A severe cyber attack has sent shockwaves through the UK’s healthcare systems. Here Ian Hirst, delves into the motivations behind these hacking groups and the critical steps healthcare providers can take to keep their organisation secure.
Cyberattack Crisis: London Hospitals Paralysed as Malware Strikes Synnovis
In a severe cyberattack that has sent shockwaves through the UK’s healthcare system, two prominent London hospitals, Guy’s and St Thomas’ and King’s College, have been forced to cancel all non-emergency operations and blood tests. The culprit? A devastating malware assault on their IT provider, Synnovis.
- The Immediate Impact: Synnovis, which supplies pathology services to these hospitals and others across six London boroughs, has confirmed that its IT systems have been compromised by malware. This breach has resulted in significant delays in patient results and the prioritisation of urgent and emergency requests, such as those needed for blood transfusions. In response, trauma cases at King’s College are being redirected to other sites, straining an already burdened healthcare network.
- The Scope of the Attack: The exact type of malware used in the attack remains unclear. However, the disruption suggests the possibility of ransomware, where threat actors could have encrypted critical systems and possibly stolen sensitive health data. Such data, if leaked, could have far-reaching consequences for patient privacy and trust in the healthcare system.
- Strategic Implications: A System Under Strain: The cyberattack is not just a technical issue; it has profound strategic implications. The affected hospitals’ inability to perform non-emergency operations and tests is putting immense pressure on other London hospitals, which are now tasked with handling the overflow of patients. Reports indicate a “very serious situation developing across London” as hospitals scramble to accommodate the influx.
- Tactical Implications: The Vulnerability of Outdated Systems: Healthcare providers often rely on outdated software due to the challenges of updating systems that are in constant use. This makes them prime targets for cyberattacks. While some ransomware groups avoid targeting healthcare organisations, others have no such scruples. This attack underscores the urgent need for healthcare providers to update and secure their systems to protect against such threats.
- A Closer Look at NHS Vulnerabilities: The UK’s National Health Service (NHS) has a history of cyber vulnerabilities. In 2017, the WannaCry ransomware attack paralyzed NHS operations, highlighting the critical need for robust cybersecurity measures. Despite improvements, this latest incident reveals ongoing weaknesses. The NHS must contend with balancing operational continuity with the need for regular system updates—a challenge that often leaves it exposed to cyber threats.
- Ongoing Service Disruption: As of the latest updates, over 800 planned operations and appointments have been disrupted due to the Synnovis attack. The NHS has issued an urgent call for O positive and O negative blood donors, as the affected hospitals struggle to match blood types at their usual rate, raising the risk of life-threatening mismatches.
Speculation and Official Statements: Synnovis has officially confirmed the attack to be ransomware-related but has not disclosed the responsible group. Speculation from cybersecurity experts, including Ciaran Martin, former chief executive of the National Cyber Security Centre, suggests the involvement of the Qilin ransomware group. However, this has not been confirmed, and the Qilin data-leak site is currently offline.
Conclusion
This cyberattack on Synnovis serves as a stark reminder of the critical importance of cybersecurity in the healthcare sector. As London hospitals grapple with the fallout, the incident highlights the vulnerabilities that exist within essential services and the far-reaching consequences of cyber threats. Strengthening cybersecurity measures and ensuring regular updates to IT systems are imperative to safeguard the future of healthcare in the digital age.
Nobelium Strikes Again: French Diplomatic Institutions in the Crosshairs of Russian Cyber Espionage
In an alarming development, the Computer Emergency Response Team of France (CERT-FR) has issued a stern advisory concerning the malicious activities of the notorious Nobelium threat group. Known for its sophisticated cyber espionage tactics, Nobelium has recently intensified its efforts, targeting French public institutions with a series of phishing campaigns.
- The Surge of Phishing Attacks: Nobelium’s latest offensive involved a barrage of phishing emails aimed primarily at French diplomatic institutions. These messages originated from foreign victims previously compromised by the group, a tactic designed to exploit trusted communication channels and increase the likelihood of success. Notably, in May 2022, phishing emails were sent from a compromised account of a French diplomat. The situation escalated in May 2023, with Nobelium attempting to breach the French Embassy in Romania.
