- UnitedHealth’s CEO Slammed Over Cyberattack The New York Times
- UnitedHealth CEO tells lawmakers the company paid hackers a $22 million ransom CNBC
- Oversight and Investigations Subcommittee Hearing: “Examining the Change Healthcare Cyberattack” Energy and Commerce Committee
- U.S. lawmakers slam UnitedHealth’s cybersecurity, call the company ‘a monopoly on steroids’ Star Tribune
- Hacking America’s Health Care: Assessing the Change Healthcare Cyber Attack and What’s Next | The United States Senate Committee on Finance Hearing | Hearings | The United States Senate Committee on Finance
Tag Archives: Cyberattack
A type of cyberattack that could set your smartphone on fire using its wireless charger – Tech Xplore
- A type of cyberattack that could set your smartphone on fire using its wireless charger Tech Xplore
- Researchers have figured out how to hack a wireless charger to fry your phone and heat objects around it to 280°C, so that’s just wonderful PC Gamer
- VoltSchemer attacks use wireless chargers to inject voice commands, fry phones BleepingComputer
- The VoltSchemer Charger Attack Can Fry Your Phone, Credit Cards, Passport, and Even Whisper to Siri Hackster.io
- Researchers Devise ‘VoltSchemer’ Attacks Targeting Wireless Chargers SecurityWeek
Fidelity National Financial Takes Down Systems Following Cyberattack – SecurityWeek
- Fidelity National Financial Takes Down Systems Following Cyberattack SecurityWeek
- Ransomware ‘catastrophe’ at Fidelity National Financial causes panic with homeowners and buyers TechCrunch
- Hack at major title company scrambles real estate closings Crain’s Chicago Business
- Notorious ransomware gang takes credit for cyberattack on Fidelity National Financial The Record from Recorded Future News
- “Cybersecurity Incident” at Fidelity National Financial Raises Data Breach Concerns JD Supra
- View Full Coverage on Google News
LAUSD hack: Criminal group releases sensitive data after district refuses to pay ransom
LOS ANGELES (KABC) — Hackers have released data stolen in a cyberattack against the Los Angeles Unified School District, Superintendent Alberto Carvalho confirmed Sunday.
“Unfortunately, as expected, data was recently released by a criminal organization,” Carvalho said in a statement. “In partnership with law enforcement, our experts are analyzing the full extent of this data release.”
The data was released Saturday — two days before a deadline previously given by the hackers — after Carvalho’s stated refusal to pay ransom to an international hacking syndicate.
The group claiming responsibility for the cyberattack had previously set a Monday deadline for the district pay a ransom to the organization.
In a dark web post detected and reprinted by Brett Callow of the cybersecurity firm Emsisoft, the hacking syndicate Vice Society listed the LAUSD as one of “our partners,” and stated, “The papers will be published by London time on October 4, 2022 at 12:00 a.m.”
The post did not give any indication about what information had been obtained or what would be published.
Carvalho previously acknowledged that the district received a ransom demand from the group responsible for the Labor Day weekend hack — which he declined to name.
“We can acknowledge … that there has been communication from this actor (hacker) and we have been responsive without engaging in any type of negotiations,” he told reporters. “With that said, we can acknowledge at this point … that a financial demand has been made by this entity. We have not responded to that demand.”
He did not provide specifics about the demand.
Carvalho told the Los Angeles Times on Friday that the district would not pay the ransom demand or negotiate with the hackers.
“What I can tell you is that the demand — any demand — would be absurd,” he told the Times. “But this level of demand was, quite frankly, insulting. And we’re not about to enter into negotiations with that type of entity.”
A hotline will be available starting Monday at 6:00 a.m.
“This hotline will assist those from our school communities who may have questions or need additional support,” Carvalho said.
The telephone number for the incident response hotline is (855) 926-1129. Hours of operation will be 6:00 a.m. to 3:30 p.m., Monday through Friday, excluding major U.S. holidays.
