fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Suspected Chinese Hackers Behind Attacks On Ten Israeli Hospitals

Suspected Chinese Hackers Behind Attacks On Ten Israeli Hospitals

A joint announcement from the Ministry of Health and the National Cyber Directorate in Israel describes a spike in ransomware attacks over the weekend that targeted the systems of nine health institutes in the country.

In the joint announcement, the Israeli government states that the attempts resulted in no damage to the hospitals and the medical organizations, thanks to national-level coordination and the quick and decisive response of the local IT teams.

The two authorities had carried out numerous defensive activities in the health sector to identify open vulnerabilities and secure them before the weekend arrived, mostly in response to a Wednesday attack on the Hillel Yaffe Medical Center. 

As it seems, though, these efforts weren’t enough to secure the exposed endpoints, and some healthcare organizations were still breached over the weekend.

Also Read: How Bank Disclosure Of Customer Information Work For Security

Fingers point to Chinese hackers

According to local media reports, the attack is attributed to a Chinese group of actors using the ‘DeepBlueMagic’ ransomware strain, which first appeared in the wild in August this year.

DeepBlueMagin is known to disable security solutions that usually detect and block file encryption attempts, allowing for successful attacks.

Testing the IOCs shared by the authorities, BleepingComputer determined that the threat actors are using the ‘BestCrypt’ hard drive encryption tool to encrypt devices.

BestCrypt used for the encryption of the files
BestCrypt used for the encryption of the files

Israel’s National Cyber Directorate has released indicators of compromise (IOCs) in the form of file hashes that have been seen in related attacks.

The agency suggests that Israeli organizations perform the following steps:

  1. Review the IOCs in the CSV file and check if they have been observed in their environment.
  2. Perform an active scan of all systems and include the file hashes in the organization’s AV/EDR solutions.
  3. Make sure all VPN and email servers are upgraded to the latest version to resolve any vulnerabilities that threat actors can use to gain access to internal networks.
  4. If servers are not up to date, update them and perform password resets for all users.
  5. Increase monitoring for unusual events in the corporate networks.
  6. Report any breaches or unusual activity to the Israeli Israel National Cyber Directorate.

Hille Yaffe still struggling

In the meantime, the Hillel Yaffe Medical Center in the north of Tel Aviv is still struggling with the restoration of its systems, and the staff is using “pen a paper” to admit patients and circulate exams for the sixth day now.

Also Read: Data Protection Framework: Practical Guidance for Businesses

Even though there’s hope that the Hillel Yaffe Medical Center will return to normal operations in a few days, there are fears that some medical records will be unrecoverable.

This is because the ransomware actors reportedly accessed the backup system, wiping all copies stored there for emergency cases like cyberattacks.

Reuven Eliyahu, the cybersecurity chief in the Health Ministry has confirmed that the mid-week attack was carried out by Chinese hackers in a statement today, and described the actors’ motives as “purely financial”.

“This is probably a Chinese hacker group that broke away from another group and started working in August,” Eliyahu said in an interview with Army Radio. “The motive for the attack was purely financial.”

However, a source in the cybersecurity industry has told BleepingComputer that the attribution to China is weak and that the attacks may have simply been port scans or probes into a network’s defenses.

As for the ransom payment, the Hillel Yaffa center is a government-owned hospital, and as such, it won’t negotiate with hackers.

Update 10/18/21 02:31 PM EST: Added further information about attribution to China.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us