Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label National Cyber Security Centre. Show all posts

Ransomware Attack on Pathology Services Vendor Disrupts NHS Care in London

 

A ransomware attack on a pathology services vendor earlier this week continues to disrupt patient care, including transplants, blood testing, and other services, at multiple NHS hospitals and primary care facilities in London. The vendor, Synnovis, is struggling to recover from the attack, which has affected all its IT systems, leading to significant interruptions in pathology services. The Russian-speaking cybercriminal gang Qilin is believed to be behind the attack. Ciaran Martin, former chief executive of the U.K. National Cyber Security Center, described the incident as "one of the more serious" cyberattacks ever seen in England. 

Speaking to the BBC, Martin indicated that the criminal group was "looking for money" by targeting Synnovis, although the British government maintains a policy against paying ransoms. Synnovis is a partnership between two London-based hospital trusts and SYNLAB. The attack has caused widespread disruption. According to Brett Callow, a threat analyst at security firm Emsisoft, the health sector remains a profitable target for cybercriminals. He noted that attacks on providers and their supply chains will persist unless security is bolstered and financial incentives for such attacks are removed. 

In an update posted Thursday, the NHS reported that organizations across London are working together to manage patient care following the ransomware attack on Synnovis. Affected NHS entities include Guy's and St Thomas' NHS Foundation Trust and King's College Hospital NHS Foundation Trust, both of which remain in critical incident mode. Other impacted entities are Oxleas NHS Foundation Trust, South London and Maudsley NHS Foundation Trust, Lewisham and Greenwich NHS Trust, Bromley Healthcare, and primary care services in South East London. 

The NHS stated that pathology services at the impacted sites are available but operating at reduced capacity, prioritizing urgent cases. Urgent and emergency services remain available, and patients are advised to access these services normally by dialing 999 in emergencies or using NHS 111. The Qilin ransomware group, operating on a ransomware-as-a-service model, primarily targets critical infrastructure sectors. According to researchers at cyber threat intelligence firm Group-IB, affiliate attackers retain between 80% and 85% of extortion payments. Synnovis posted a notice on its website Thursday warning clinicians that all southeast London phlebotomy appointments are on hold to ensure laboratory capacity is reserved for urgent requests. 

Several phlebotomy sites specifically managed by Synnovis in Southwark and Lambeth will be closed from June 10 "until further notice." "We are incredibly sorry for the inconvenience and upset caused to anyone affected." Synnovis declined to provide additional details about the incident, including speculation about Qilin's involvement. The NHS did not immediately respond to requests for comment, including clarification about the types of transplants on hold at the affected facilities. The Synnovis attack is not the first vendor-related incident to disrupt NHS patient services. Last July, a cyberattack against Ortivus, a Swedish software and services vendor, disrupted access to digital health records for at least two NHS ambulance services in the U.K., forcing paramedics to use pen and paper. 

Additionally, a summer 2022 attack on software vendor Advanced, which provides digital services for the NHS 111, resulted in an outage lasting several days. As the healthcare sector continues to face such cybersecurity threats, enhancing security measures and removing financial incentives for attackers are crucial steps toward safeguarding patient care and data integrity.

Fortifying Cybersecurity for Schools as New Academic Year Begins

 

School administrators have received a cautionary alert regarding the imperative need to fortify their defenses against potential cyberattacks as the commencement of the new academic year looms. 

The National Cyber Security Centre has emphasized the necessity of implementing "appropriate security measures" to safeguard educational institutions from potential threats and to avert disruptions.

While there are no specific indicators of heightened threats as schools prepare to reopen, the onset of a fresh academic term underscores the potential severity of any cyberattacks during this period. 

Don Smith, the Vice President of the counter-threat unit at Secureworks, a cybersecurity firm, has highlighted the current transitional phase as an opportune moment for cybercriminals. He pointed out that the creation of new accounts for students and staff, as well as the school's approach to portable devices like laptops and tablets, can introduce vulnerabilities.

Smith explained, "Summer is a time when people are using their devices to have fun, play games, that sort of thing. If you've allowed teachers and pupils to take devices home, or let them bring their own, these devices may have picked up infections and malware that can come into the school and create a problem."

Last September, six schools within the same academy trust in Hertfordshire suffered internal system disruptions due to a cyberattack, occurring shortly after the new term had started. 

Additionally, just recently, Debenham High School in Suffolk fell victim to a hack that temporarily crippled all of its computer facilities, prompting technicians to work tirelessly to restore them before the commencement of the new term.

