Tag: chains

02
Oct
2020
Posted in technology

Vulnerable supply chains introduce increasingly interconnected attack surfaces

Accenture Security lists five other “extreme but plausible threat scenarios in financial services” in a new report.

financial graphs background

Image: lucadp, Getty Images/iStockphoto

Financial institutions have interdependent supply chains that offer a “broad, target-rich attack surface that adversaries can undermine,” a new report from Accenture warns. The firm listed it as the latest security trend gaining significance.

The six threats identified by Accenture are:

  • Supply chains, which introduce increasingly interconnected attack surfaces
  • Credential and identity theft, which continue to accelerate
  • Data theft and data manipulation, which stem from new vulnerabilities and cybercriminal behaviors
  • Emerging technologies, especially deepfakes and 5G, advance cyberthreats
  • Destructive and disruptive malware attacks, which spur multiparty and cross-sector targeting
  • Misinformation that is shaking trust in retail and government-backed banks

Attackers have been conducting supply chain attacks for years, the Accenture report noted. “However, supply chain threats to financial institutions in the past year have primarily involved technology service providers (TSPs), including managed service providers (MSPs) and cloud service providers (CSPs).”

SEE: 
Credential stuffing attacks on global media companies are spiking

 (TechRepublic)   

Core financial TSPs and IT service providers have been affected by ransomware incidents, which has disrupted services for some of their financial institution clients, the report said.

Cloud misconfigurations

The COVID-19 pandemic has rapidly increased the shift from an enterprise infrastructure to a virtual and cloud environment to support remote workforces.

The firm is predicting that adversaries will exploit vulnerabilities across each of the core service categories of cloud—SaaS (software as-a-service), PaaS (platform as-a-service), and IaaS (infrastructure as-a-service).

“These layers often sit on top of one another, chaining together potentially vulnerable environments supporting critical business functions,” the report said. “Protections need to exist both within each layer and holistically to thwart exploitation.”

As cloud proliferates, one of the biggest challenges to securing cloud platforms has been misconfigurations, Accenture

29
Sep
2020
Posted in computer

Cyberattack Hobbles Major Hospital Chain’s US Facilities | Washington, D.C. News

By FRANK BAJAK and RICARDO ALONSO-ZALDIVAR, Associated Press

WASHINGTON (AP) — A computer outage at a major hospital chain thrust healthcare facilities across the U.S. into chaos Monday, with treatment impeded as doctors and nurses already burdened by the coronavirus pandemic were forced to rely on paper backup systems.

Universal Health Services Inc., which operates more than 250 hospitals and other clinical facilities in the U.S., blamed the outage on an unspecified IT “security issue” in a statement posted to its website Monday but provided no details about the incident, such as how many facilities were affected and whether patients had to be diverted to other hospitals.

UHS workers reached by The Associated Press at company facilities in Texas and Washington, D.C. described mad scrambles after the outage began overnight Sunday to render care, including longer emergency room waits and anxiety over determining which patients might be infected with the virus that causes COVID-19.

The Fortune 500 company, with 90,000 employees, said “patient care continues to be delivered safely and effectively” and no patient or employee data appeared to have been “accessed, copied or misused.” The King of Prussia, Pennsylvania, company also has hospitals in the United Kingdom, but its operations in that country were not affected, a spokeswoman said Monday night.

John Riggi, senior cybersecurity adviser to the American Hospital Association, called it a “suspected ransomware attack,” affirming reporting on the social media site Reddit by people identifying themselves as UHS employees. BleepingComputer, an online cybersecurity news site, spoke to UHS employees who described ransomware with the characteristics of Ryuk, which has been widely linked to Russian cybercriminals and used against large enterprises.

