January 2023 Newsletter
Posted By: Mark Monday 6th February 2023 Tags: AI, Artificial Intelligence, cyber attacks, cyber aware, Cyber Safe, Cyber Security, Data Leak, Hacking, malware, Newsletter, ransomwareThis month: a hacking news month sees UK school hit by ransomware attacks, hackers reverse an attack on children’s hospital, Norton LifeLock password manager gets hacked, the FBI infiltrates Hive hacking group, plus, Microsoft makes large investment in AI, and Tesla’s self-drive is taken to the limit.
Hackers Hit UK Schools
In early January, the BBC reported that fourteen schools around the UK had been hit by a hacking group called Vice Society. In the ransomware attacks, the hackers took a number of confidential documents ranging from teacher and head pay contracts, student bursary receipts, special education needs data (SEN), and passport scans of both parents and pupils.
Vice Society Hackers
The ransomware group are known for targeting eduction and healthcare sectors. They’ve been involved in a number of high profile attacks on schools throughout the USA and UK, prompting an FBI alert to warn of the hackers activities.
One of their highest profile school hacks was on the Los Angeles Unified School District, where they crippled digital operations across the systems for more than 1,000 schools, affecting around 600,000 students, and threatened to leak 500 gigabytes of stolen data.
While not necessarily covered as much as hacking groups like LockBit and Hive, the sectors they focus on are seen as easier targets. Schools and hospitals are seen as less well-funded in the area of cyber security, manage a lot of sensitive data and so attacks can cause major disruption.
A Mixed Response To The Hackers
The schools’ response to the hacking has reportedly been a mixed bag. While, at time of writing, there’s been no information about any ransoms paid, some have reported that documents have been leaked on Dark Web forums. Some schools have notified all, staff, pupils, and parents affected by the data breach, others have reported the attack to teachers but not notified them that data had been taken, and others notified their IT department but not parents and pupils.
Defending Yourself From Hackers
If you’re the victim of a data breach, the advice from cyber security experts and law enforcement is still not to pay up. If you do pay the hackers for the recovery of lost data there’s no guarantee that they will actually return your data, or return it in a usable format, while they’ll likely still leak it all online anyway.
Some advice for protecting yourself from ransomware attacks includes:
Lock Down RDP Points: Remote Desktop Protocol compromise is a common entry point, and not just to schools, so make sure you practice good password hygiene, and use multi-factor authentication. Make sure all factors, like VPN, are correctly configured.
Know Your Vulnerabilities: Keep all your software and security tools patched and up to date – and keep any payments up-to-date – and keep scanning systems regularly to monitor for any unusual activity.
Back Up Your Data: We bang on about this one constantly, but always have your precious data backed up so you can restore it in an emergency. Hackers will look to compromise your backups as part of the cyber-attack, so you need to be keeping offline and offsite backups that can’t be reached. Make sure these are tested as part of your security systems, to make sure they’ll actually work if called upon.
Be Proactive: The best way to deal with a cyber security emergency is to have a plan of action already mapped out, rather than being hit and then wondering how to fix things. Have people in charge of specific things needed to restore data, know what needs doing in what order, and aware of any legal requirements for notifications, etc, related to a data breach.
LaneSystems is an expert in cyber security, and can implement robust data recovery and backups services and even help get your team cyber secure. If you’re a company in the North-East of England, contact us for more information.
Hackers Give Free Decryptor To SickKids Hospital
In a rare sign of cyber criminals with a conscience, Bleeping Computer reported that a ransomware group, who had earlier compromised the systems of Canada’s Hospital for Sick Children, apologised and walked back the attack.
The Lockbit ransomware group, who are hackers that target the healthcare sector, performed a cyber-attack on the Toronto hospital just before Christmas. The ransomware attack affected internal systems, along with phone lines and the website. SickKids said that it would take weeks to restore systems fully and that delays for its clinical teams would mean longer wait times for patients and families.
Bad Publicity For Hackers
The SickKids announcement was picked up by mainstream media, and coverage snowballed – likely because of the combination of hackers, sick children and Christmas making for a great seasonal story to raise the hackles and pull at the heart strings.
