Newsletters

For the past two weeks, a ransomware attack has been wreaking havoc among healthcare services and putting lives at risk across South Africa.

The incident took place on June 22 and hit the National Health Laboratory Service (NHLS), a South African government organization that does lab work for the country's hospitals.

The attack and subsequent IT outage crippled 265 NHLS laboratories and their ability to process blood work. According to a report from the Cape Independent, the labs are behind on over 6.3 million blood tests. The lack of proper blood work is delaying accurate diagnostics and has postponed operations, putting countless patient lives at risk.

A whitepaper published last year by academics from the University of Minnesota's medical school has looked at the aftermath of ransomware attacks on US hospitals and found evidence to suggest that mortality rates typically increase by around 20%.

The study looked at hospital admissions before, during, and after a ransomware attack, at the hospital's profits, and reported patient deaths.

Researchers said the most affected category were patients who were already hospitalized at the time of the ransomware attack, compared to patients who were admitted after, where hospital staff could adjust procedures to take into account for unavailable IT systems.

KT, formerly Korea Telecom, has been accused of deliberately infecting 600,000 of its own customers with malware to reduce peer-to-peer file sharing traffic. This is a bizarre hack and a great case study of how government regulation has distorted the South Korean internet.  

South Korean media outlet JTBC reported last month that KT had infected customers who were using Korean cloud data storage services known as 'webhards' (web hard drives). The malware disabled the webhard software, resulted in files disappearing and sometimes caused computers to crash.  

JTBC news says the  team involved "consisted of a 'malware development' section, a 'distribution and operation' section, and a 'wiretapping' section that looked at data sent and received by KT users in real time". Thirteen KT employees and contractors have been referred by the police for prosecution. 

There's an unauthenticated remote code execution vulnerability in OpenSSH. We're all gonna d... Nah, I'm kidding! It's actually not as bad as that combination of words makes it seem.

The vulnerability was discovered and disclosed on Monday by security firm Qualys. It is tracked as CVE-2024-6387 and is also known under the name of regreSSHion.

It impacts all OpenSSH versions released since October 2020.

The Risky Business News team has been on a break for the past two weeks, and as such, we're a little bit behind.

Below are the major headlines from the past week as we play catch-up with the infosec news cycle. We'll see you back on Wednesday with our usual super-detailed coverage of the infosec field!

TeamViewer hacked: TeamViewer says Russian hackers have breached its internal network in a security breach last week. The company says the hackers obtained an employee's credentials and accessed its corporate network on Wednesday, June 26. TeamViewer says there is no evidence that the hackers accessed customer data or its main product environment. The company has attributed the hack to APT29 (Midnight Blizzard), a cyber-espionage unit inside Russia's SVR intelligence agency.

The US Government has decided to evict Russian cyber security company Kaspersky from the US market, announcing a ban on sales to US customers and applying financial sanctions to Kaspersky's senior leadership.

Last Thursday, the Commerce Department announced Kaspersky will be prohibited from selling to US customers from late July and that its operations in the country must stop by 29 September. 

This means no more codebase and anti-virus signature updates, so  current customers have just a short period to find alternatives.  

The Russian government is holding private talks on establishing a dedicated cybersecurity agency, similar to the role CISA plays in the US.

Talks are in early stages but a RIA Novosti report suggests the initiative has support from Russia's private sector.

The Russian government has recently passed or started working on several cybersecurity-related initiatives.

A new report explores how effectively the Chinese state leverages civilian talent for state-sponsored cyber operations. 

From Vegas to Chengdu, by Eugenio Benincasa from the Center for Security Studies at ETH Zurich, focuses on the links between Chinese hacking contests and bug bounties and the country's cyber espionage programs. Interestingly, it finds that PRC vulnerability discovery efforts in recent years depend highly on just 'a handful' of Chinese researchers

The report pulls together information made public over the past several years to comprehensively summarise evidence the PRC funnels vulnerability research into state-sponsored espionage efforts.

Apple is holding its yearly Worldwide Developers Conference (WWDC) this week in Cupertino, and the company has announced several security-related features on the first day of the event.

This year's biggest announcement is Private Cloud Compute, a new feature that will take user data and process it inside an encrypted cloud server. This feature will be used for new Apple AI services that require more processing power than is available on the user's device.

Apple says the data will be stored on servers that use custom-built hardware and run a custom operating system. Data is sent to PCC servers only with the user's approval, and Apple says that even its staff with administrative rights can't access or view it. Everything, of course, is wrapped in cryptographic protocols.

GetResponse data breach: The email marketing platform GetResponse disclosed a security breach after a threat actor gained access to one of its employees' accounts. The company says the attacker used the account to pivot to less than 10 of its customers. So far, the GetResponse breach has been linked to at least one other breach—at cryptocurrency platform CoinGecko. The company says the hacker stole the email addresses of almost two million CoinGecko subscribers.

LendingTree breach: Loan comparison site LendingTree has confirmed that its QuoteWizard subsidiary had data stolen from its Snowflake account. [Additional coverage in TechCrunch]

Bangladesh data leak: The Bangladesh intelligence agency has caught two police officers from its anti-terror unit selling citizen data to criminals on Telegram. According to TechCrunch, the officers sold both PII and classified data via a Telegram channel. The Bangladesh government says the two officers had access to government systems suspended as they are being investigated. The NTMC intelligence agency caught the two after reviewing logs of its own systems.