City News Service contributed to this report.
Copyright © 2022 KABC Television, LLC. All rights reserved.
FBI director Christopher Wray blames Iran for ‘despicable’ attempted cyberattack on Boston Children’s Hospital
The FBI was able to help thwart the hackers before they did damage to the hospital’s computer network, according to Wray, but he cited it as an example of the potential high-impact hacking threats that the US faces from the governments of Iran, Russia, China and North Korea.
“We cannot let up on China or Iran or criminal syndicates while we’re focused on Russia,” Wray said in a speech at Boston College.
The hack, which took place in June 2021, saw the attackers exploit popular software made by California-based firm Fortinet to control the hospital’s computer network, according to US officials.
Boston Children’s Hospital is a more than 400-bed facility and is considered one of the premier pediatric centers in the US.
The FBI got a tip about the Iranian hackers from a “valued partner within the intelligence community,” and the activity was thwarted before it was clear what the hackers’ end goal on the hospital’s network was, according to Joseph Bonavolonta, the special agent in charge of the FBI’s Boston Field Office.
“There was no ransomware deployed,” Bonavolonta told reporters Wednesday, “and we were able to work with [the hospital] ahead of time to mitigate any of the other potential associated threats to the network.”
Wray had previously said in March that the Iranian government-linked hackers were behind a cyberattack on a children’s hospital, but he didn’t name the hospital.
“Thanks to the FBI and our Boston Children’s Hospital staff working so closely together, we proactively thwarted the threat to our network.” Kristen Dattoli, a spokesperson for the hospital, said in a statement.
CNN has requested comment from Iran’s Permanent Mission to the United Nations.
Ransomware and other hacking threats have stalked the health care system for years — and appear to have gotten worse during the coronavirus pandemic.
There were 134 publicly reported ransomware incidents involving health care organizations in 2021, up from 106 incidents in 2020, according to threat-intelligence firm Recorded Future.
The Boston Children’s Hospital incident was one of several that prompted a public warning last November from the FBI and other agencies that Iranian government-backed hackers were targeting a range of organizations across the transportation and health care sectors.
The advisory was a rare case of the US government publicly linking Iran with ransomware, which is typically used by cybercriminals rather than governments. But US officials and private analysts have long warned of collusion between foreign governments and criminal hacking groups.
When it comes to potential Russian hacking threats to the US, the FBI has been on a “combat tempo,” with a 24/7 command post, during the Kremlin’s war in Ukraine, Wray added.
“We’ve seen the Russian government taking specific preparatory steps towards potential destructive [cyber]attacks, both here and abroad,” he added.
Such a “destructive” hack — in which data or systems are destroyed — hasn’t been reported in the US since Russia’s invasion of Ukraine. But suspected Russian hackers have conducted a slew of destructive hacks in Ukraine, and US officials are warning businesses to not let their guard down.
The same network access gained by Russian operatives to collect intelligence could be used for a destructive hack, Wray warned. “That’s why, when it comes to Russia today, we’re focused on acting as early — as far ‘left of boom,’ as they say — as we can.”
“We’re watching for their cyber activities to become more destructive as the war keeps going poorly for them,” Wray said Wednesday.
FBI advised that hackers scanned networks of 5 US energy firms ahead of Biden’s Russia cyberattack warning
The FBI issued the notice days before President Joe Biden publicly warned that Kremlin-linked hackers could target US organizations as the Russian military continues to suffer heavy losses in Ukraine and as Western sanctions on the Kremlin begin to bite.
Deputy national security adviser Anne Neuberger said during Monday’s White House briefing that Russia had been conducting “preparatory activity” for cyber attacks, which she said could include scanning websites and hunting for software vulnerabilities.”
There are at least 18 US companies in other sectors, such as defense and financial services that were subjected to the scanning, the FBI said.