This publicity led to the hackers releasing a public statement days later, posting:
“We formally apologize for the attack on sikkids.ca and give back the decryptor for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program”
LockBit released a free file decryption tool for the hospital to use, but is it likely that they really cared about the actual target, or were they just mindful of potential escalated blowback. Such publicity was likely to garner even greater attention from law enforcement, with greater resources being used against them, and there was even a likelihood of becoming the target of other hackers out there.
While the group claims a code of ethics over who they allow to be attacked, they’ve previously attacked hospitals that have left patients in potentially dangerous positions. As Bleeping Computer observed:
The attack on the French hospital led to referring patients to other medical centers and postponing surgeries, which could have led to significant risk to patients.
LaneSystems offers data recovery and backup services, and a full cyber security service to help prevent your business becoming the victim of a ransomware attack. If you’re a company in the North-East of England, contact us for more information.
Hackers Breach NortonLifeLock
In a mid-January data breach notice to customers, Gen Digital, parent company of the NortonLifeLock password manager, warned that thousands of customers had their accounts breached in a credential stuffing attack. The breach could have given hackers access to customers’ password managers.
Password Managers are a useful tool for accessing the many websites and online services we use every day without having to remember every single unique login. Rather than remembering the different logins for everywhere, you remember the master password for the password manager and it generates and stores the rest. It’s this huge number of logins we now need that leads to bad password hygiene. Hackers rely on the re-use of login information across multiple accounts as the means of success with credential stuffing attacks.
Credential stuffing attacks are where login details from previous breaches of different organisations are used to access accounts on other sites and services because the same usernames and passwords were used. Gen Digital says this is how accounts were accessed, rather than there being any compromise of its own systems.
The company said it first noticed intruder issues on December 1, followed by detection of a large scale failed login attempt on customer accounts on December 12. They reset Norton passwords on impacted accounts along with other security measures to counter the malicious attempts.
NortonLifeLock also advises customers to enable two-factor authentication to protect their accounts and take up the offer for a credit monitoring service.
Our advice is to practice good password hygiene by never reusing passwords across multiple logins, and always enable multi-factor authentication where possible.
Contact us to arrange a review of your company’s security practices and keep your business safe.
FBI Infiltrates Hive Ransomware Group
The US Department of Justice and Europol have revealed that they secretly infiltrated the Hive ransomware gang’s infrastructure for six months, monitoring activity and sabotaging cyber-attacks.
The FBI gained access to the criminal structure back in July 2022, where they were able to learn about attacks, warn relevant targets, and also obtain and distribute more than 300 decryption keys to victims of the hacking group’s victims. It is believed that they were able to prevent a potential $130 million in ransomware payments.
The DoJ said:
“Since late July 2022, the FBI has penetrated Hive’s computer networks, captured its decryption keys, and offered them to victims worldwide, preventing victims from having to pay $130 million in ransom demanded”
“Since infiltrating Hive’s network in July 2022, the FBI has provided over 300 decryption keys to Hive victims who were under attack. In addition, the FBI distributed over 1,000 additional decryption keys to previous Hive victims.”
The US estimates Hive and its affiliates collected over $100m (£81m) from more than 1,500 victims, including hospitals, school districts, financial companies and critical infrastructure, in more than 80 countries around the world. One hospital was left unable to accept new patients.
The FBI says it worked with local law enforcement agencies to help victims recover including the UK’s National Crime Agency which says it gave around 50 UK organisations decryptor keys to overcome the hacks.
The FBI also said it gained access to two dedicated servers and one virtual private server hosted in California, while Dutch police accessed to two backup dedicated servers hosted in the Netherlands.
A co-ordinated effort took down Hive’s network and networks on January 27th, with their website now showing a seizure notice at time of writing.
Attorney General Merrick Garland said: “Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world.”
Deputy Attorney General Lisa O Monaco said: “Simply put, using lawful means, we hacked the hackers.”
