A group of emergency physicians at Humber River Hospital has written a letter to the hospital’s administrators calling for the emergency department to be temporarily closed until IT systems are fully restored, citing concerns over patient safety.
The hospital’s information technology system has been shut down since Monday following an early-morning ransomware attack that triggered a Code Grey, or loss of essential services.
The IT shutdown has led to delays in medical and diagnostic test results needed to assess patients, according to the physicians who authored the letter obtained by the Star.
“This is leading to compromised and dangerous conditions for our patients,” the letter reads.
The authors want “normal activities in the emergency department to cease until our IT systems are restored to normal function,” noting patients could travel to nearby GTA hospitals that “can operate at the proper level of care.”
However the hospital says things are safe:
In an interview with the Star, Dr. Leon Rivlin, chief and medical director of the emergency department, said the hospital has “continued to deliver care to all of our patients in a very safe way” during the ongoing Code Grey.
The emergency department is now safely relying on paper records while assessing patients, he said. It’s also working closely with the diagnostic and laboratory departments “to ensure that we are maintaining all of the efficiencies and the safety mechanisms that have been developed in order to make sure patients get the care that they need,” Rivlin said.
The problem is that this could easily become one of those situations where everything is fine until it isn’t. And then it will go very bad for the hospital and more importantly, the patients. Hopefully we don’t see that scenario play out and things get back to normal quickly.
Also, I hope there’s an explanation of what happened here, and more importantly, what the hospital will do to stop something like this from happening in the future.
In the sales listing reviewed by Motherboard, a hacker that goes by 000 wrote that the data included email addresses and Vehicle Identification Numbers (VIN). The hacker also posted two samples of the data, which included full names, email addresses, mailing addresses, and phone numbers. The type of data seems to align with what Volkwagen admitted was stolen. In a website set up by a cybersecurity vendor on behalf of the car maker, Volkswagen said that “the majority” of affected data included: “first and last name, personal or business mailing address, email address, or phone number. In some instances, the data also included information about a vehicle purchased, leased, or inquired about, such as the Vehicle Identification Number (VIN), make, model, year, color and trim packages.”
But for 90,000 victims, the data also included “more sensitive information relating to eligibility for a purchase, loan, or lease. Nearly all of the more sensitive data (over 95%) consists of driver’s license numbers,” according to the company, which added that the majority of data pertains to Audi customers and interested buyers in the US and Canada only. The company also said it believes the data was left unsecured by a vendor. (Audi is owned by the Volkswagen Group.) “There were also a very small number of dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers,” the website read.
This situation requires a strong response from authorities. As in Volkswagen needs to be punished for this severely as letting this data out into the wild is completely unacceptable. Hopefully that punishment is coming swiftly.
The arrests mark the first time a law enforcement agency has announced a mass arrest of a prolific hacker group that had extorted Americans by either encrypting an organization’s files or threatening to leak them to the public. The gang, known as Cl0p, has hacked a number of American targets, including the University of Miami, Florida, Stanford University, University of Maryland, and University of Colorado, demanding a payment to either keep their systems functional or to not publish material they were able to steal. The bust comes as ransomware has gone from a quietly pervasive cybersecurity problem to a broadly discussed national security issue, thanks to a series of high-profile attacks that have threatened to cripple some U.S. supply chains.
Ukraine’s announcement coincided with President Joe Biden’s meeting with Russian President Vladimir Putin in Geneva. Biden is expected to press Putin to take action against ransomware hackers who operate with impunity within Russia’s borders. Ransomware has become a significant problem in the United States. Recent ransomware attacks briefly hobbled the Colonial Pipeline, shutting down the country’s largest fuel pipeline for five days, and JBS, one of the country’s largest meat suppliers. The majority of the most prolific ransomware gangs are believed to operate in Eastern Europe, and Russia in particular. Ukraine’s cyber police announced they had arrested six people involved with Cl0p, and seized a number of computers, cars and about 5 million Ukrainian hryvnia ($185,000) in cash.
Here’s why I am cynical about this. This is one of dozens of gangs that buy and use ransomware software. The timing might not be a coincidence though. The best that I can perhaps see coming out of this is that at most it’s a warning to the other gangs that they could be next. But only if cops follow up and bust more gangs. We’ll have to wait to see if this is or isn’t anything more than a flash in the pan.
Data presented by the Atlas VPN team reveals that 78% of businesses globally experienced an increase in the volume of cyberattacks because of a shift towards remote work.
Even though social media platforms are flooded with news of companies proudly presenting the fact that they are permanently shifting to a remote-work environment, they usually do not mention the fact that the pivot has created major issues for their security.
Unpatched personal devices, erratic employee behavior, and inadequately protected home networks create many loopholes for threat actors to exploit.
Carbon Black, a company that provides workload protection services surveyed 3,542 CIOs, CTOs, and CISOs to find out if WFH (work from home) resulted in an increase in cyberattacks. Respondents were from various industries and 14 different countries. The survey was published in June 2021. Here, we will analyze the increase in attacks on a country-by-country basis.
The study shows that a whopping 96% of enterprises in France saw a significant increase in the number of attacks due to the shift to a WFH environment.
