A ransomware attack on Synnovis, a pathology services provider, has severely disrupted major hospitals in London, including King’s College Hospital, Guy’s and St Thomas’, and the Royal Brompton. This incident has led to the cancellation and redirection of numerous medical procedures. The hospitals have declared a ‘critical incident’ due to the significant impact on services, notably affecting blood transfusions. Synnovis’ CEO, Mark Dollar, expressed deep regret for the inconvenience caused and assured efforts to minimise the disruption while maintaining communication with local NHS services.
Patients in various London boroughs, including Bexley, Greenwich, and Southwark, have been affected. Oliver Dowson, a 70-year-old patient at Royal Brompton, experienced a cancelled surgery and expressed frustration over repeated delays. NHS England’s London region acknowledged the significant impact on services and emphasised the importance of attending emergency care and appointments unless instructed otherwise. They are working with the National Cyber Security Centre to investigate the attack and keep the public informed.
Synnovis, a collaboration between SYNLAB UK & Ireland and several NHS trusts, prides itself on advanced pathology services but has fallen victim to this attack despite stringent cybersecurity measures. Deryck Mitchelson from Check Point highlighted the healthcare sector’s vulnerability to such attacks, given its vast repository of sensitive data. Recent cyber incidents in the UK, including a similar attack on NHS Dumfries and Galloway, underscore the persistent threat to healthcare services. Government agencies actively mitigate the current situation and support affected NHS organisations.
A report released by the US Cyber Safety Review Board on Tuesday blamed Microsoft for a targeted Chinese hack on top government officials’ emails, deeming it ‘preventable’ due to cybersecurity lapses and lack of transparency. The breach, orchestrated by the Storm-0558 hacking group affiliated with China, originated from the compromise of a Microsoft engineer’s corporate account. Microsoft highlighted ongoing efforts to bolster security infrastructure and processes, pledging to review the report for further recommendations.
Despite acknowledging the inevitability of cyberattacks from well-resourced adversaries, Microsoft emphasised its commitment to enhancing system defences and implementing robust security measures. The company highlighted ongoing efforts to fortify systems against cyber threats and enhance detection capabilities to fend off adversarial attacks. The incident underscores the persistent challenges posed by cyber threats and the imperative for technology companies to prioritise cybersecurity measures to safeguard sensitive data and operations against evolving threats.
Overall, the agency will work to ‘provide expert advice, research, and development to support countering terrorism, countering state threats, and protecting the public’. Goals include protecting UK’s critical infrastructure, as well as the country’s economy and its science and technological advantage.
NoName057(16), a hacktivist group described as pro-Russian, is reportedly targeting websites of candidates in the 2023 Czech presidential elections. According to SentinelLabs, the action is part of a distributed-denial-of-service (DDoS) attacks campaign that the group has been conducting against government organisations and critical infrastructures in Ukraine and NATO member states since the start of the war in Ukraine. Some of the most recent targets are said to include Denmark’s financial sector and organisations and businesses in Poland and Lithuania.
The organisation allegedly carried out these attacks utilising open Telegram channels, a DDoS payment program run by volunteers, a multi-OS supported toolkit, and GitHub.
The Biden administration is reportedly pushing for a US national cybersecurity strategy that calls for more cybersecurity regulations, including in relation to the US critical infrastructure. The strategy, expected to be signed in the coming weeks, would require that regulations are developed by consulting industry actors as a means to ensure that the rules advance security without being unworkable or unduly burdensome. As Mark Montgomery, a senior fellow at the Foundation for Defense of Democracies argues, ‘the strategy reflects the hard lessons we’ve learned from SolarWinds to Colonial Pipeline — that our supply chain and our critical infrastructures are under duress,’ and the key part will be translating all of this into action.
Iran’s Infrastructure Communications Company announced on 6 January 2023 that it had prevented a cyberattack on the country’s central bank. Amir Mohammadzadeh Lajevardi, head of the company, was quoted by local media as saying that the bank was targeted by a distributed denial of service (DDoS) attack. In October, Anonymous and other global hacking groups threatened to launch cyberattacks against Iranian institutions and officials in support of anti-government protests and to thwart internet censorship in Iran.
The hacking team targeted the Brookhaven, Argonne, and Lawrence Livermore National Laboratories, created fake login pages for each lab, and then emailed scientists with the intent of stealing their passwords.
Reuters did not determine why the three labs were targeted or if the attempted intrusions were successful. Neither of the three labs responded to requests for comments.
A new variant of the Agenda ransomware, a ransomware targeting healthcare and education entities, has been identified. Agenda uses the practice of partial or intermittent encryption and configures parameters that are used to determine the percentage of the file content to be encrypted. The new variant is also able to disable user account control – which otherwise could help mitigate the impact of malware by requiring administrative access to launch a program or a task.