There are no confirmed breaches related to the scanning, but the FBI advisory is the latest in a chorus of warnings from US officials to critical infrastructure operators to be on alert for potential Russian hacking. “The magnitude of Russia’s cyber capacity is fairly consequential and it’s coming,” Biden told business executives on Monday.
The Russia-based Internet Protocol addresses, or data that identifies a computer, are “believed to be associated with cyber actors who previously conducted destructive cyber activity against foreign critical infrastructure,” the FBI said in its advisory.
“This scanning activity has increased since the start of the Russia/Ukraine conflict, leading to a greater possibility of future intrusions,” the FBI memo states.
CBS News first reported on the FBI advisory.
For months, the US departments of Energy, Treasury and Homeland Security, among others, have briefed big electric utilities and banks on Russian hacking capabilities, and urged businesses to lower their thresholds for reporting suspicious activity.
CNN reported on February 2 that a foreign hacking group had probed the computer networks of US electric utilities that operate liquefied natural gas facilities.
The hacking group developed tools used in an incident that forced a Saudi petrochemical plant to shut down in 2017, according to cybersecurity researchers. The Treasury Department in 2020 sanctioned a Russian government institute for its alleged involvement in that incident.
It was not immediately clear if the FBI was referring to that same hacking group in its recent advisory. An FBI spokesperson did not immediately return a request for comment.
Nvidia confirms it’s investigating an ‘incident,’ reportedly a cyberattack
Nvidia is confirming to The Verge, Bloomberg, Reuters, and others that it’s investigating an “incident” — hours after The Telegraph reported that the graphics chipmaking giant had experienced a devastating cyberattack that “completely compromised” the company’s internal systems over the past two days.
“We are investigating an incident. Our business and commercial activities continue uninterrupted. We are still working to evaluate the nature and scope of the event and don’t have any additional information to share at this time,” reads a statement via Nvidia spokesman Hector Marinez.
Even The Telegraph’s sources aren’t suggesting that Nvidia has necessarily had any data stolen or deleted, and there’s no current suggestion that the “incident” might be linked to Russia’s invasion of Ukraine, though cyberattacks have been part of the offensive, and internet infrastructure has also been a target there.
Bloomberg is now reporting it was a minor ransomware attack, citing a “person familiar with the incident.”
[ALERT] LAPSUS ransomware gang leaked the credentials of NVIDIA employees. And announced that it would soon release 1TB of stolen data. pic.twitter.com/0WVb7G88So
— DarkTracer : DarkWeb Criminal Intelligence (@darktracer_int) February 26, 2022
Early Saturday morning, the dark web intelligence firm DarkTracer tweeted that Lapsus$, a ransomware gang recently linked to an attack on Portugal’s largest TV channel, has claimed responsibility, leaking what it says are the password hashes for Nvidia employees, and indicating it has other data including source code and information related to RTX GPUs. Soufiane Tahiri posted a later message from the group to Twitter, where they claimed the company tried to delete their data in a virtual machine via the VPN and device management platform it uses. They apparently claim to still have a backup of the data that they are threatening to leak. There’s still no indication publicly that this is incident is tied to Russia’s invasion.
If a US-based company like Nvidia had been targeted, though, it could provoke retaliation from the United States. “If Russia pursues cyberattacks against our companies, our critical infrastructure, we’re prepared to respond,” President Biden said during his Thursday address.
While the alleged attack reportedly knocked out Nvidia’s email, we did receive Nvidia’s statement today from an Nvidia email address.
Nvidia also mysteriously asked press late Wednesday evening to push back a minor announcement that would have arrived on Thursday, without providing an explanation. That timing lines up with when The Telegraph reports that Nvidia’s systems were compromised.
Update, 5:47PM ET: Added that Bloomberg is now citing a source that the “incident” was a ransomware attack.
Update, February 26th, 6:37ET: Added information about Lapsus$ Group claiming to be responsible for the ransomware attack.