Criminals have been increasingly targeting health care institutions with ransomware during the pandemic, infecting networks with malicious code that scrambles data. To unlock it, they demand

29
Sep
2020
Posted in computer

Cyberattack hobbles major hospital chain’s US facilities



FILE - In this March 14, 2014, file photo, a representative of GCHQ points to a screen showing all the teams progress in completing the task during a mock cyberattack scenario with teams of amateur computer experts taking part and trying to fight this simulated attack in London. Computer systems across a major hospital chain operating in the U.S. and Britain were down Monday, Sept. 28, 2020, due to what the company termed an unspecified technology “security issue.” Universal Health Services Inc., which operates more than 400 hospitals and other clinical care facilities, said in a short statement p osted to its website Monday that its network was offline and doctors and nurses were resorting to “back-up processes” including paper records. (AP Photo/Alastair Grant, File)


© Provided by Associated Press
FILE – In this March 14, 2014, file photo, a representative of GCHQ points to a screen showing all the teams progress in completing the task during a mock cyberattack scenario with teams of amateur computer experts taking part and trying to fight this simulated attack in London. Computer systems across a major hospital chain operating in the U.S. and Britain were down Monday, Sept. 28, 2020, due to what the company termed an unspecified technology “security issue.” Universal Health Services Inc., which operates more than 400 hospitals and other clinical care facilities, said in a short statement p osted to its website Monday that its network was offline and doctors and nurses were resorting to “back-up processes” including paper records. (AP Photo/Alastair Grant, File)

WASHINGTON (AP) — A computer outage at a major hospital chain thrust healthcare facilities across the U.S. into chaos Monday, with treatment impeded as doctors and nurses already burdened by the coronavirus pandemic were forced to rely on paper backup systems.

Universal Health Services Inc., which operates more than 250 hospitals and other clinical facilities in the U.S., blamed the outage on an unspecified IT “security issue” in a statement posted to its website Monday but provided no details about the incident, such as how many facilities were affected and whether patients had to be diverted to other hospitals.

UHS workers reached by The Associated Press at company facilities in Texas and Washington, D.C. described mad scrambles after the outage began overnight Sunday to render care, including longer emergency room waits and anxiety over determining which patients might be infected with the virus that causes COVID-19.

The Fortune 500 company, with 90,000 employees, said “patient care continues to be delivered safely and effectively” and no patient or employee data appeared

29
Sep
2020
Posted in computer

Cyberattack hobbles major hospital chain’s US facilities

FILE - In this March 14, 2014, file photo, a representative of GCHQ points to a screen showing all the teams progress in completing the task during a mock cyberattack scenario with teams of amateur computer experts taking part and trying to fight this simulated attack in London. Computer systems across a major hospital chain operating in the U.S. and Britain were down Monday, Sept. 28, 2020, due to what the company termed an unspecified technology “security issue.” Universal Health Services Inc., which operates more than 400 hospitals and other clinical care facilities, said in a short statement p osted to its website Monday that its network was offline and doctors and nurses were resorting to “back-up processes” including paper records.

FILE – In this March 14, 2014, file photo, a representative of GCHQ points to a screen showing all the teams progress in completing the task during a mock cyberattack scenario with teams of amateur computer experts taking part and trying to fight this simulated attack in London. Computer systems across a major hospital chain operating in the U.S. and Britain were down Monday, Sept. 28, 2020, due to what the company termed an unspecified technology “security issue.” Universal Health Services Inc., which operates more than 400 hospitals and other clinical care facilities, said in a short statement p osted to its website Monday that its network was offline and doctors and nurses were resorting to “back-up processes” including paper records.

AP

A computer outage at a major hospital chain thrust healthcare facilities across the U.S. into chaos Monday, with treatment impeded as doctors and nurses already burdened by the coronavirus pandemic were forced to rely on paper backup systems.

Universal Health Services Inc., which operates more than 250 hospitals and other clinical facilities in the U.S., blamed the outage on an unspecified IT “security issue” in a statement posted to its website Monday but provided no details about the incident, such as how many facilities were affected and whether patients had to be diverted to other hospitals.

UHS workers reached by The Associated Press at company facilities in Texas and Washington, D.C. described mad scrambles after the outage began overnight Sunday to render care, including longer emergency room waits and anxiety over determining which patients might be infected with the virus that causes COVID-19.

The Fortune 500 company, with 90,000 employees, said “patient care continues to be delivered safely and effectively” and no patient or employee data appeared to have been “accessed, copied or misused.” The