienced a leak of social security numbers, names, birthdays, and addresses.

Concerns arose on Wednesday morning when parents noticed online irregularities. A message on the hospital’s website indicates an ongoing network outage affecting the internet, emails, phone service, and access to MyChart, a platform crucial for patients containing important health information, the ability to schedule doctor’s visits, and details on upcoming procedures.

Sources informed FOX 32 that a memo was circulated, stating that phone, email, and online medical records were disabled as a precautionary measure.

While Lurie Children’s Hospital has not confirmed any hacking or compromise of their systems, an expert sheds light on potential scenarios.

“It could have been a ransomware attack, where you have a group of individuals who targeted an institution, shut down their system and said, ‘hey if you don’t pay me X amount, we’re not going to turn things back on.’ It could be foreign nationals, quite possibly the Chinese. I know that’s been floated recently in testimony this week before Congress. Their efforts to penetrate and be able to disable US infrastructure is becoming quite rampant,” said Ross Rice, former FBI agent.

Efforts to obtain clarification from Lurie Children’s Hospital about the situation have been made, but as of now, there has been no response.

An alert on the hospital’s website states that they are actively working to resolve the issue.

Source…

US disables hacking network targeting critical infrastructure

/in


The US launched an operation to fight a pervasive Chinese hacking operation that successfully compromised thousands of internet-connected devices, according to two Western security officials and one person familiar with the matter.

The Justice Department (DoJ) and Federal Bureau of Investigation (FBI) sought and received legal authorization to remotely disable aspects of the Chinese hacking campaign, the sources told Reuters.

The Biden administration has increasingly focused on hacking, not only for fear that nation states may try to disrupt the US election in November, but because ransomware wreaked havoc on Corporate America in 2023.

The hacking group at the center of recent activity, Volt Typhoon, has especially alarmed intelligence officials who say it is part of a larger effort to compromise Western critical infrastructure, including naval ports, internet service providers and utilities.

While the Volt Typhoon campaign initially came to light in May 2023, the hackers expanded the scope of their operations late last year and changed some of their techniques, according to three people familiar with the matter.

The widespread nature of the hacks led to a series of meetings between the White House and private technology industry, including several telecommunications and cloud computing companies, where the US government asked for assistance in tracking the activity.

Such breaches could enable China, national security experts said, to remotely disrupt important facilities in the Indo-Pacific region that in some form support or service US military operations. Sources said US officials are concerned the hackers were working to hurt US readiness in case of a Chinese invasion of Taiwan.

China, which claims democratically governed Taiwan as its own territory, has increased its military activities near the island in recent years in response to what Beijing calls “collusion” between Taiwan and the United States.

The Justice Department and FBI declined to comment. The Chinese embassy in Washington did not immediately respond to a request for comment.

When Western nations first warned about Volt Typhoon in May, Chinese foreign ministry spokesperson Mao Ning said the hacking…

Source…

Microsoft network breached through password-spraying by Russia-state hackers

/in


Microsoft network breached through password-spraying by Russia-state hackers

Getty Images

Russia-state hackers exploited a weak password to compromise Microsoft’s corporate network and accessed emails and documents that belonged to senior executives and employees working in security and legal teams, Microsoft said late Friday.

The attack, which Microsoft attributed to a Kremlin-backed hacking group it tracks as Midnight Blizzard, is at least the second time in as many years that failures to follow basic security hygiene have resulted in a breach that has the potential to harm customers. One paragraph in Friday’s disclosure, filed with the Securities and Exchange Commission, was gobsmacking:

Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. We are in the process of notifying employees whose email was accessed.

Microsoft didn’t detect the breach until January 12, exactly a week before Friday’s disclosure. Microsoft’s description of the incident raises the prospect that the Russian hackers had uninterrupted access to the accounts for as long as two months.

A translation of the 93 words quoted above: A device inside Microsoft’s network was protected by a weak password with no form of two-factor authentication employed. The Russian adversary group was able to guess it by peppering it with previously compromised or commonly used passwords until they finally landed on the right one. The threat actor then accessed the account.

Furthermore, this “legacy non-production test tenant account” was somehow configured so that Midnight Blizzard…

Source…

Microsoft network breached through password-spraying by Russian-state hackers

/in


Microsoft network breached through password-spraying by Russian-state hackers

Getty Images

Russia-state hackers exploited a weak password to compromise Microsoft’s corporate network and accessed emails and documents that belonged to senior executives and employees working in security and legal teams, Microsoft said late Friday.

The attack, which Microsoft attributed to a Kremlin-backed hacking group it tracks as Midnight Blizzard, is at least the second time in as many years that failures to follow basic security hygiene has resulted in a breach that has the potential to harm customers. One paragraph in Friday’s disclosure, filed with the Securities and Exchange Commission, was gobsmacking:

Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. We are in the process of notifying employees whose email was accessed.

Microsoft didn’t detect the breach until January 12, exactly a week before Friday’s disclosure. Microsoft’s account raises the prospect that the Russian hackers had uninterrupted access to the accounts for as long as two months.

A translation of the 93 words quoted above: A device inside Microsoft’s network was protected by a weak password with no form of two-factor authentication employed. The Russian adversary group was able to guess it by peppering it with previously compromised or commonly used passwords until they finally landed on the right one. The threat actor then accessed the account, indicating that either 2FA wasn’t employed or the protection was somehow bypassed.

Furthermore, this “legacy non-production test…

Source…