Chipmaker Nvidia investigates potential cyberattack
The logo of Nvidia Corporation is seen during the annual Computex computer exhibition in Taipei, Taiwan May 30, 2017. REUTERS/Tyrone Siu/File Photo
Register now for FREE unlimited access to Reuters.com
Register
Feb 25 (Reuters) – U.S chipmaker Nvidia Corp (NVDA.O) said on Friday it was investigating a potential cyberattack, following a news report that said the attack may have had taken parts of its business offline for two days.
A malicious network intrusion caused outages in Nvidia’s email systems and developer tools over the last two days, the Telegraph reported earlier on Friday, but said it was unclear if any data was stolen or deleted.
“We are investigating an incident. Our business and commercial activities continue uninterrupted,” Nvidia said in a statement.
Register now for FREE unlimited access to Reuters.com
Register
“We are still working to evaluate the nature and scope of the event and don’t have any additional information to share at this time.”
Shares of the company pared gains to trade down 0.7% in late-afternoon trading.
At a market cap of nearly $600 billion, Nvidia is the most valuable chipmaker in the United States. It is known for its graphics processing units (GPU) that enhance videogaming experiences and advanced computer simulations.
Register now for FREE unlimited access to Reuters.com
Register
Reporting by Eva Mathews in Bengaluru; Editing by Shinjini Ganguli
Our Standards: The Thomson Reuters Trust Principles.
Ukraine cyberattack is largest of its kind in country’s history, says official
Speaking at a press conference Wednesday, Ukrainian Minister of Digital Transformation of Ukraine Mykhailo Fedorov added that it is too early to tell who was responsible for the attack.
The so-called distributed denial of service (DDoS) attack — which bombarded Ukrainian websites with phony traffic — was coordinated and well planned, officials said.
DDoS attacks often disrupt access to IT systems, but their impact can be more psychological rather than having any direct effect on a country’s critical infrastructure.
While down for parts of Tuesday, the websites of Ukraine’s Ministry of Defense and Armed Forces, and those of two prominent banks, were back up Wednesday, according to CNN journalists in Ukraine. The DDoS attack, however, is ongoing, Ukrainian officials said.
The incident comes as Russia has massed an estimated 150,000 troops close to Ukraine’s border, according to US President Joe Biden, and as US officials warn that a fresh Russian invasion could come at any time. Russia has denied it is planning to invade Ukraine.
The US government is investigating the cyberattack on Ukrainian websites, a top State Department official said Wednesday, while suggesting that Russia has a history of carrying out such hacks.
“But who is best at this, who uses this weapon all around the world? Obviously, the Kremlin,” Undersecretary of State Toria Nuland said on CBS This Morning.
“While we’re still investigating and doing forensics along with the Ukrainians, I think what’s most important is that these cyberattacks were not very successful,” Nuland said. She credited Ukrainian officials for responding quickly and helping the websites recover.
Internet traffic hitting Ukrainian websites during the DDoS attack was “three orders of magnitude more than regularly observed traffic,” according to data collected by cybersecurity firm CrowdStrike.
Ninety-nine percent of the traffic involved a type of digital request to computer servers, “indicating the attackers were attempting to overwhelm Ukrainian servers,” said Adam Meyers, CrowdStrike’s senior vice president of intelligence.
A Ukrainian intelligence report recently obtained by CNN pointed to Russia’s effort to destabilize “Ukraine’s internal situation by using economic, energy, information, cyber, social, ethnic, and other tools.”
Ukraine has concluded that Russia and Belarus were responsible for a separate cyberattack that hit government websites last month.
“As a result of a massive hacker attack on the night of January 14, 2022, the web pages of the Government of Ukraine” were shut down. The attacks were carried out by a group affiliated with the Russian and Belarusian special services,” the Ukrainian intelligence report said.
Similarities in the infrastructure used in Tuesday’s DDoS attack and the one last month suggest the incidents could be connected, Ukrainian officials said Wednesday.
In mid-January scores of Ukrainian government websites were targeted in a cyberattack with threatening text warning Ukrainians to “be afraid and wait for the worst,” and alleging their personal information had been hacked.
