NZ spy agency assisting Waikato DHB after cyber attack/ransom demand

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Waikato DHB’s IT centre is the target of a major cyber security attack. Video / Waikato DHB

The nation’s spy agency has been scrambled in the aftermath of a crippling cyber attack and ransom demand that has brought Waikato District Health Board services to their knees.

But the DHB is adamant that no ransom will be paid to hackers who have launched a targeted attack on the organisation’s IT services today.

A spokesman for the National Cyber Security Centre (NCSC) – a branch of the Government Communications Security Bureau (GCSB) – told the Herald staff were providing support to Waikato DHB following today’s attack.

The spokesman said the NCSC’s role was to help protect New Zealand organisations of national significance “from advanced, persistent, primarily state-sponsored, cyber security threats”.

The agency did not usually divulge whether it was involved in specific incidents.

“We are very conscious that malicious cyber actors can monitor public commentary on and incident and for this reason, while the investigation and remediation efforts are ongoing, we will not provide additional details regarding its cause or the response to it.”

DHB chief executive Kevin Snee told Stuff “no ransom will be paid” and he did not know who was behind the attack.

Cyber security expert Bruce Armstrong told the Herald he believes it is a ransomware attack on Waikato DHB from Asia or the Middle East, similar to what has hit the Irish health system in recent days.

He believes it is similar in nature to the DDoS attacks that rocked the New Zealand Stock Exchange (NZX) last year and overran its system for days.

“Health organisations are highly prized as targets globally and health industries throughout the world are the most attacked and most expensive type of attacks that happen,” the Darkscope founder said.

“The normal pattern is they will warn the organisation they will do it, and run half an hour DDoS attacks, and if the ransom is not paid they will attack for hours at a time.

“The attack on the NZX played out over three days before they were able to completely stop its effect on their systems.”

He said ransomware attacks are not targeting patient data and the only interest is to get money from…


Russian spy chief rebuffs “pathetic” SolarWinds hack accusations

The head of the Russian Foreign Intelligence Service (SVR) has denied any involvement in last year’s SolarWinds cyber attack which saw hackers infiltrate the networks of hundreds of companies as well as nine US governmental agencies.

SVR director Sergei Naryshkin told the BBC that he is “flattered” by the accusations from US and UK authorities that claim  Moscow had orchestrated such a sophisticated hack, yet added that he could not “claim the creative achievements of others as his own”.

“These claims are like a bad detective novel,” he told the BBC‘s Moscow correspondent Steve Rosenberg, who asked Naryshkin about the SVR’s links to the hacking group known as APT29, Cozy Bear, or the Dukes, which have been accused of carrying out the cyber attack.

Naryshkin described “all these claims about cyber attacks, poisonings, hacks, interference in elections which are blamed on Russia” as “absurd, and in some cases so pathetic”. 

Instead, he suggested that the SolarWinds hack might have been orchestrated by the West, which could have used similar tactics to those exposed by former National Security Agency contractor Edward Snowden. He leaked documents detailing the US and UK intelligence services’ efforts to “insert secret vulnerabilities into commercial encryption software” with the help of ISP providers and tech companies.

“I don’t want to assert that this cyber attack was carried out by a US agency but the tactics are similar,” said Naryshkin, who also questioned the evidence obtained by the US and UK intelligence agencies that linked the attack to Moscow.

President Donald Trump previously stated that the SolarWinds hack might have been orchestrated by the Chinese state and accused media outlets of being “petrified of discussing the possibility that it may be China”. However, the FBI, CISA, ODNI, and the NSA claimed that the Advanced Persistent Threat (APT) actor behind the incident is “likely Russian in origin”.

The statement prompted Russia’s National Coordination Center for Computer Incidents (NKTSKI) to issue a warning to Russian businesses, claiming that the new Biden administration could carry out reprisal attacks on critical infrastructure. 



Intego VirusBarrier X9 protects your Mac from macOS malware like Silver Sparrow and Xcode Spy [Save 50% on Mac Premium Bundle]

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

While you may hear that Macs are not be vulnerable to Windows viruses, the popularity of the Mac means that nefarious parties are actually targeting macOS more than ever before. Fortunately, Intego Mac Security has over two decades of experience protecting Apple users, and 9to5Mac readers can save 50% on Intego’s Mac Premium Bundle X9.

Intego’s software suite features macOS Big Sur compatible apps for Internet security, removing digital cruft, and backing up your most important data. This includes Intego’s all-new VirusBarrier X9 software so you can have peace of mind when new malware makes headlines.

Silver Sparrow protection

For macOS users, this means you can rely on Intego VirusBarrier X9 to detect the recently discovered Silver Sparrow malware that was found this year.

Silver Sparrow is mysterious malware discovered in the wild that found its way onto at least 40,000 Macs, including both Intel and M1 Macs. The full impact is not yet known of Silver Sparrow nor is its origin, but infected machines check in with a mysterious remote server every hour — seriously invasive.

XcodeSpy infection

Intego VirusBarrier X9 also eliminates XcodeSpy, a piece of malware that affects Apple’s developer environment Xcode. iPhone and iPad apps can only be developed on a Mac using Xcode, and XcodeSpy exploits this requirement by being distributed to Mac users through trojanized Xcode projects that are lightweight in file size and easy to share and download.

Peace of mind

Those are just two examples of how Intego VirusBarrier X9 keeps your Mac safe from creepy and privacy invasive malware that targets macOS. An infected Mac can make that all your data from personal photos and documents to passwords and browser data can be compromised. The worst part about malware like Silver Sparrow and XcodeSpy is that you won’t even know if your Mac is infected without software like VirusBarrier X9.

Intego VirusBarrier X9 actively protects your Mac from malware and phishing attempts with real time scans and automatic updates. You don’t have to be a computer expert to start using VirusBarrier X9 either. Set up is designed to be easy for all users, and configuration is simple enough for…


Spy groups hack into companies using zero-day flaw in Pulse Secure VPN

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Over the past few months, several cyberespionage groups, including one believed to be tied to the Chinese government, have been breaking into the networks of organizations from the United States and Europe by exploiting vulnerabilities in VPN appliances from zero-trust access provider Pulse Secure. Some of the flaws date from 2019 and 2020, but one was unknown until this month.

“Mandiant is currently tracking 12 malware families associated with the exploitation of Pulse Secure VPN devices,” researchers from Mandiant, the MDR and incident response arm of security vendor FireEye, said in a newly released report. “These families are related to the circumvention of authentication and backdoor access to these devices, but they are not necessarily related to each other and have been observed in separate investigations. It is likely that multiple actors are responsible for the creation and deployment of these various code families.”

Pulse Secure VPN zero-day vulnerability

While investigating breaches this year at various defense, government and financial organizations from around the world, the Mandiant team kept finding malicious activity in the compromised environments tracing back to their Pulse Secure VPN appliances where hackers had obtained administrative access. The experts couldn’t determine how the hackers gained administrative credentials, so it contacted Pulse Secure and its parent company Ivanti. Their investigation concluded that the attackers were likely using known vulnerabilities found and patched over the past two years, but also a previously unknown one.

Tracked as CVE-2021-22893, the flaw allows attackers to bypass authentication on the Pulse Connect Secure (PCS) VPN solution and execute arbitrary code. The vulnerability is rated critical with a severity score of 10 on the CVSS scale. A patch for the issue will be included in version 9.1R.11.4 of the PCS server, which has not been released yet. Until then, the company provided a workaround in the form of an .xml configuration file that can be imported into the appliance. The file will disable the Windows File Share Browser and Pulse Secure Collaboration features of the appliance to block the…