London hospitals hit by ransomware attack

Jun 05 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s the milkshake to Nigel Farrage’s cybercrime 👀🙈😂

Today’s hottest cybersecurity news stories:

  • 🏥 NHS hack attack! London hospitals hit by ransomware attack 💰

  • 🐶 Decoy Dog hounds Russian power, IT Firms, and govt agencies 👨‍💻

  • 🎉 Introducing the next generation of RBI (Remote Browser Isolation) 🏝️

Hackers: Can we hack it? NHS we can… For shame 😡😡😡

🚨 London Hospitals Hit by Major Cyber Attack 💥

Seven London hospitals, including Guy’s, St Thomas’, and King’s College, faced major disruptions after a ransomware attack on Synnovis, a private firm analysing their blood tests. Operations, blood transfusions, and some C-sections had to be cancelled or rescheduled.

🏥 Hospitals Affected

  • Guy’s

  • St Thomas’

  • King’s College

  • Evelina Children’s Hospital

  • Royal Brompton and Harefield

  • Princess Royal Hospital

🔒 Ransomware Attack Details

Hackers locked Synnovis’s IT systems, demanding payment to restore access. This disrupted pathology services, forcing communication via paper and limiting lab functionality.

🩺 Emergency Measures

NHS England enacted “mutual aid” procedures to assist affected hospitals, ensuring some services continued. Despite this, elective operations were moved or cancelled.

👨‍⚕️ Leadership Response

Prof Ian Abbs, GSTT’s chief executive, highlighted the significant impact on services, especially blood transfusions. Synnovis CEO Mark Dollar acknowledged the severity and called the attack a harsh reminder of cybersecurity risks.

⚠️ Ongoing Challenges

Synnovis, along with the National Cyber Security Centre, is working to resolve the issue. This is the third cyber attack on Synnovis's parent company, Synlab, in the past year.

🛡️ Stay Safe Online! 💻

Learn how to scale your GRC program with automation and AI

Spending hours gathering evidence, tracking risk, and answering security questionnaires? Move away from manual work by automating key GRC program needs with Vanta.

  • Automate evidence collection across 21+ frameworks including SOC 2 and ISO 27001 with continuous monitoring

  • Centralize risk and report on program impact to internal teams

  • Create your own Trust Center to proactively manage buyer needs

  • Leverage AI to answer security questionnaires faster

Join Vanta’s webinar on June 11 to learn more about scaling your GRC program with automation and AI.

Register to save your spot.

They got that Decoy Dog in them 💀💀💀

🚨 Russian Targets Hit by "Decoy Dog" Cyber Attacks 🛡️

Russian organisations are under siege from a Windows version of the Decoy Dog malware, according to Positive Technologies. The cyberattack campaign, dubbed Operation Lahat, is attributed to the advanced persistent threat (APT) group HellHounds.

🐾 HellHounds' Tactics

HellHounds infiltrates selected organisations, gaining long-term, undetected access through vulnerable web services and trusted relationships. First identified in November 2023 after compromising a power company, HellHounds have now targeted 48 Russian entities, including IT firms, government bodies, space industry companies, and telecom providers.

🖥️ Decoy Dog Malware

Decoy Dog, a variant of the open-source Pupy RAT, uses DNS tunnelling for command-and-control (C2) communications, moving victims between controllers to evade detection. Initially known to target Linux systems, a Windows version has now been confirmed. The malware's development dates back to November 2019, with active targeting observed since 2021.

🔑 Advanced Techniques

The Windows version of Decoy Dog is delivered via a loader that decrypts the payload using dedicated infrastructure. HellHounds also employ a modified version of the 3snake tool to obtain credentials on Linux hosts. In at least two cases, they gained access through compromised Secure Shell (SSH) login credentials.

🔐 Ongoing Threat

Positive Technologies highlights that HellHounds' toolkit, based on open-source projects, is adeptly modified to bypass malware defences. This allows them to maintain a covert presence within critical Russian organisations, posing a significant and ongoing threat.

RBI’m listening 🙃🙃🙃

🚨 Evolution of Browser Security: From Isolation to Secure Extensions 🛡️

The latest report, "The Next Generation of RBI (Remote Browser Isolation)," highlights the shift from Browser Isolation, once the gold standard for web security, to advanced Secure Browser Extensions. In today's SaaS-centric world, traditional Browser Isolation methods are no longer sufficient.

📉 Limitations of Browser Isolation

Browser Isolation faced challenges like:

Performance Issues: High CPU usage led to slower browsing, impacting productivity.

Inadequate Protection: Ineffective against modern threats like phishing and malicious extensions.

🔒 Emergence of Secure Browser Extensions

Secure Browser Extensions address these issues, providing:

Real-Time Visibility: Continuous monitoring of browsing activities.

Risk Analysis: Identifying and validating malicious actions.

Granular Enforcement: Automatically disabling harmful web components or blocking access.

⚙️ Advanced Features

Seamless Integration: Fits into existing browsers without impacting user experience.

Machine Learning: Analyses web pages in real-time to neutralise threats such as file downloads and credential harvesting.

🚀 Key Advantages Over Browser Isolation

Performance: Minimal CPU impact ensures smooth browsing.

Easy Deployment: Centralised deployment on managed devices and simple installation on unmanaged ones, ideal for all workplace types.

To dive deeper, check out the full report on the evolution of browser security and the benefits of Secure Browser Extensions.

🗞️ Extra, Extra! Read all about it! 🗞️

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • 🛡️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday 📅

  • 💵 Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for 🆓

  • 📈 Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future 👾

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles