The latest ransomware news and a controversy over alleged viruses in HP printer cartridges.
Welcome to Cyber Security Today. It’s Wednesday, January 24th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
There’s a lot of ransomware-related news today:
A company that provides water management services to 550 U.S. and Canadian municipalities was hit ransomware last week. Veolia North America says some of its software applications and IT systems were affected. Some customers faced delays in paying bills online because back-end systems were taken offline until they could be restored. However, the company says personal data of an unstated number of persons may also have been stolen.
Australia, the U.S. and the United Kingdom have sanctioned a Russian hacker they say is responsible for the 2022 ransomware attack against a major Australian health insurer. Data on 9.7 million current and former users of Medibank’s services was copied and then released on the dark web. Under the Australian sanctions it’s a criminal offence to provide financial assets to or handle assets of Alexander Ermakov. Under the American sanctions all property and interests in the property of Ermakov have to be blocked and reported to Washington.
A Canadian hospital is finally upgrading its digital records system after a ransomware attack last fall. Bluewater Health of Sarnia, Ont., announced this month it is switching to Oracle Cerner for its patient records. Its existing Meditech system was hacked in October. According to the Globe and Mail, the hospital committed 10 years ago to replacing Meditech. The hospital is one of five southwestern Ontario facilities that shares an IT services provider that was hacked. The others already use Oracle Cerner but the ransomware gang could only get into Bluewater Health’s Meditech platform.
Aercap Holdings, an Irish-based aviation leasing company, suffered a ransomware attack last week. In a filing with U.S. Securities and Exchange Commission the company says it now has full control over IT systems. It’s investigating how much if any data was stolen.
On Monday’s podcast I reported a data centre in Sweden had been attacked last week. The company that owns that facility now says this was a ransomware attack by someone deploying the Akira ransomware strain. Agence France Presse quoted a government spokesperson saying IT services of more than 120 government agencies were impacted. So were some retailers.
Palo Alto Networks has issued a background report on the BianLian ransomware gang. Defenders may be interested in the tactics and indicators of compromise listed in the report.
If you had any doubts, ransomware really did hit records last year. According to the year-end numbers compiled by the NCC Group, there were 4,667 ransomware attacks in 2023. Will the trend continue this year?
Splunk has patched several vulnerabilities in the Enterprise version of its network monitoring platform for Windows. One covers a deserialization of untrusted data issue.
HP has stirred controversy over its decision to brick its printers through a firmware update that prevents machines from using third-party ink cartridges. Last week CEO Enrique Lores told CNBC it’s because a virus can be embedded in a chip that cartridges use to communicate with its printers. However, experts interviewed by Ars Technica are skeptical malware could be planted this way. Could the claim have something to do with a proposed class action lawsuit HP might face? Read the article and make your own decision.
Apple has released security updates for all of its operating sytems and its Safari browser. According to the SANS Institute, the updates fix at least 16 security issues — some of which are being actively exploited. There’s also a new feature that — if a user enables it — helps protect against a person who steals an Apple device and then tries to log in with a password or PIN number they’ve seen the owner use.
Finally, although it’s only January scammers have started sending email and text messages impersonating the U.S. tax man. The messages supposedly from the Internal Revenue Service are about a tax refund or tax refund e-statement. The goal is to get victims to click on a link and get them to either download malware or fill out a form and steal personal information. The IRS won’t ask for personal information through an email or text.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.