Ukraine claimed Russia was most likely behind the attack, which affected the websites of the Ministry of Foreign Affairs and a number of other government agencies.
CNN’s Jennifer Hansler and Kylie Atwood contributed to this report.
European, U.S. regulators tell banks to prepare for Russian cyberattack threat
FRANKFURT/LONDON, Feb 9 (Reuters) – The European Central Bank is preparing banks for a possible Russian-sponsored cyber attack as tensions with Ukraine mount, two people with knowledge of the matter said, as the region braces for the financial fallout of any conflict.
The stand-off between Russia and Ukraine has rattled Europe’s political and business leaders, who fear an invasion that would inflict damage on the entire region.
Earlier this week, French President Emmanuel Macron shuttled from Moscow to Kyiv in a bid to act as a mediator after Russia massed troops near Ukraine.
Register now for FREE unlimited access to Reuters.com
Register
Now the European Central Bank, led by former French minister Christine Lagarde and which has oversight of Europe’s biggest lenders, is on alert for the threat of cyber attacks on banks launched from Russia, the people said.
While the regulator had been focused on ordinary scams that boomed during the pandemic, the Ukraine crisis has diverted its attention to cyber attacks launched from Russia, said one of the people, adding that the ECB has questioned banks about their defences.
Banks were conducting cyber war games to test their ability to fend off an attack, the person said.
The ECB, which has singled out addressing cybersecurity vulnerability as one of its priorities, declined to comment.
Its concerns are mirrored around the world.
The New York Department of Financial Services issued an alert to financial institutions in late January, warning of retaliatory cyber attacks should Russia invade Ukraine and trigger U.S. sanctions, according to Thomson Reuters’ Regulatory Intelligence.
HIGH ALERT
The United States, the European Union and Britain have repeatedly warned Putin against attacking Ukraine after Russia deployed around 100,000 troops near the border with its former Soviet neighbour.
Earlier this year, multiple Ukrainian websites were hit by a cyber strike that left a warning to “be afraid and expect the worst”, as Russia had amassed troops near Ukraine’s borders.
Ukraine’s state security service SBU said it saw signs the attack was linked to hacker groups associated with Russian intelligence services.
Russian officials say the West is gripped by Russophobia and has no right to lecture Moscow on how to act after it expanded the NATO military alliance eastwards since the 1991 fall of the Soviet Union.
The Kremlin has also repeatedly denied the Russian state has anything to do with hacking around the world and said it is ready to cooperate with the United States and others to crack down on cyber crime.
Nonetheless, regulators in Europe are on high alert.
Britain’s National Cyber Security Centre warned large organisations to bolster their cyber security resilience amid the deepening tensions over Ukraine.
On Tuesday, Mark Branson, the head of German supervisor BaFin, told an online conference that cyberwarfare was interconnected with geopolitics and security.
The White House has also blamed Russia for the devastating ‘NotPetya’ cyber attack in 2017, when a virus crippled parts of Ukraine’s infrastructure, taking down thousands of computers in dozens of countries.
The vulnerability was underscored again last year, when one of the globe’s largest-yet hacking campaigns used a U.S. tech company as a springboard to compromise a raft of U.S. government agencies, an attack the White House blamed on Russia’s foreign intelligence services.
The attack breached software made by SolarWinds Corp, giving hackers access to thousands of companies using its products, rippling through Europe, where Denmark’s central bank said that the country’s “financial infrastructure” had been hit.
Some, however, believe the Ukraine crisis has been blown out of proportion. Ukrainian President Volodymyr Zelenskiy accused Washington and media of fuelling panic.
Register now for FREE unlimited access to Reuters.com
Register
Writing By John O’Donnell; additional reporting by Pete Schroeder in Washington, Tom Sims in Frankfurt and Stine Jacobsen in Copenhagen
Our Standards: The Thomson Reuters Trust Principles.