Labyrinth of 371 legacy systems hindered hospital’s IT meltdown recovery

From theregister.com

Last summer’s datacenter outage at one of the UK’s largest hospitals took two months to completely rectify because of the complexity associated with 371 legacy IT systems, a new report has found.

Guy’s and St Thomas’ NHS Foundation Trust suffered an IT outage at the peak of last summer’s heatwave, when temperatures hit 40°C (104°F), causing two linked datacenters to fail simultaneously. Each had been designed as backup for the other.

The failure resulted in most of the clinical IT systems at the trust’s London hospitals and related community services becoming unavailable to users, forcing staff to employ a paper-based system to keep records and find information.

The trust incurred £1.4 million ($1.7 million) in out-of-plan spending on technology services to respond to the incident. This included a cloud-hosted environment to provide resilience for data backups and a third-party specialist recovery service to image and extract data from the corrupted disks damaged during the datacenter failure.

Read more…

20 Million Downloads In Shady Rewards Apps Via Google Play

From informationsecuritybuzz.com

A new class of activity-tracking apps that have recently had significant success on Google Play, the official software store for Android, has been downloaded onto more than 20 million devices. The apps present themselves as a pedometer, fitness, and habit-building tools, promising to award users randomly for maintaining an active lifestyle, achieving distance targets, etc.

But, according to a report by the Dr. Web antivirus, the prizes could be difficult to redeem or are only partially made accessible after requiring users to watch a lot of advertising.

Read more…

Mounting pressure is creating a ticking time bomb for railway cybersecurity

From helpnetsecurity.com

The expansion of potential cyber threats has increased due to the integration of connected devices, the Internet of Things (IoT), and the convergence of IT and OT in railway operations.

In this Help Net Security interview, Dimitri van Zantvliet is the Cybersecurity Director/CISO of Dutch Railways, and co-chair to the Dutch and European Rail ISAC, talks about cyber attacks on railway systems, build a practical cybersecurity approach, as well as cyber legislation.

The railroad industry is going through a significant shift. Whenever a connected device is added, an attacker has a new opportunity to exploit it. How has your job evolved with increasing digital transformation?

At the Dutch Railways (but this goes for our entire sector), our cyber jobs have evolved to focus more heavily on cybersecurity in the face of increased digital transformation, -threat landscape, and -cyber legislation. With the integration of connected devices, the IoT and IT-OT convergence throughout our operations, the attack surface for potential cyber threats has greatly expanded.

Read more…

Gee, tanks: Russian hackers DDoS Germany for aiding Ukraine

From theregister.com

Russian hackers have proved yet again how quickly cyber attacks can be used to respond to global events with a series of DDoS attacks on German infrastructure and government websites in response to the country’s plan to send tanks to Ukraine.

The efforts, according to Germany’s cyber security agency, the BSI, were largely in vain. “Currently, some websites are not accessible. There are currently no indications of direct effects on the respective services and, according to the BSI’s assessment, these are not to be expected,” the BSI declared.

Germany announced the transfer of 14 Leopard 2 A6 tanks to Ukraine on Wednesday, jointly with the US saying it would send 31 M1 Abrams tanks to the besieged nation. Germany reportedly refused to send tanks without the US making a similar offer, in hopes that might head off a Russian response.

Read more…

The Shifting Landscape of Open Source Supply Chain Attacks – Part 3

From blog.sonatype.com

This series started with a discussion on how open source software has shifted software development to rely on a supply chain. And how existing supply chains respond, improve, and adapt to make mitigating and remediating unexpected issues easier. 

In our second post, we looked at how the software supply chain has been under attack for nearly a decade. But while some attacks have stayed the same, others are evolving. We identified three key phases.

Read more…

Chinese PlugX Malware Hidden in Your USB Devices?

From unit42.paloaltonetworks.com

Recently, our Unit 42 incident response team was engaged in a Black Basta breach response that uncovered several tools and malware samples on the victim’s machines, including GootLoader malware, Brute Ratel C4 red-teaming tool and an older PlugX malware sample. The PlugX malware stood out to us as this variant infects any attached removable USB media devices such as floppy, thumb or flash drives and any additional systems the USB is later plugged into.

This PlugX malware also hides actor files in a USB device using a novel technique that works even on the most recent Windows operating systems (OS) at the time of writing this post. This means the malicious files can only be viewed on a Unix-like (*nix) OS or by mounting the USB device in a forensic tool.

We also discovered a similar variant of PlugX in VirusTotal that infects USB devices and copies all Adobe PDF and Microsoft Word files from the host. It places these copies in a hidden folder on the USB device that is created by the malware.

PlugX is a second-stage implant used not only by multiple groups with a Chinese nexus but also by several cybercrime groups. It has been around for over a decade and has been observed in some high-profile cyberattacks, including the U.S. Government Office of Personnel Management (OPM) breach in 2015. It is a modular malware framework, supporting an evolving set of capabilities throughout the years.

Palo Alto Networks customers receive protections against the types of threats discussed in this blog by products including Cortex XDR and WildFire.

Read more…