Tag: Offline | SpinSafe

Cyber attack takes Frontier Communications systems offline, affecting millions of broadband customers

April 19, 2024/in Internet Security

US telecom provider Frontier Communications was forced to shut down a number of its internal systems after detecting an unauthorized third party in its IT environment, shuttering internet access for millions.

Frontier Communications said it first detected the unauthorized access on 14 April 2024, before reporting the incident to the SEC on 15 April. The company said it had taken its systems down as part of its incident response protocols in an effort to contain the breach.

Frontier reported it believes it has contained the incident, with its core IT environment already restored, adding that it has also begun efforts to restore normal business operations, but this process is still ongoing.

Frontier serves customers in 25 US states, with 3 million broadband subscribers and a fiber optic network consisting of 5.2 million locations, as threat actors continue to target critical national infrastructure organizations to maximize the impact of their attacks.

Frontier says the third party, which it believes was likely a cyber crime group, was able to gain access to personally identifiable information (PII), among other information.

The telecom provider was unable to provide any further information on the specific types of sensitive information accessed by the attackers, or whether the PII pertained to customers or employees.

Some customers took to social media to voice their concern after being without internet for three days since Frontier took its systems down, reporting they cannot access technical support through Frontier’s app, website chat, or their phone line.

Frontier announced it was experiencing technical issues with its internal support systems and provided a phone number for those who require assistance.

Hackers target telecoms industry as ISPs become increasingly viewed as critical-national infrastructure

This incident comes hot on the heels of a series of high-profile cyber incident affecting telecom companies.

A huge cache of AT&T customer data was published on the dark web on 30 March 2024, with the personal…

Source…

Update ConnectWise ScreenConnect Servers Or Take Offline As Ransomware Is Deployed

February 23, 2024/in Internet Security

âIt’s odd because now our work has shifted to not getting ahead of the vulnerability and understanding it and sharing the intel, it’s watching the internet burn and trying to respond and remediate the best we can. We’re watching the world burn,â says John Hammond, principal security researcher at threat hunting firm Huntress.

The Cybersecurity and Infrastructure Security Agency (CISA) issued a notice Thursday that ConnectWise partners and end customers should pull the cord on all on-prem ScreenConnect servers if they cannot update to the latest version amid the ConnectWise ScreenConnect vulnerabilities that was reported early this week.

And exploits are already being seen in the wild.

âWe’re seeing such a variety of different attempts,â John Hammond, principal security researcher at threat hunting firm Huntress, told CRN. âSo many different threat actors are just taking advantage of these golden hours of exploitation.â

In a 30-page report released Friday, Ellicott City, Maryland-based Huntress has detected and kicked out active adversaries leveraging ScreenConnect access for post-exploitation. Exploits being deployed include ransomware, cryptocurrency coin miners, Cobalt Strike and additional remote access.

One company, UnitedHealth Group’s Change Healthcare, was experiencing slowdowns at pharmacies due to a strain of LockBit malware related to ScreenConnect vulnerabilities, according to a report on SC Magazine.

In an 8-K filing with the U.S. Securities and Exchange Commission on Wednesday, United Healthcare Group, the parent company of Change HealthCare, âidentified a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology system.

âDuring the disruption, certain networks and transactional services may not be accessible,â the filing stated.

…

Source…

Bitcoin Ransomware Takes Down 100 Romanian Hospitals Offline

February 14, 2024/in Internet Security

Last updated:

February 14, 2024 21:54 EST
| 1 min read

Source: Pete Linforth / Pixabay

More than 100 hospitals in Romania were affected by a crypto ransomware attack on Tuesday, the National Cyber Security Directorate (DNSC) confirmed. The unidentified perpetrators have demanded 3.5 Bitcoin (BTC), or about $180,000, to decrypt the data.

The ransomware took down over 100 hospitals, affecting their IT systems and encrypting data, forcing the hospitals to operate offline.

Romania’s ongoing hospital ransomware attack is getting worse. Cyber security centre said last night that 21 hospitals have had computers encrypted. A chidren’s hospital was the first to get hit but now it’s spread. Computers in 79 other medical facilities have been unplugged pic.twitter.com/rdsX31VhFd

— Joe Tidy (@joetidy) February 13, 2024

Per a recent update from the DNSC, 25 hospitals in Romania using Hipocrate Information System (HIS) are directly affected by the attack. “As a result of the attack, the system is down, files and databases are encrypted,” the Ministry of Health noted.

“The incident is under investigation by IT specialists, including cyber security experts from the National Cyber Security Directorate, and resumption possibilities are being assessed,” the Ministry added. However, it did not specify whether the authorities are ready to pay the ransom in Bitcoin, as demanded by attackers.

Dubbed ‘Backmydata’, the ransomware is a variant of Phobos malware family, that are distributed via hacked Remote Desktop (RDP) connections. The ransom note informs victim about the severity of the situation by threatening to sell confidential…

Source…

Ransomware attack knocks 20 Romanian hospitals offline: Report

February 13, 2024/in Internet Security

A ransomware attack on Hipocrate Information System (HIS), used by hospitals to manage medical activity and patient data knocked, impacted at least 21 hospitals in Romania forcing them offline.

The attack launched over the weekend targeted the production servers running HIS information system, resulting in the system’s database being encrypted.

The incident, currently under investigation, impacted various hospitals across Romania, including regional and cancer treatment centers, a report from the Bleeping Computer said.

There is no information on what ransomware operation targeted the hospitals’ system or if the patient’s personal or medical data was stolen. Romania’s National Cyber Security Directorate (DNSC) is currently investigating the cyber incident.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

Technological advancements in the healthcare industry like remote health monitoring, electronic health records and the Internet of Thins (IoT) has provided cybercriminals with more opportunities to attack the sector.

Also Read | How safe is our personal health data with the Indian government?

Attacks on the healthcare sector have also impacted India, with the country registered the second highest number of attacks on the sector in 2022.

Attacks on hospitals could lead to sensitive data being exposed to threat actors. This data can then be used to perform digital identity theft, online banking thefts, tax frauds and other financial crimes.

Source…

Tag Archive for: Offline