Sunday 12th May 2024

Good morning everyone and a very happy Sunday to you all. Thank you for joining me for today's edition of Cyber Daily. This edition covers everything from healthcare providers to casino operators and even defence contractors, no sector is safe from the prying eyes and malicious attacks of cybercriminals.

Today's edition dives deep into the latest cyber threats and the entities battling to protect sensitive information. Buckle up as we explore the ongoing saga of Black Basta's ransomware havoc, the relentless Scattered Spider gang, and a shocking revelation about the breach at a key UK defence contractor.

US Warns Against Black Basta Ransomware Gang After Ascension Hack

The Black Basta ransomware gang is believed to be behind the recent cyberattack on healthcare provider Ascension. The FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned that the gang, possibly based in Russia, is targeting US critical infrastructure, including healthcare. They reportedly exploit software vulnerabilities, like flaws in the ConnectWise IT management software, and use spear-phishing emails to gain access.

Ascension didn't publicly identify the hackers, but sources briefed on the investigation indicated that Black Basta was involved. This attack echoes February's assault by the ALPHV/Blackcat gang on UnitedHealth Group's subsidiary, which led to severe disruptions and a hefty $22 million ransom.

Steve Hahn of cybersecurity firm BullWall notes that the increased pressure from the FBI on Russian ransomware gangs has provoked more aggressive targeting of US critical infrastructure. Ascension's cyberattack has affected IT systems, including electronic health records, patient communication tools, and the ordering of tests and medications. Some hospitals had to reroute emergency medical services due to the disruptions.

So far, Ascension hasn't confirmed any ransom demands or intentions to pay up. Black Basta has yet to reveal details about the attack on its dark web site.

FBI Pursues Scattered Spider Hackers Over Casino Ransomware Attacks

The FBI is gearing up to charge members of the notorious Scattered Spider hacking group, which has breached over 100 American organisations in the past two years. While based primarily in the US and Western countries, the group has also allied with veteran cybercriminals from Eastern Europe. Their collaboration made headlines after high-profile attacks on MGM Resorts International and Caesars Entertainment, which paid a $15 million ransom to reclaim its systems.

Brett Leatherman, the FBI’s cyber deputy assistant director, highlighted that these hackers are particularly adept at phishing IT helpdesk staff to infiltrate company networks. Despite a temporary lull in January, Scattered Spider is back with renewed aggression, threatening victims and continuing to compromise sensitive data. Google’s Mandiant security arm has helped track the group, noting that their phishing tactics continue to yield successful breaches.

Law enforcement agencies have faced criticism for a lack of arrests, but the FBI is now working closely with private security firms to compile evidence for prosecution. Only one hacker, Noah Urban, has been arrested so far, but Leatherman assured that more charges could be on the horizon. Although some group members are juveniles, the FBI may use local and state laws to bring them to justice swiftly.

UK Defence Contractor SSCL Delays Reporting Hack, Faces Scrutiny

A data breach at Ministry of Defence (MoD) contractor Shared Services Connected Ltd (SSCL) has exposed payroll records of roughly 270,000 current and former military personnel, including their home addresses. Despite the hack being detected in February, the company only informed the MoD in recent days. Defence Secretary Grant Shapps disclosed the breach to MPs on Tuesday, emphasizing that "state involvement" couldn't be ruled out.

While the UK government has not directly named China, intelligence sources believe that Chinese hackers were involved. The National Cyber Security Centre has highlighted China and Russia among state-sponsored actors threatening national infrastructure.

SSCL, owned by the French tech firm Sopra Steria, was awarded a ￡500,000 contract to monitor MoD cybersecurity shortly after the breach was detected. This contract, alongside others involving sensitive government data, is now under review, and officials suspect it may be revoked.

Concerns are mounting over SSCL's lack of transparency and its potential to compromise wider government systems. Shapps ordered a thorough investigation of SSCL's work with the MoD and a broader review across government. Sopra Steria has also been scrutinized for holding sensitive contracts across multiple departments.

The Chinese embassy denies involvement in the attack, urging the UK government to stop spreading "false information." Nevertheless, the investigation continues, as the MoD seeks to uncover how SSCL managed to delay reporting the breach for months.