The cybersecurity challenges of today demand robust solutions that are frequently updated and ensure minimal risk of intrusion. Earlier, attackers stopped at ransom demands after attacking an organization with ransomware. They then used double extortion tactics to threaten enterprises of data leaks, and now, triple extortion campaigns are in vogue. This week’s cybersecurity headlines are all about attacks like these and more.
Triple Extortion Campaigns Are The New Cyberthreats
Cybersecurity experts anticipate ransomware attacks to cost $20 billion globally in 2021 and one of the reasons for this exponential growth in damage rates are the ongoing triple extortion campaigns. Who could be the third stakeholders that the adversaries can pressurize, you may ask? It’s the third parties directly affected by a data breach linked to a ransomware attack. These third parties include clients, service providers, external colleagues, etc. The first of the triple extortion attacks was the October 2020 attack on the Vastaamo clinic. The adversaries infected the clinic with ransomware, stole patient data, demanded an exorbitant ransom from the clinic and also from the patients, threatening them with data leaks.
Since the healthcare, legal, and insurance sectors have always been so vulnerable to cyberattacks, it is especially advisable for them to adopt ransomware protection measures. The cyber adversaries are constantly evolving their strategies to maximize their profits. Taking preventive measures is the only way to minimize risks.
Conti Attacks Ireland’s HSE And Provides A Decryption Key Without Receiving The Ransom
Ireland’s Health Service Executive (HSE) underwent a ransomware attack on 14th May. The Conti ransomware gang is believed to be responsible for the attack. Consequently, the entire HSE network was brought down, affecting even COVID 19 test reports. The Dublin High Court stepped up and took a stringent ransomware protection measure to stop the Conti ransomware group from leaking the 700GB dataset stolen from HSE.
The Dublin HC issued an injunction against Conti, making it illegal to share, sell, publish or process any data stolen from Ireland’s Health Service Executive. The ransomware group had demanded a ransom of $20 million in exchange for the decryption key. We are unsure whether it was the HC’s order or the dormant humanity of the attackers which inspired their actions, but they provided the HSE with a decryption key without receiving any ransom!
As the decryption software undergoes a technical examination, we can only hope that it works for real. The HSE is having a tough time restoring systems and providing services to patients in crucial times of a global pandemic.
FBI Employee Charged For Keeping Confidential Documents In Personal Possession For 13 Years
Insider threats have often worried companies about the efficacy of their cybersecurity tools. But one would not expect insider threats to be a problem for an organization like the Federal Bureau of Investigation (FBI). Yet a federal grand jury has charged an FBI employee – Kendra Kingsley, for keeping confidential FBI documents in her home for over a decade between 2004 and 2017. The documents retrieved from Kingsley’s home include the FBI’s methods and sources of countering cyber threats, counterintelligence and counterterrorism work, information on intelligence gaps about foreign intelligence services, human sources, etc.
Other documents found in the accused’s possession include details about FBI’s technical capabilities in counterterrorism and counterintelligence work, information on terrorism threats in Africa, al Qaeda members, and suspected allies of Osama bin Laden. Kingsley was an intelligence analyst with the FBI’s Kansas City division and had no authorization to remove official documents from the office premises. She was arrested soon after the revelation.
ProjectWEB Attack Poses Risk For Several Japanese Govt. Agencies
Fujitsu’s ProjectWEB enterprise software-as-a-service (SaaS) platform is temporarily down following a cyberattack. The adversaries gained access to its systems and stole sensitive files belonging to several Japanese government agencies. Affected entities include the ministries of Foreign Affairs, Tourism, Land, Infrastructure, and Transport. Details of the Narita Airport and the Cabinet Secretariat were also compromised.
ProjectWEB is Fujitsu’s cloud-based file sharing and enterprise collaboration. Over 76k email addresses and files stored by the Japanese government agencies on ProjectWEB were affected by the breach. After the incident, Fujitsu has adopted email security services and continues to investigate the breach because of pressure from the Cabinet Cyber Security Center (NISC).
Cyberattacks Anticipated In Wake Of The Tokyo Olympics 2021
The Tokyo Summer Olympic Games, scheduled to begin from 23rd July 2021, might be susceptible to cyberattacks from Russian threat actors. The former senior police official and current president of the Japan Forum for Strategic Studies (JFSS) – Mr. Masatoshi Fujitani, predicts these cyberattacks. He recently published an article in JB Press where he talked about the ransomware group DarkSide, and its link to Russia in launching the attack on Colonial Pipeline.
We don’t know whether Fujitani’s fears will prove accurate, but Japan has already begun training its white hackers against possible attack attempts. The JFSS director has also invited developed nations like the US and the UK to join in on its efforts at strengthening cyber defense against potential attacks from DarkSide or other Russian ransomware groups. It is believed the exclusion of Russian players based on doping allegations in the past has triggered this retaliation, and this just increases the possibility of cybersecurity risks in the Tokyo Olympics.
Why Use Updated Versions Of PHP?
Ever wondered why so many cyberattacks turn out to be successful? It’s because those in charge of cybersecurity do not do a good job of updating patches and getting rid of the vulnerable software in their system. One such aspect of an IT network that needs to be updated from time to time is the programming language PHP. Developers whose websites run on PHP must make it a point to avoid outdated versions of the language, lest they welcome cyberattacks to target their platform.
Updated PHP versions are so important as researchers have recently found over 80,000 web servers prone to cyberattacks, and all of these used unpatched PHP versions. The cybersecurity risks associated with outdated PHP include cross-site scripting (XSS) and SQL Injection (SQLi) attacks.