Schools are generally not the primary targets of concentrated cyberattack campaigns, unlike businesses, but they are considered opportunistic targets due to their comparatively less robust defenses. 

Don Smith emphasized that limited budgets and allocation priorities may result in schools having inadequate cybersecurity measures. Basic digital hygiene practices, such as implementing two-factor authentication and keeping software up to date, are crucial for safeguarding vital data.

Moreover, it is imperative for both students and teachers to be regularly educated about cybersecurity threats, including the importance of strong passwords, vigilance against suspicious downloads, and the ability to identify phishing attempts in emails. Mr. Smith noted that cybersecurity is no longer solely the responsibility of a small IT team; instead, all users are on the frontline, necessitating a general understanding of cybersecurity fundamentals.

A recent study revealed that one in seven 15-year-olds is susceptible to responding to phishing emails, especially those from disadvantaged backgrounds with weaker cognitive skills. Professor John Jerrim, the study's author, emphasized the need for increased efforts to help teenagers navigate the increasingly complex and perilous online landscape.

The National Cyber Security Centre, a division of GCHQ, has previously issued warnings regarding the growing prevalence of ransomware attacks targeting the education sector. Ransomware attacks involve criminals infiltrating a network and deploying malicious software that locks access to computer systems until a ransom is paid. Although ransomware attacks temporarily declined during the first quarter of 2023, they have been steadily increasing since then.

SonicWall, a cybersecurity company, emphasized that schools, being repositories of substantial data, are attractive targets for hackers pursuing financial and phishing scams. As schools rely more heavily on internet-based tools in the classroom, they must prioritize cybersecurity, both in terms of budget allocation and mindset, as the new school year approaches.

In response to these concerns, a spokesperson for the Department for Education affirmed that educational institutions bear the responsibility of being aware of cybersecurity risks and implementing appropriate measures. This includes establishing data backups and response plans to mitigate potential incidents.

"We monitor reports of all cyberattacks closely and in any case where there has been an attack, we instruct the department's regional team to offer support," they added. "There is no evidence to suggest that attacks like this are on the rise."

Top Cyber Official Says AI Needs Better Security

 


Artificial intelligence (AI) is used by hackers and propagandists to develop malicious software, draft convincing phishing emails to infect computers, and spread false information via the web, according to Canada's top cybersecurity official, who spoke to Reuters on Thursday. This report suggests cybercriminals have also adopted the technological revolution sweeping Silicon Valley. This proves that this is not an unfamiliar phenomenon. 

To protect against malicious attacks involving cyberspace, Lindy Cameron, the Chief Technology Officer for the National Cyber Security Centre, believes it is vital to integrate cyber security into artificial intelligence (AI) systems. Despite the fact that AI development is at its infancy, but robust security measures cannot be overstated. Many companies have expressed concerns that since they are eager to release AI products as soon as possible, they might overlook security considerations. This could pose a serious risk to users. 

A former intelligence chief has warned that there could be devastating consequences for attacks on artificial intelligence systems in areas such as transportation, utilities, and national security. This is if these attacks succeed. 

It is predicted that AI will play an increasingly significant role in many aspects of daily life, such as homes, cities, and even combat operations, sometime in the future. The benefits of these changes, however, come with risks. Several researchers, including Hannigan and Lorenzo Cavallaro from University College London, who are experts in adversarial machine learning, have pointed out vulnerabilities found in artificial intelligence systems. These vulnerabilities may be exploited by malicious actors in the future. 

There is a study explaining that AI systems can be breached with malicious code injected into the system. This is done by misleading it with fake data. Both of these actions compromise the AI system's results. AI-generated outcomes can be difficult to identify and trust because of these vulnerabilities. 

In a recent interview, Sami Khoury the head of the Canadian Center for Cyber Security said his agency had seen the use of artificial intelligence (AI) being used in phishing emails, in crafting emails in a more focused manner, in malicious code(s), as well as in disinformation and misinformation. 

The evidence that Khoury provided was neither detailed nor specific. Nevertheless, the implication that cybercriminals are already using artificial intelligence gives a new urgency to the chorus of alarm arising from the use of this emerging technology by international criminal organizations. 

Recently, several cyber security watchdog groups have been releasing reports indicating that artificial intelligence (AI) poses a serious threat to society, particularly the rapidly improving language processing programs known as large language models (LLMs), which use a large amount of text as a starting point to create convincing dialogues, documents, and other forms of communication.

Besides disruptions, there are broader national security implications associated with the use of artificial intelligence. As a result, intelligence systems are capable of being misused by malicious actors to analyze satellite imagery taken by military forces, leading to false identifications of real assets versus bogus ones.

