Top news stories this week
- Law abiding. OFSI confirms there have been no reported breaches of UK cyber sanctions.
- At sixes and sevens. Change Healthcare faces class-action lawsuits following data breach.
- Locked up. LockBit affiliate Mikhail Vasiliev sentenced to prison in Canada.
- Critical damage. Leicester City Council and Scottish Health Board hit by cyber attacks.
- Open vacancy. Major data breach at French unemployment agency exposes decades of personal information.
- Patch alert. Microsoft, Cisco and QNAP Systems roll out security patches for their products.
Listen to the Cyber Intelligence Briefing
 |
 |
 |
 |
1. OFSI confirms no detected breaches of UK cyber sanctions
Prompted by a freedom of information request, the UK’s Office of Financial Sanctions Implementation (OFSI) has confirmed that there have been no detected breaches of UK cyber sanctions. Since February 2023, the UK has sanctioned over a dozen individuals associated with the now defunct Conti and Ryuk ransomware gangs.
So what?
The main aim of these sanctions is to make it more difficult for cyber criminals to monetise ransomware attacks, rather than to penalise victims.
[Researcher: David Broome]
2. Change Healthcare hit by data breach lawsuits
Change Healthcare Inc., the largest healthcare payment processor in North America, is facing six class-action lawsuits following a February 2024 data breach. The breach affected millions of consumers' confidential health and personal data. The lawsuits argue that Change Healthcare failed to establish necessary cyber security measures to prevent the incident.
So what?
Cyber security measures play a significant role in determining the extent of fines following a data breach. Companies that do not implement adequate security protections risk substantial financial penalties.
[Researcher: Ineta Simkunaite]
3. Former LockBit ransomware affiliate sentenced to prison in Canada
A Canadian court sentenced Mikhail Vasiliev, a Canadian-Russian dual national, to almost four years in prison for charges relating to LockBit ransomware attacks on three Canadian companies. Vasiliev has also been ordered to pay CAD 860,000 in restitution to his victims and faces further charges from the US Department of Justice.
So what?
Vasiliev’s conviction represents an infrequent opportunity for law enforcement as many cyber criminals operate outside the reach of Western law enforcement.
[Researcher: Amy Gregan]
4. Scottish Health Board and Leicester City Council targeted by cyber attacks
NHS Dumfries and Galloway, which oversee 11 Scottish hospitals, has been targeted by a suspected ransomware attack, warning that a significant amount of confidential data may have been accessed by the hackers.
Separately, Leicester City Council has warned of significant service disruptions after it took IT systems and service phone lines offline to contain a cyber attack.
So what?
Cyber attacks on critical infrastructure can cause significant disruption. Organisations should prepare for their worst case scenario by documenting and testing business continuity and disaster recovery plans.
[Researcher: Amy Gregan]
5. Hackers exfiltrate data relating to millions of French job seekers
Hackers have compromised a database belonging to the French government unemployment agency France Travail, potentially impacting 43 million individuals. France Travail detected the attack after observing suspicious queries on a database. The breach includes details such as social security numbers, addresses, and places of birth.
So what?
Organisations should secure sensitive databases and monitor queries to help identify potentially malicious activity as early as possible.
[Researcher: Adelaide Parker]
6. Time to patch
Microsoft has addressed 60 vulnerabilities in its latest edition of Patch Tuesday, highlighting two critical flaws within Hyper-V, its virtual infrastructure.
Separately, Cisco and QNAP Systems have released patches for high-severity flaws in its Secure Client VPN software and network-attached storage (NAS) devices respectively, which could lead to unauthorised access.
None of the identified vulnerabilities have been observed being exploited in the wild.
So what?
Organisations should remediate known vulnerabilities as soon as possible to minimise the risk of a security incident.
[Researcher: Ineta Simkunaite]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
