Tag Archive for: systems

Cyber attacks are one of the biggest threats facing healthcare systems

/in


An increase in cyber attacks on the healthcare sector is jeopardising patient safety, and prompting some governments to publish new cyber security standards.

Publicly disclosed global cyber security breaches between January and September last year showed that the healthcare sector suffered more attacks (241) than any other sector, ahead of government (147), and information technology including software, hardware and IT services (91), according to research by Omdia, a technology research provider.

The most common type of cyber breach in healthcare was hacking, followed by supply chain attacks, “phishing” (where cyber criminals pose as legitimate organisations to trick people into disclosing passwords and payment details), and “ransomware”, in which hackers use malicious software — “malware” — to encrypt data until the victim pays a ransom to unlock it.

“The healthcare sector is such a tempting target [for cyber security criminals] because . . . you can put lives at risk,” says James Lewis, a cyber security expert at the Center for Strategic and International Studies, a US think-tank.

The UK’s National Health Service has been hit by significant ransomware attacks. In 2017, the “WannaCry” attack is estimated to have cost the NHS £92mn and caused the cancellation of 19,000 patient appointments. Another hacking, in 2022, took down the non-emergency 111 service, and disrupted management systems for mental health services and emergency prescriptions.

Cyber attacks on hospitals in Germany and the US have also disabled their systems — forcing them to reschedule some procedures and temporarily divert patients to other facilities until the systems were brought back online.

And, in another case, in Finland, the confidential records of thousands of psychotherapy patients were hacked and leaked online — with others blackmailed to keep the data private, according to reports in the national media.

“Almost every hospital CEO I speak to . . . now [says] that cyber risk is their number one or number two enterprise risk issue,” says John Riggi, national adviser for cyber security and risk at the American Hospital Association (AHA), which…

Source…

Mirai-based NoaBot Botnet Targeting Linux Systems with Cryptominer

/in


A noticeable difference between NoaBot and Mirai is that rather than DDoS attacks, the botnet targets weak passwords connecting SSH connections to install cryptocurrency mining software.

Cybersecurity researchers at Akamai have discovered cryptomining malware called NoaBot based on the notorious Mirai botnet. The crytojacking malware NoaBot is currently targeting Linux servers and has been active since January 2023.

According to Akamai, a noticeable difference between NoaBot and Mirai is that rather than DDoS attacks (Distributed Denial of Service attacks), the malware targets weak passwords connecting SSH connections and installs cryptocurrency mining software, allowing attackers to generate digital coins using victims’ computing resources, electricity, and bandwidth.

Here, it is important to mention that NoaBot malware has also been used to deliver P2PInfect, a separate worm discovered by Palo Alto Networks in July 2023.

NoaBot is compiled using the UClibc code library, unlike the standard Mirai library. This changes how the antivirus protections detect NoaBot, categorizing it as an SSH scanner or generic trojan. The malware is statically compiled and stripped of symbols, while strings are obfuscated instead of saved as plaintext, making it harder for reverse engineers to extract details.

The NoaBot binary runs from a randomly generated folder, making searching devices harder. The standard Mirai dictionary is replaced with a large one, and a custom-made SSH scanner is used. Post-breach capabilities include installing a new SSH-authorized key.

This botnet has grown significantly, with over 800 unique IP addresses worldwide showing signs of NoaBot infections. The worm is a customized version of Mirai, a malware that infects Linux-based servers, routers, web cameras, and other Internet of Things devices.

Interestingly, the malware includes embedded song lyrics from the “Who’s Ready for Tomorrow” song by Rat Boy and IBDY, but later samples do not have these. The botnet also adds command line arguments, such as the “noa” flag, which installs a persistence method after a reboot.

Mirai-based NoaBot Botnet Targeting Linux Systems with Cryptominer
Screenshot: Akamai
Mirai-based NoaBot Botnet Targeting Linux Systems with Cryptominer
Screenshot: Akamai

Threat actors…

Source…

Washington County systems hit with cyberattack

/in


It was a dictionary attack, which is a tactic used to break into password-protected computers, etc. by literally trying every word in the dictionary.

WASHINGTON COUNTY, ARKANSAS, Ark — The Washington County government said a cyberattack was unsuccessful after the county’s computer services were hit with 60,000 hack attempts between Friday, Dec. 15 and Sunday.

According to Washington County Director of Communications Tad Sours, an attempt to hack the county computer systems began on Friday with 14,000 attempts, 17,000 attempts on Saturday, and then another 33,000 on Sunday. Sours said the attempts were “not successful at all” with “no service failures.”

“They attack thousands of municipalities, businesses, and government agencies all the time, looking for [something] they haven’t found here,” said Sours. 

The number of attempts on Monday hasn’t been calculated yet, but Sours said it appears the attempts have scaled back.

Sours described the attempts as a dictionary attack, which is a tactic used by hackers trying to break into password-protected computers, networks, or other IT resources by literally trying every word in the dictionary as a possible password. 

“They’re trying to log in to random emails to see if they can break through our security,” said Sours. “They’re trying to get into our system to send things out using a ‘.gov’ email address so that more people would fall for a scam.” 

Tom Kirkham, CEO and founder of Kirkham IronTech which is a cybersecurity specialist company said this is a large issue. 

“It happens thousands of times a second to every device that’s connected to a network,” said Kirkham. 

Kirkham said it’s important to be aware during the holidays and weekends.

“There are a lot of people off work—like cybersecurity people, or IT…

Source…

CISA’s response to Iran hacking control systems in US critical infrastructures is inadequate

/in


Iran is in an undeclared war, including cyber war, against the U.S. and our critical infrastructures. Dec. 1, 2023, CISA, FBI, EPA, NSA and the Israel National Cyber Directorate (INCD) issued the following alert: “IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities.”

The Iranian Government Islamic Revolutionary Guard Corps (IRGC) is a nation-state with associated capabilities, not just some hackers who support a cause. The picture of the hack of Full Pint Brewery should remove all doubt that Iran is directly behind state-sponsored hacking of U.S. critical infrastructures. The Unitronics incidents are cyberattacks on control systems, in this case PLCs, not IP networks or equipment. PLCs are used for operation, not to hold customer information. Because IRGC got to the PLC, they can compromise the near- or long-term operation of any targeted system.
Iran has PLCs (think about Stuxnet as that was an attack against Siemens PLCs) in their nuclear, manufacturing and oil/gas industries and is familiar with the operation of PLCs. The Nov. 25 IRGC cyberattack of the Municipal Water Authority of Aliquippa brings several interesting wrinkles to cyber war. The IRGC targeted the control system equipment, in this case Israeli-made Unitronics PLCs, not the end-users such as Aliquippa or Full Pint. Consequently, this is a nation-state supply chain attack against U.S. critical infrastructure, not any single end-user or sector.

However, this supply chain attack is not the usual software compromise that can be addressed by a Software Bill of Materials, but design weaknesses in control systems that are not unique to Unitronics. Recall, Stuxnet compromised Siemens PLCs to cause damage to the centrifuges and Triconix controllers were compromised by the Russians in an attempt to blow up a Saudi Arabian petrochemical plant. It is evident the Dec. 1 alert does not address PLC-unique issues identified from the Unitronics incidents or other previous PLC attacks. 

Unitronics

Unitronics is a control system/automation supplier. From the Unitronics website, the company was founded in 1989 with installations in automated parking systems,…

Source…