There are many ransomware groups out there. Even if Hive stays down, there are others to fill the space. Make sure your business is cyber secure by contacting us today to arrange a review of your business.
Microsoft Invests Billions In OpenAI
While the Redmond behemoth recently announces thousands of job cuts across many of its global divisions, they also announced a multi-year, multi-billion dollar investment in ChatGPT makers, OpenAI, as they look to accelerate their plans to rollout artificial intelligence technologies within their business products.
There’s been speculation for a while that Microsoft is looking to add ChatGPT to its Bing search engine offering, as it looks to break the Google stranglehold on that sector, but, we could be close to seeing an injection of AI into the world of writing documents, presentations and emails. Engineers are said to have been developing the integration of Open AI’s tools into Word, PowerPoint, Outlook and other apps in the Microsoft family of business tools.
This agreement follows our previous investments in 2019 and 2021. It extends our ongoing collaboration across AI supercomputing and research and enables each of us to independently commercialize the resulting advanced AI technologies.
- Supercomputing at scale – Microsoft will increase our investments in the development and deployment of specialized supercomputing systems to accelerate OpenAI’s groundbreaking independent AI research. We will also continue to build out Azure’s leading AI infrastructure to help customers build and deploy their AI applications on a global scale.
- New AI-powered experiences – Microsoft will deploy OpenAI’s models across our consumer and enterprise products and introduce new categories of digital experiences built on OpenAI’s technology. This includes Microsoft’s Azure OpenAI Service, which empowers developers to build cutting-edge AI applications through direct access to OpenAI models backed by Azure’s trusted, enterprise-grade capabilities and AI-optimized infrastructure and tools.
- Exclusive cloud provider – As OpenAI’s exclusive cloud provider, Azure will power all OpenAI workloads across research, products and API services.
A spokesperson believed AI would have an “impact at the magnitude of the personal computer, the internet, mobile devices and the cloud”.
As Vox notes:
Maybe OpenAI’s technology is a game changer. Maybe it’s just a party trick. Either way, Microsoft’s got it, and a lot of people think it’s amazing. That perception is important. Google now finds itself in a similar position that it helped put Microsoft in two decades ago: hoping it can release something better before it gets passed by.
Police Chase Sleeping Tesla Driver
The Register reported the peculiar story, from Germany, of a tesla owner apparently asleep at the wheel while his Tesla car drove along the Autobahn on autopilot.
The Bavarian police report claims they chased a Tesla that they noticed had ‘something off’ about it as it passed by. In spite of following with sirens and horns to make a routine traffic stop, the driver appeared to ignore all efforts to get him to pull over.
They claim to have given pursuit for fifteen minutes with the car maintaining a fixed distance at a fixed speed of 68mph. The driver appeared to be in a reclined position. After the fifteen minutes, police say that the driver woke up and pulled over.
As El Reg reports:
“Officers found that the Tesla driver was reclining in the seat with his eyes closed and his hands off the steering wheel,” the police said in their press release, as translated by Google. ” This strengthened the suspicion that he had left the controls to the autopilot and had fallen asleep.”
The police claimed he was acting under the influence of drugs, and also say they found a steering wheel weight, commonly used to trick Tesla’s Autopilot system. The system requires drivers to place hands on the steering wheel at regular intervals to show they’re alert and could to take control if required. The steering wheel weight makes the Autopilot system think hands are on the wheel.
Under the SAE industry standards, Tesla’s Autopilot system and Full Self Driving (FSD) are not ‘Level 5’ autonomous systems. Autopilot is Level 2, at best. However, Tesla calls its systems ‘Autopilot’ and ‘Full Self Driving’ suggesting they are fully autonomous. There are legal battles in California over this.
Tesla acknowledges at least that “Full Self-Driving” is only partially self-driving on its website: “Autopilot is a hands-on driver assistance system that is intended to be used only with a fully attentive driver. It does not turn a Tesla into a self-driving car nor does it make a car autonomous.”
Needless to say, trying to fool the car with workarounds is dangerous and potentially lethal.