Critical incident declared as ransomware attack disrupts multiple London hospitals 

Operations have been cancelled at several of London’s largest hospitals, and a critical incident emergency status declared, following a ransomware attack on a third-party provider leaving healthcare professionals without access to pathology services. 

The attack, which was detected on Monday, impacted a company called Synnovis that provides pathology services, such as blood tests for transfusions, to a number of healthcare organizations, according to reports and internal emails published on social media. 

Source:https://therecord.media/london-hospitals-ransomware-attack-critical-incident-declared?utm_medium=email&_hsenc=p2ANqtz-_rOIdYAf5ItVsdw6z3MgTz77bLeXSf9gOsF1bT-o5fqpyw-sc4rpwxblsRCuyDM6URba2zTIgZx8o9_KoZsXLg9tWp6g&_hsmi=310135116&utm_content=310135716&utm_source=hs_email 


Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs 

Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform. 
Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform. 

Source: https://thehackernews.com/2024/06/celebrity-tiktok-accounts-compromised.html 


Snowflake Breach: Threat Actor Offers Data of Cloud Company’s Customers 

In recent weeks, Snowflake, a leading cloud-based data storage and analytics provider, has found itself at the center of a cybersecurity controversy. Reports of the Snowflake breach have emerged suggesting unauthorized access to its systems, which may have compromised sensitive data belonging to multiple high-profile clients, including Santander Bank and Ticketmaster. 

The alleged breach of Santander Bank through the Snowflake incident reportedly affects 30 million customers. Meanwhile, the Ticketmaster breach is said to potentially impact 560 million customers. 

Source: Overview of the Snowflake Breach: Threat Actor Offers Data of Cloud Company’s Customers – SOCRadar® Cyber Intelligence Inc. 

Paris Olympics fertile ground for nation-state hackers, researchers warn 

This summer’s Olympic Games in Paris could be an attractive target for hackers from Russia, China and Iran pursuing political goals, researchers are warning. Observers are already seeing an increase in influence campaigns ahead of the games — primarily conducted by Russia — but also foresee other sorts of activity, including espionage, ransomware and, with less likelihood, disruptive operations. 

Companies involved in the event will be under significant pressure to maintain uninterrupted service and less prone to tolerate any downtime of core infrastructure. Ransomware actors could use this to their advantage to extort high ransom payments from local businesses. Researchers also suggest that it is most likely that hackers will direct their attacks on organizations supporting the Olympics.  

Source:https://therecord.media/paris-olympics-cyberattacks-researchers-warn?utm_medium=email&_hsenc=p2ANqtz-8p3IlxM_jdf2aEYnWcZGsWbBxa_xTmhAFnNgTHhKlqZrrGQ903kwWeaX1xXDxksTwkpIEFrRvK69cKlpFCX8Viv2k_Zw&_hsmi=310135116&utm_content=310135716&utm_source=hs_email 


Waterford based call centre under cyber attack 

A Waterford-based call centre has been subjected to a cyber attack leading to some restrictions on services. Rigney Dolphin supplies third-party call centre services to the HSE. 

The most significant impact for the HSE was that members of the public who called our National Medical Card helpline last week experienced long delays. On a precautionary basis, a number of IT and network systems were shut down. 

Source: Waterford based call centre under cyber attack | WLRFM.com 

Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan

Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called Decoy Dog. Cybersecurity company Positive Technologies is tracking the activity cluster under the name Operation Lahat, attributing it to an advanced persistent threat (APT) group called HellHounds. 

HellHounds was first documented by the firm in late November 2023 following the compromise of an unnamed power company with the Decoy Dog trojan. It’s confirmed to have infiltrated 48 victims in Russia to date, including IT companies, governments, space industry firms, and telecom providers. 

Source: https://thehackernews.com/2024/06/russian-power-companies-it-firms-and.html 

School facing ‘critical incident’ after cyber attack 

A school has declared a “significant critical incident” after it was targeted in a cyber-attack. 

This attack has resulted in all of the school IT system being compromised and inaccessible by a complex encryption. 

The incident followed a BBC report which revealed 347 cyber incidents were reported in the education and childcare sector in 2023 – an increase of 55% on 2022. 

Source: The Billericay School faces critical incident after cyber attack (bbc.com) 

DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks 

Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve. 

The updates have been observed in version 6 of DarkGate released in March 2024 by its developer RastaFarEye, who has been selling the program on a subscription basis to as many as 30 customers. The malware has been active since at least 2018. 

Source: DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks (thehackernews.com) 

Cyberattack on telecom giant Frontier claimed by RansomHub 

On Saturday, the RansomHub operation posted Frontier Communications to its leak site claiming to have the sensitive information of more than 2 million people. The group claimed it spent more than two months attempting to extort the company but never got a response.   

The ransomware gang claimed it had access to names, addresses, Social Security numbers, credit scores and more.  

In a ransomware report from security firm Mandiant, researchers said Ransomhub is attempting to “recruit affiliates that have been impacted by recent shutdowns or exit scams” — most notably the law enforcement takedowns of LockBit and AlphV.   

Source: Cyberattack on telecom giant Frontier claimed by RansomHub (therecord.media) 

Germany: Major hack targets center-right CDU party 

Germany’s Interior Ministry has reported a “serious” cyber attack targeting the center-right Christian Democrats (CDU). The news comes barely a week before European Parliament elections. 

That hack also targeted German companies in areas like logistics, defense, aerospace and IT services sectors. The SPD later said that a security vulnerability, not identified at the time, in Microsoft software had enabled the hack. 

Source: Germany: Major hack targets center-right CDU party – DW – 06/01/2024 

Smarttech247