InfoSec Round-Up: October 4th 2020

TikTok Ban Blocked, Russian Hackers Sentenced & Ransomware Attacks

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Massive Hospital Ransomware Attack

Healthcare company, Universal Health Services (UHS), which operates over 400 hospitals worldwide, has issued a notice that its IT network has been taken offline, following what many suspect to be a ransomware attack.

The company, whose annual revenue is over $11 billion, has yet to confirm or elaborate details of the outage, stating simply that the IT Network is “currently offline, due to an IT security issue.”

Managing over 400 facilities in the US, Puerto Rico and the UK, UHS is believed to have been struck sometime over the weekend; with numerous employees taking to Reddit, sharing that they have been instructed to ‘keep all computers off’.

The incident swiftly follows this month’s attack against Düsseldorf University Hospital; an attack which is believed to have resulted in the first ransomware fatality, following a patient not receiving critical care.

Reminiscent of the 2017 WannaCry attack against the UK’s National Health Service, an attack which cost the NHS around £92 million, staff have been forced to resort to pen and paper documentation and redirecting ambulances to nearby hospitals.

Trump’s TikTok Ban Blocked

A US federal judge has granted a preliminary injunction against the Trump administration’s ban on the Chinese-owned social media platform just hours prior to it taking effect.

The executive order, which would have become official Sunday, came as a result of fears the app posed a threat to national security. The order stated TikTok’s data collection  “threatens to allow the Chinese Communist Party access to Americans’ personal and proprietary information — potentially allowing China to track the locations of Federal employees and contractors… and conduct corporate espionage.”

Had the reprieve not been granted, it would have required Google and Apple to remove the service from their app stores, though would have not stopped existing TikTok users from accessing the app on their devices.

ByteDance, the Chinese owner of TikTok was ordered to sell its US operations to an American company (most likely Oracle), should it wish to continue inside the market. A proposed deal which, though preliminarily approved, has until November 12^th to be finalised.

With TikTok lawyers labelling the ban as “arbitrary and capricious”, the company has stated it will continue its “dialogue with the government to turn our proposal… into an agreement”.

Russian Hacker Sentenced to Seven Years

Yevgeniy Nikulin, the Russian hacker responsible for the theft of data related to around 117 million LinkedIn, Dropbox and Formspring accounts, has this week been sentenced by a US federal court to 88 months in prison.

Originally arrested in the Czech Republic back in 2016, and extradited to the U.S. in 2018, the 32-year-old hacker’s trial faced several delays, and was originally set to conclude in March of this year.

Charged with nine counts of computer intrusion, aggravated identity theft, trafficking and conspiracy, the hacker targeted several San Francisco companies with malware to steal login credentials, and ultimately gain access to customer data.

Nikulin’s extradition also faced challenges, and though Czech courts ultimately sided with the US, the Russian government also wanted him to stand trial in Moscow for the online theft of around $3,500.

The judge presiding over the case, William Alsup, expressed some sympathy towards Nikulin, stating: “I think you’re a brilliant guy. Very smart… I urge you to apply that brilliance to a lawful profession and do something good with your life other than hacking into computers.”

U.S. Attorney David Anderson noted of the case. “Nikulin’s conviction is a direct threat to would-be hackers, wherever they may be.” Adding, “Computer hacking is not just a crime, it is a direct threat to the security and privacy of Americans.”

Shipping Giant Ransomware Attack

CMA CGM, a French container transportation and shipping company, has after some obfuscation, confirmed that it has been hit with a breach of security, imploring staff in Europe to not use IT equipment.

Infected with ransomware strain Ragnar Locker over the weekend, the company had initially stated that the problem was ‘an internal IT infrastructure issue’, though now admits that it is “currently dealing with a cyber-attack on peripheral servers” and has shut down systems to prevent the spread of the malware.

This attack makes CMA CGM the fourth major company of its kind to have fallen victim to a major cyber incident since 2017.

The demands of the cyber gang were received by the company soon after, requesting the French shipping company to make contact within two days “via live chat and pay for the special decryption key”; though the ransom amount has not been disclosed.

Vice-president of the company Joël Gentil stated of the situation: “We are progressively resuming connectivity... The situation is coming back to normal. It will take a few hours.” Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.