Hospitals Under Ransomware Siege
On October 28th the CISA, FBI, and DHS issued a joint warning of an increased ransomware threat to hospitals. The Ryuk ransomware uses the Trickbot network to deploy. These ransomware attacks originate from Eastern Europe, seem to be financially motivated, but are ruthlessly disrupting critical care. The Ryuk ransomware has been deployed against targets outside health care for some time, but healthcare targets are new and potentially lethal.
On September 28th a woman in Dusseldorf died during a ransomware attack. As an OSIRIS Essay noted at the time, real-world death from a cyberattack is a watershed event. The Dusseldorf attackers seemingly regretted attacking a hospital, and immediately surrendered the decryption keys, still too late to save the victim. Current attackers are deliberately targeting hospitals, which implies either impunity to potential harm or a calculated risk to extort more money from the targets.
The increase in ransomware attacks on hospitals represents the clearest deterrence failure, so far. Attacks against hospitals have a proven ability to kill people, allowing governments to credibly signal retaliation, including using military and military-like resources. We can conclude governments are not attempting to deter these attacks, because everyone would need to know the threats in order to be deterred.
Russian APT Hacks European Governments
US Cybercom released details about techniques Russian APT “Venomous Bear” used to hack into various European governments. Venomous Bear (also known as Turla Group) apparently breached security on thousands of government and non-government systems. Cybercom released its information as a Halloween “#TrickOrTreat event.”
Venomous Bear draws less attention than other Russian APTs like Fancy Bear and Cozy Bear, but it has been active for at least ten years and is very competent. Venomous Bear was responsible for “agent.btz,” an early worm that ran rampant through American military systems ten years ago. Attacking European targets reflects increased Russian interest in European politics.
Republican Woes Before Election
Immediately before the election, Republicans seem to be struggling online, in problems unrelated to the running gun battle with social media. Early in the week, Facebook blocked Republican ads for telling people it was election day, a week before election day. The Republican Party in Wisconsin lost $2.3 million to a phishing scam. On Oct 27th, the Trump Campaign’s website was hacked and defaced.
None of these online challenges are major security breaches, but don’t paint a picture of competence. We do not seem to be at the point where systemic challenges will, on their own, affect elections, but the public may soon change its opinions. As information security and online political space becomes more important, campaigns and parties are likely to pay electoral prices for online and security failures.
Noteworthy
How the Pandemic is Reshaping the Bug-Bounty Landscape by O’Donnell and Ellis
David Benson is a Professor of Strategy and National Security focusing on cyberstrategy and international relations. You can reach him at dbenson@osiriscodex.com.
To get more insightful analysis like this in your inbox at no cost please subscribe.
Share this Brief with someone who might appreciate it.
Ask a question! Raise an objection! Leave a comment!