7 June 2024

6 min read

Qilin ransomware attack on NHS provider | Cyber Intelligence Briefing: 7 June

June 2024
Qilin ransomware attack on NHS provider | Cyber Intelligence Briefing: 7 June placeholder thumbnail

Top news stories this week

  1. State of emergency. Qilin ransomware attack on NHS provider Synnovis causes major disruption.
  2. The blame game. Cloud provider Snowflake connected to Ticketmaster and Santander breaches.
  3. Check your DMs. TikTok zero-day vulnerability used to compromise high-profile accounts.
  4. Medi-disaster. Medibank facing fine for data privacy breach; Medisecure goes into administration weeks after ransomware attack.  
  5. Muddy the waters. Rare earth mineral firm Northern Minerals impacted by BianLian ransomware attack.
  6. Red notice. Four detained after NCA and FBI uncover cyber corruption scheme. 

1. Ransomware attack on NHS provider causes major disruption at London hospitals

The Qilin ransomware group has been blamed for a ransomware attack causing significant disruption to several NHS hospitals and primary care providers in London. All non-urgent cases requiring pathology services have been postponed, and some patients have been rerouted to alternative hospitals following the attack on pathology services provider Synnovis.

So What?

While there has been a notable increase in ransomware attacks on the healthcare sector in recent years, threat actors are opportunistic and target the easiest victims. Healthcare and other critical infrastructure should urgently invest in their cyber security defences to avoid falling victim.

[Researcher: Aditya Ganjam Mahesh] 


2. Ticketmaster and Santander data breaches linked to Snowflake cloud storage

Recent data breaches at Santander and Ticketmaster have been linked to a lack of multi-factor authentication (MFA) on accounts with the cloud storage provider Snowflake. Snowflake has denied responsibility for the breaches, and has urged customers to enable MFA and review user activity. .

So what?

Using cloud providers can reduce an organisations’ attack surface, but security is still a shared responsibility and it is essential that customers take necessary steps, such as enforcing MFA, to prevent unauthorised access.

[Researcher: Adelaide Parker]


3. TikTok zero-day leads to compromise of high-profile accounts
  

TikTok has confirmed a software vulnerability in its direct messaging feature led to the takeover of a number of high profile accounts, including news platform CNN. The exploit, which TikTok has now fixed, only required the victim to open a malicious message for the account to be taken over..

So what?

Zero-day attacks can be extremely damaging. There are no known fixes for them at the time of discovery so they cannot be prevented until a patch is released.

[Researcher: Blanche MacArthur]


4. Health Insurance giant Medibank could face AUD 22 trillion fine; MediSecure goes into administration following cyber attack

Medibank is being sued by the Australian Information Commissioner over a 2022 data breach that exposed the personal information of 9.7 million Australians. The Commissioner alleges Medibank failed to protect customer data, which could see the company face fines exceeding AUD21 trillion.

Separately, eScript provider MediSecure has gone into administration, shortly after confirming it was the victim of a large-scale ransomware data breach in May.

So what?

Cyber attacks can have crippling financial costs and lead to significant impacts on business operations. Strong data protection measures are a must for businesses. 

[Researcher: Amy Gregan]


5. Rare earth mineral firm Northern Minerals impacted by BianLian ransomware attack 

Australian rare earth mineral firm, Northern Minerals, has confirmed it was the victim of a ransomware attack after having its data leaked by ransomware group BianLian. The announcement that five China-linked investors must sell their shares in the company shortly after said leak, has led some outlets to speculate whether the attack may be politically motivated.

SO WHAT? 

Understanding your adversary’s motivations through the use of cyber threat intelligence is crucial to responding effectively to a cyber incident.

[Researcher: David Broome]


6. Four detained in Moldova after NCA and FBI uncover Red Notice cyber corruption scheme

Moldovan authorities have detained four individuals who allegedly paid bribes to public officials in Moldova to undermine an important Interpol tool. The individuals paid bribes to get Red Notices, international arrest warrants issued by Interpol, blocked and deleted for cyber criminals. The arrests were part of an international law enforcement operation with the UK National Crime Agency and the FBI.  

So what?

The bribery scheme shows cyber criminals closely monitor law enforcement activities and are wary of travel bans and Red Notices. 

[Researcher: Waithera Junghae]


SUBSCRIBE TO RECEIVE OUR WEEKLY CYBER THREAT INTELLIGENCE BRIEFING VIA EMAIL

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Editors

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.