- Nobelium’s Espionage Tactics: Nobelium, also known by its alias CozyBear, is a Russia-linked cyber espionage group with a well-documented history of targeting entities within EU and NATO states. Their primary modus operandi involves collecting sensitive information from compromised victims, which can be leveraged in future attacks. The group’s persistent focus on diplomatic and governmental institutions underscores their strategic intent to gather intelligence and disrupt operations.
- The Geopolitical Backdrop and Russia’s Influence: The resurgence of Nobelium’s activities is not occurring in a vacuum. Researchers have observed a notable correlation between the group’s heightened activity and Russia’s ongoing military aggression in Ukraine. This geopolitical turmoil has created an environment ripe for cyber espionage, with Russian-linked groups like Nobelium exploiting the chaos to advance their objectives.
- Strategic Implications: Nobelium’s actions are profound. By targeting diplomatic institutions, the group aims to undermine the political stability and security of EU and NATO states. The intelligence gathered from these operations can provide Russia with critical insights into the diplomatic strategies and internal communications of its adversaries.
- Tactical Implications: Nobelium’s activities highlight the evolving nature of cyber threats. The group’s ability to compromise high-level targets and use previously compromised accounts to launch further attacks demonstrates a sophisticated understanding of cyber warfare. This underscores the need for robust cybersecurity measures and international cooperation to combat such threats.
Conclusion
The advisory from CERT-FR serves as a stark reminder of the ever-present threat posed by cyber espionage groups like Nobelium. As geopolitical tensions continue to simmer, the cyber battlefield remains a crucial front in the ongoing struggle for global influence and security. For France and its allies, staying vigilant and enhancing cybersecurity defences is not just a priority but a necessity in this digital age.
US Bans Kaspersky: A Bold Move in Cybersecurity Amidst Rising Russia-Ukraine Tensions
In a decisive move, the US Department of Commerce’s Bureau of Industry and Security (BIS) has announced a comprehensive ban on Russia-based cybersecurity giant Kaspersky. This prohibition, which encompasses all affiliates, subsidiaries, and parent companies of Kaspersky, effectively blocks the sale, provision, and update of Kaspersky’s antivirus software and cybersecurity products or services to any US persons.
- What This Means for Kaspersky Users: All US users of Kaspersky products must transition to alternative cybersecurity solutions by the end of September 2024. This sudden shift is part of the Biden administration’s broader strategy to safeguard national security and outpace adversaries in the technology arena. The administration argues that Russia has the capability and intent to exploit companies like Kaspersky Lab to gather and weaponise sensitive US information.
- Kaspersky’s Response and Ongoing Activities: In response to the ban, Kaspersky maintains that it does not pose a threat to US national security and insists on its independence from the Russian government. The company also noted that the ban does not prevent them from offering cyber threat intelligence and training in the US, attributing the decision to the current geopolitical climate rather than an objective assessment of their products’ integrity.
- A Pattern of Increasing Restrictions: This ban follows an October 2023 order from the Canadian government, which removed Kaspersky applications from government devices, citing unacceptable privacy and security risks. This move underscores a growing trend of Western governments distancing themselves from Russian technology companies amidst heightened geopolitical tensions.
- The Bigger Picture: Geopolitical and Strategic Implications: Since the onset of the Russia-Ukraine war in January 2022, US-Russia relations have deteriorated significantly. The US has imposed numerous sanctions on Russia and provided substantial military aid to Ukraine. The ban on Kaspersky is a clear indicator of the escalating tensions and the lengths to which the US will go to protect its national security interests.
- Immediate and Long-Term Tactical Implications: The prohibition will take effect on September 29, 2024, leaving individuals and organisations a narrow window to switch providers. This tight deadline could lead to supply chain disruptions and pose security risks if entities rush to transition their cybersecurity measures. Additionally, Kaspersky is likely to face financial and reputational challenges as a result of this ban.
Conclusion
The ban on Kaspersky by the US is more than just a cybersecurity measure; it’s a significant geopolitical manoeuvre in the context of ongoing global tensions. As the digital battleground continues to expand, such moves highlight the critical importance of cybersecurity in national defence strategies. For US users, the focus now shifts to finding reliable and secure alternatives to ensure their digital safety in an increasingly volatile cyber environment.