Jun 05 2024
Welcome to Gone Phishing, your daily cybersecurity newsletter that’s the milkshake to Nigel Farrage’s cybercrime 👀🙈😂
Today’s hottest cybersecurity news stories:
🏥 NHS hack attack! London hospitals hit by ransomware attack 💰
🐶 Decoy Dog hounds Russian power, IT Firms, and govt agencies 👨💻
🎉 Introducing the next generation of RBI (Remote Browser Isolation) 🏝️
Seven London hospitals, including Guy’s, St Thomas’, and King’s College, faced major disruptions after a ransomware attack on Synnovis, a private firm analysing their blood tests. Operations, blood transfusions, and some C-sections had to be cancelled or rescheduled.
🏥 Hospitals Affected
Guy’s
St Thomas’
King’s College
Evelina Children’s Hospital
Royal Brompton and Harefield
Princess Royal Hospital
🔒 Ransomware Attack Details
Hackers locked Synnovis’s IT systems, demanding payment to restore access. This disrupted pathology services, forcing communication via paper and limiting lab functionality.
🩺 Emergency Measures
NHS England enacted “mutual aid” procedures to assist affected hospitals, ensuring some services continued. Despite this, elective operations were moved or cancelled.
👨⚕️ Leadership Response
Prof Ian Abbs, GSTT’s chief executive, highlighted the significant impact on services, especially blood transfusions. Synnovis CEO Mark Dollar acknowledged the severity and called the attack a harsh reminder of cybersecurity risks.
⚠️ Ongoing Challenges
Synnovis, along with the National Cyber Security Centre, is working to resolve the issue. This is the third cyber attack on Synnovis's parent company, Synlab, in the past year.
🛡️ Stay Safe Online! 💻
Spending hours gathering evidence, tracking risk, and answering security questionnaires? Move away from manual work by automating key GRC program needs with Vanta.
Automate evidence collection across 21+ frameworks including SOC 2 and ISO 27001 with continuous monitoring
Centralize risk and report on program impact to internal teams
Create your own Trust Center to proactively manage buyer needs
Leverage AI to answer security questionnaires faster
Join Vanta’s webinar on June 11 to learn more about scaling your GRC program with automation and AI.
Russian organisations are under siege from a Windows version of the Decoy Dog malware, according to Positive Technologies. The cyberattack campaign, dubbed Operation Lahat, is attributed to the advanced persistent threat (APT) group HellHounds.
🐾 HellHounds' Tactics
HellHounds infiltrates selected organisations, gaining long-term, undetected access through vulnerable web services and trusted relationships. First identified in November 2023 after compromising a power company, HellHounds have now targeted 48 Russian entities, including IT firms, government bodies, space industry companies, and telecom providers.
🖥️ Decoy Dog Malware
Decoy Dog, a variant of the open-source Pupy RAT, uses DNS tunnelling for command-and-control (C2) communications, moving victims between controllers to evade detection. Initially known to target Linux systems, a Windows version has now been confirmed. The malware's development dates back to November 2019, with active targeting observed since 2021.
🔑 Advanced Techniques
The Windows version of Decoy Dog is delivered via a loader that decrypts the payload using dedicated infrastructure. HellHounds also employ a modified version of the 3snake tool to obtain credentials on Linux hosts. In at least two cases, they gained access through compromised Secure Shell (SSH) login credentials.
🔐 Ongoing Threat
Positive Technologies highlights that HellHounds' toolkit, based on open-source projects, is adeptly modified to bypass malware defences. This allows them to maintain a covert presence within critical Russian organisations, posing a significant and ongoing threat.
The latest report, "The Next Generation of RBI (Remote Browser Isolation)," highlights the shift from Browser Isolation, once the gold standard for web security, to advanced Secure Browser Extensions. In today's SaaS-centric world, traditional Browser Isolation methods are no longer sufficient.
📉 Limitations of Browser Isolation
Browser Isolation faced challenges like:
Performance Issues: High CPU usage led to slower browsing, impacting productivity.
Inadequate Protection: Ineffective against modern threats like phishing and malicious extensions.
🔒 Emergence of Secure Browser Extensions
Secure Browser Extensions address these issues, providing:
Real-Time Visibility: Continuous monitoring of browsing activities.
Risk Analysis: Identifying and validating malicious actions.
Granular Enforcement: Automatically disabling harmful web components or blocking access.
⚙️ Advanced Features
Seamless Integration: Fits into existing browsers without impacting user experience.
Machine Learning: Analyses web pages in real-time to neutralise threats such as file downloads and credential harvesting.
🚀 Key Advantages Over Browser Isolation
Performance: Minimal CPU impact ensures smooth browsing.
Easy Deployment: Centralised deployment on managed devices and simple installation on unmanaged ones, ideal for all workplace types.
To dive deeper, check out the full report on the evolution of browser security and the benefits of Secure Browser Extensions.
🗞️ Extra, Extra! Read all about it! 🗞️
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
🛡️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday 📅
💵 Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for 🆓
📈 Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future 👾
Let us know what you think.
So long and thanks for reading all the phish!