A growing threat to all organisations

NBC News article about the Ryuk ransomware attack on Universal Health Services

Over the last nine months, there has been a sharp increase in the number of human-operated ransomware attacks. Many organisations have been impacted, from local governments to global corporations. In the height of this global pandemic, not even the healthcare sector has been spared, with recent attacks on a major US hospital system and a health tech company.

With eye-watering amounts of money being paid in ransoms to criminals, some as high as seven-figures, the number of these attacks is only going to rise. …

The last month of human-operated ransomware attacks

A lot has happened since last month when I last wrote about the growing threat of human-operated ransomware attacks. The US Government warned of an imminent threat to hospitals, more organisations fell victim and attackers continued to innovate.

Understanding how these attacks work is crucial to defending against them. So to help, here’s a summary of what happened:

Ransomware operators targeted hospitals, in a continued disregard for human life. Almost two dozen United States hospitals and health care organisations were struck by ransomware attacks. A new height in aggression by attackers in the middle of a global pandemic, with hospitals…

APT29 Cozy Bear
APT29 Cozy Bear

On Thursday 16 July 2020, the NCSC released an advisory on how Russian cyber actors are targeting organisations involved in COVID-19 vaccine development.

The advisory details four activities APT29 are carrying out as part of this ongoing campaign, focusing on the initial stages of a cyber attack:

  • Exploiting vulnerabilities in Internet-facing systems to obtain authentication credentials;
  • Spearphishing employees to obtain authentication credentials;
  • Using legitimate credentials to maintain access to systems and applications; and,
  • Deploying custom malware to systems to conduct further actions.

In this blog, I outline the tactical actions organisations should consider taking to defend against each of these…

Will Oram

Hi, my name is Will. I’m a cyber security consultant living in London. I help companies defend against cyber attacks. Opinions my own. Read more willoram.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store