The Week in Cybersecurity: French hospital hit with ransomware attack

Welcome to the latest edition of The Week in Cybersecurity, which brings you the newest headlines from both the world and our team about the most pressing topics in cybersecurity. This week: cybercriminals are continuing to target medical facilities, Twitter’s alleged lack of cybersecurity measures, and more.

This week’s top story

French hospital hit with cyberattack — what this means for securing critical infrastructure

Hospitals and other healthcare providers are essential to national security and public health. Unfortunately, cybercriminals have turned their attention to medical facilities as worthy targets, seeing high monetary value in the selling of hospital and patient data. According to PEW, in 2020 and 2021, there were at least 168 ransomware attacks affecting 1,763 clinics, hospitals and healthcare organizations in the U.S. alone. This week, a new instance has emerged outside of the U.S., causing global concern for securing this critical infrastructure sector.

Security Week reports that the Center Hospitalier Sud Francilien (CHSF), a hospital outside of Paris, France, has been hit with a cyberattack. The attack happened at 1:00am local time on August 21st, 2022, and it impacted CHSF’s entire network, including computers, storage servers (such as medical imaging devices), and patient admission systems. CHSF has 1,000 beds and 3,500 employees, but as a result of this attack, the hospital has been forced to divert patients seeking care that requires the systems impacted to neighboring medical centers.

While CHSF hasn’t released details about the attack, sources told AFP that this was most likely a ransomware attack, and that the criminals have demanded a ransom of $10 Million. Some suspect that the LockBit ransomware group was to blame for the attack, since it is a successful ransomware-as-a-service (RaaS). Meanwhile, the gang has not publicly claimed responsibility for it. Others are skeptical to blame LockBit, because of the group’s known policy not to attack hospitals and other medical centers.

This attack on CHSF once again demonstrates that the cyber threat to medical facilities is an unfortunate reality, and that cybercriminals clearly see them as a viable target. Medical facilities such as hospitals must be prioritized when working to secure all critical infrastructure entities. A large-scale attack of this kind is a possible threat, and an attack of this magnitude can easily hurt the maintenance of national security and public health.

News Roundup

Here are the stories we’re paying attention to this week…

Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies (CNN Business)

Twitter has major security problems that pose a threat to its own users' personal information, to company shareholders, to national security, and to democracy, according to an explosive whistleblower disclosure obtained exclusively by CNN and The Washington Post.

The Pentagon may require vendors certify their software is free of known flaws. Experts are split. (CyberScoop)

The debate boils down to two key arguments: the requirement is unnecessary and impossible to achieve, or a game-changing move that will begin holding software vendors accountable for selling faulty technology.

Air-gapped systems leak data via network card LEDs (BleepingComputer)

Israeli researcher Mordechai Guri has discovered a new method to exfiltrate data from air-gapped systems using the LED indicators on network cards. Dubbed 'ETHERLED', the method turns the blinking lights into Morse code signals that can be decoded by an attacker.

Signal phone numbers exposed in Twilio hack (Schneier on Security)

Twilio was hacked earlier this month, and the phone numbers of 1,900 Signal users were exposed. For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal. This attack has since been shut down by Twilio.

Firewall bug under active attack triggers CISA warning (Threatpost)

Software running Palo Alto Networks’ firewalls is under attack, prompting U.S. Cybersecurity and Infrastructure Security Agency (CISA) to issue a warning to public and federal IT security teams to apply available fixes. Federal agencies urged to patch the bug by September 9.

Over 80,000 exploitable Hikvision cameras exposed online (BleepingComputer)

Security researchers have discovered over 80,000 Hikvision cameras vulnerable to a critical command injection flaw that's easily exploitable via specially crafted messages sent to the vulnerable web server.