It is now reported that real-world attacks on AI systems are occurring here and now, despite the fact that such concerns have previously been theoretical. The Center for Security and Emerging Technology at Georgetown University notes that these malware attacks could affect a wide range of industries, including the banking industry, telecommunications, and the government, particularly those responsible for detecting cyberattacks using artificial intelligence systems. 

AI systems must be able to address these security challenges in order for them to be successful. The early days of internet security must be used to learn from companies and developers to make sure security considerations are prioritized during the development of AI products. According to Cameron, it is the producers' responsibility to ensure the security of their artificial intelligence systems in order to give consumers the confidence that the technology is safe without having to worry about potential risks associated with it. 

It is suggested that those who develop AI systems should focus on creating a robust and secure AI system, as a way to mitigate the risks. Additionally, it provides a pertinent explanation of the importance of regulatory measures and standards in order to secure AI technologies. Furthermore, another suggestion is that government agencies, researchers, and industry experts work together in order to resolve these challenges and improve the overall security of AI systems by collaborating. 

Considering the possible negative consequences of an attack on national security and the potential threat of malicious attacks on AI systems, the integration of robust security measures is integral to safeguarding against them. Developing secure artificial intelligence technologies requires collaboration among developers, regulators, and experts in the field of cybersecurity who have a wealth of experience in the field. The only way that AI can be harnessed for the benefit of society effectively and safely is through these collective actions that will benefit society as a whole. 

It has been said by Khoury that despite the fact that the use of artificial intelligence to draft malicious code is still in its infancy - "there's still a long way to go because it takes a lot to write a good exploit" - the concern is that the evolution of AI models is taking such rapid strides that it can be difficult to determine their malicious potential prior to them being released into the wild.

Ukraine’s Cyber-Defenses Have Been Exemplary, Says Lindy Cameron


It has always been a necessary task to defend one’s digital life in order to secure critical systems and services. In recent years, the UK has witnessed a range of online threats, varying from ransomware threats, and online frauds, to the cybersecurity risks that the country garnered with the return of war in Europe.

Considering the changes in the entire cybersecurity landscape over the past year, the UK needs a whole-of-society response to combat the ever-evolving online threats, risks, and vulnerability, in order to secure the nation’s online status. 

Working with allies and partners in both the public and private sectors, the National Cyber Security Centre (NCSC) has contributed to a significant effort to increase our country's resilience at each level. Along with reflecting on significant achievements and challenges faced over the past, its Annual Review sheds light on what can we learn from the past year to combat the threats and perplexities that lie ahead. 

The invasion of Ukraine was one of the biggest problems for cybersecurity. While Russia's harsh and devastating war aimed to change the world's physical geography, its effects were felt everywhere, including in cyberspace. 

“While Russia’s brutal war has sought to redraw the physical map, its consequences have been felt in cyberspace,” says Lindy Cameron, CEO of the National Cyber Security Centre. 

NCSC, as a part of GCHQ, could monitor cybersecurity threats and has cautioned of increased cyber risks because of Russian hostility from the beginning of 2022. It has additionally published expert guidelines to aid organizations strengthen their defenses, and has collaborated extensively with partners to make sure that vital enterprises, infrastructure, and society as a whole are as robust as possible. 

Ransomware continues to present one of the greatest risks to UK businesses and organizations, and we have already witnessed the adverse repercussions that attacks may have on operations, finances, and reputations of organizations, resulting in the widespread wreck for consumers. 

The NCSC has published expert guidance to aid organizations to take measures to secure themselves online and continues to urge CEOs to take the matter seriously and should not be left to the technical experts. 

Since last year, NCSC has helped contain hundreds of thousands of upstream cyberattacks, while as well reinforcing preparedness for the same. Moreover, helping organizations and institutions gain a better understanding of the nature of threats, risks, and vulnerabilities downstream. 

By addressing these challenges, NCSC ensures the UK to emerge as a global cyber-power in the future. Its overall plan for doing so is outlined in the National Cyber Strategy, which acknowledges that thriving cyber skill and growth in the ecosystem is important to maintain this advantage and support the diversity of talent at its core. 

In the past year, initiatives like CyberFirst have collaborated with thousands of young people from all across the country, while NCSC has supported businesses for Startup programs, generating hundreds of millions of pounds in investments. 

“This is a source of great optimism for me and my team as we look ahead to 2023. But cybersecurity is a team sport and it is only through mobilising the whole of society that we can achieve our goal of making the UK a safe place to live and work online,” adds Cameron.