At a glance.
- Ransomware group claims to have attacked London health trust.
- Study shows cyberextortion is becoming attackers’ tactic of choice.
- Attackers target the cloud’s silver lining.
Ransomware group claims to have attacked London health trust.
The ALPHV/BlackCat ransomware gang is claiming they’ve stolen 7TB of data from Barts Health NHS Trust, one of the largest hospital trusts in the UK, and has threatened to leak the documents online if their ransom demands are not met. Bloomberg reports that British cybersecurity officials are investigating the claims, and a spokesperson for the UK’s National Cybersecurity Centre said yesterday they’re “working with Barts Health NHS Trust and partners to fully understand the impact of an incident.” A Barts spokesperson says the organization is also investigating the claims, and the Information Commissioner’s Office says it was notified by Barts of the possible attack. On their leak site, ALPHV published a sample of the allegedly stolen files, which include driver’s licenses, passports, and confidential internal communications. The Russian-speaking threat group claims the attack amounts to the “most bigger leak from health care system in UK.” The Barts trust oversees five London hospitals serving approximately 2.5 million people, and if the cybercriminals’ claims are true, this will be the third cyberattack the trust has suffered in the past six years.
Study shows cyberextortion is becoming attackers’ tactic of choice.
A report from cloud security company Zscaler’s ThreatLabz indicates that cyberextortion is on the rise, GovTech reports. Researchers analyzed cyberincidents that occurred between April 2022 through April 2023 and found that the volume of ransomware attacks has increased nearly 38% year over year. The trend of encryptionless extortion – in which attackers focus on stealing and threatening to publish confidential data, rather then encrypting it – began in 2021 and has increased over the past two years, the report finds. Most recently, the Cl0P ransomware group has been making headlines for using this tactic in the wide-reaching mass-hack of MOVEit’s file transfer software. That said, some threat groups still prefer double extortion – attacks that combine encryption with extortion – and the researchers found that double extortion attacks against the education sector grew a whopping 121.79% year over year. A Zscaler spokesperson stated, “Double extortion attacks are often more successful than the old encryption-only extortion attacks as most organizations have now adopted good data backup hygiene (since WannaCry, Bad Rabbit ransomware outbreaks) allowing them to quickly recover the encrypted file.” US entities were the most impacted, hit with 40% of the analyzed double encryption attacks, followed distantly by Canada with just 6.75%. Ian Milligan-Pate, Zscaler’s area vice president for state, local and education, explains, “It’s definitely economically driven. … so that makes the U.S. a high target, as it’s the world’s largest economy.” The report also found that ransomware developers have been employing new tactics, replacing traditional programming languages like C and C++ with newer ones like Golang and Rust, which are more memory safe and harder to reverse-engineer.
Attackers target the cloud’s silver lining.
Cloud computing firm Thales has released its 2023 Global Cloud Security Study, compiling data gathered from nearly three thousand IT and security professionals across eighteen countries. The report indicates that 39% of businesses experienced a data breach in their cloud environment last year, an increase of 4% over 2021. Human error was the cause for the majority (55%) of these breaches, with exploitation of vulnerabilities coming in at a distant second at 21%. Matt Cooke, Cybersecurity Strategist at Proofpoint, told Infosecurity Magazine that hackers are increasingly targeting users as a means of infiltrating cloud networks. “Attackers realize that people and their accounts are still the vulnerability,” Cooke explains. “And it actually doesn’t matter now where that person is because everyone’s pretty much using the same tools. For example, everyone’s got a Microsoft 365 account.” According to Proofpoint’s 2023 Human Factor report, 94% of cloud tenants were targeted by attackers in any given month. Thales also found that software as a service (SaaS) usage increased 41% over the past two years, and over half of cyber professionals said SaaS usage has made it more difficult to secure cloud data. It’s also worth noting that 79% of respondents said they employ the services of more than one cloud provider, and Thales’ EMEA Technical Associate Vice President, Data Security Chris Harris says multicloud environments make cybersecurity more challenging. “Discrepancies in configuration and compatibility can mean gaps can emerge, increasing the risk of a breach or intrusion by a malicious actor,” Harris explained. “It makes it all the more important to reconsider the cybersecurity measures that are in place as an organization moves critical data into multicloud environments, as those solutions that might have worked in a world where everything was kept in on-premises environments are likely no longer sufficient.”