U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hackers who breached Barts NHS Trust exploited a zero-day vulnerability

In January, a cyber attack breached some systems at Barts NHS Trust and forced them offline. Hackers exploited a zero-day vulnerability. In January, a cyber attack breached some systems at Barts NHS Trust and forced them offline. Barts Health Trust runs the Royal London, St Bartholomew’s, Whipps Cross, Mile End and Newham hospitals. The hackers used […]

Hackers who breached Barts NHS Trust exploited a zero-day vulnerability

In January, a cyber attack breached some systems at Barts NHS Trust and forced them offline. Hackers exploited a zero-day vulnerability.

In January, a cyber attack breached some systems at Barts NHS Trust and forced them offline.

Barts Health Trust runs the Royal London, St Bartholomew’s, Whipps Cross, Mile End and Newham hospitals.

The hackers used a malicious code to bypass security measured and compromise internal systems.

Shortly after the attack, Barts NHS Trust issued an initial report that confirmed its systems had been infected by ransomware, but further investigation allowed experts to discover that attackers exploited a zero-day vulnerability.

Barts NHS Trust took offline some systems as a precautionary measure and reported that patient data had not been affected by the attack.

Law enforcement and experts are still investigating the case, but the minutes related to a recent board meeting disclosed some new information.

The malware infected all the sites run by the Barts Health Trust except Whipps Cross. The incident response worked correctly and the malware was promptly contained. The malware infected pathology systems, internal personnel switched in manual mode its operations.

“An IT virus had affected the Trust’s networks during January 2017. It was confirmed that this had affected all sites, except Whipps Cross but that the response had been effective and the Trust had swiftly returned to business as usual.” reads the minutes.”The virus had affected pathology systems (requiring the temporary use of manual systems), but no other IT systems used to deliver clinical care. A serious incident investigation was under way and further details would be shared once this had concluded.”

According to Deputy chief executive Tim Peachey, the malware that hit the systems wasn’t a ransomware, and no patient information systems had been compromised. He confirmed that the malware was able to bypass antivirus software because it had not been seen before and leveraged a zero-day exploit.

Barts NHS Trust

The software supplier for the infected application patched the flaw and issued a security patch within 8 hours.

Unfortunately, the number of cyber attacks on hospitals continues to increase and ransomware is among the most dangerous threats to this critical infrastructure.

In November 2016, a malware compromised the National Health Service (NHS) network, hundreds of scheduled operations, appointments, and diagnostic procedures have been canceled.

The hospitals hit by the malware-based attack are all located in the Lincolnshire, in England. In response to the incident, the IT staff shut down all the systems within its shared IT network aiming to “isolate and destroy” the malware.

Some patients, including major trauma patients, were diverted to the neighboring hospitals. The hospitals affected by the incident were the Diana Princess of Wales in Grimsby, Scunthorpe general and Goole and District.

Who will be the next?

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Barts NHS Trust, zero-day)