The second most affected country is Australia, where 89% of cybersecurity professionals reported that attacks increased due to employees working remotely. The United Kingdom and Japan share third and fourth place, with 86% of respondents stating that they noticed a significant jump in cyber threats in the past year.
As many as 84% of businesses in Saudi Arabia, 83% in the Netherlands, 82% in Singapore, and 80% in the United Arab Emirates said that attacks jumped substantially. Canada is in line with the global average, where 78% of enterprises reported a growth in the cyberattack volume.
Interestingly, the United States is at the lower side of the scale, with 63% of cybersecurity professionals reporting an increase in cyber threats in the past year.
Earlier today I posted a story about Windows 10 getting an end of life date. Now we know why. Screenshots of what is purported to be Windows 11 have appeared online today. Originally published at Chinese site Baidu, the screenshots show off the new Windows 11 user interface and Start menu. The UI changes look very similar to what was originally found in Windows 10X before Microsoft canceled that project in favor of Windows 11.
App icons are now centered on the taskbar, with a new Start button and menu. The Start menu is a simplified version of what currently exists in Windows 10, without Live Tiles. It includes pinned apps and the ability to quickly shut down or restart Windows 11 devices. The operating system is identified as Windows 11 Pro in screenshots, and we can confirm they are genuine. Microsoft has been dropping hints that it’s ready to launch Windows 11. The software giant is holding a special Windows event to reveal its next OS on June 24th. The event starts at 11AM ET, and the event invite includes a window that creates a shadow with an outline that looks like the number 11.
If that’s not enough, an ISO of Windows 11 has also leaked. Though if you get your hands on this ISO, you’re trying it at your own risk. But it appears that now we know what Microsoft has planned for its Windows OS.
I am going to go out on a limb and say that this is likely connected to an announcement about the next version of Windows that is coming later this month. I guess the “Windows as a service” play that Microsoft had been telling us for years isn’t working for them. Which is another way of saying that they weren’t making enough money. So they’re changing course. But that’s all speculation. We’ll see what the deal is later this month.
Internet crime has been steadily increasing over the years as more people use the internet and hackers find new ways to attack vulnerable systems.
According to the recent Atlas VPN analysis, the FBI’s Internet Crime Center (IC3) registers about 2,331 complaints daily. The number of daily complaints was calculated by dividing a million by the number of days it took for cybercrimes to increase from 5 million to 6 million.
It took IC3 seven years to reach their first million complaints. However, the last million cybercrimes were recorded in only 429 days.
Of course, the increase in this number is not only because internet crime has become more common. Another reason is that people have become more aware of how and where to report such attacks.
Cybersecurity writer and researcher at Atlas VPN William Sword shares his thoughts on internet crime:
“Similar or even more vicious cyberattacks will likely continue as many people, and companies still ignore the rising threats. Examples of internet crime throughout the past years have shown that it is worth investing time and resources to counter threat actors and reduce cyber risks.”
Cybersecurity trends in 2021
The first half of 2021 has shown that cybercrime continues to evolve. Many ransomware attacks targeted huge companies, as this type of attack is a low-risk endeavor for hackers and an easy way to make some quick money.
One ransomware attack that stood out this year was the widely covered Colonial Pipelineattack in late April. Cybercriminals demanded a $4.4 million ransom in Bitcoin.
Amid the COVID-19 pandemic, phishing attacks were also prevalent among hackers. Threat actors sent out fake emails about stimulus checks or offered other financial help to people that suffered from the pandemic.
Now that vaccines have rolled out, many criminals see another opportunity to trick people into providing sensitive information. Criminals pretend to be government officials and offer to vaccinate residents sooner if they fill out documents with their personal data.
Posted in Commentary with tags Hacked on June 15, 2021 by itnerd
In light of the recent wave of high-profile ransomware attacks that have caused havoc in the US and Europe, the member states of the G7 group have called on Russia and other countries to crack down on ransomware gangs operating within their borders:
“We call on all states to urgently identify and disrupt ransomware criminal networks operating from within their borders, and hold those networks accountable for their actions,” the G7 group said in a communique published on Sunday, at the end of a three-day conference held in Cornwall, UK. “In particular, we call on Russia […] to identify, disrupt, and hold to account those within its borders who conduct ransomware attacks, abuse virtual currency to launder ransoms, and other cybercrimes,” the G7 group added.
The joint statement was signed by the governments of Canada, France, Germany, Italy, Japan, the UK, and the US — more commonly known as the Group of Seven (G7). It comes after a series of ransomware attacks that caused disruptions at hospitals during the COVID-19 pandemic, fuel outages on the US East Coast following the Colonial Pipeline attack, and beef supply issues across Australia and the US following the JBS Foods ransomware incident.
This isn’t going to happen. Russia, China, and others who shield these gangs aren’t going to do anything about these gangs simply by being asked nicely by the G7. This is state sanctioned activity. Which means you need to punish the states in question via sanctions and other means. Then and only then they might change how they treat ransomware gangs. So maybe the G7 should rethink this and come up with a plan that makes these states feel some real consequences.
Posted in Commentary with tags Hacked on June 14, 2021 by itnerd
NBC reports that the Teamsters labor union was hit by a ransomware attack demanding $2.5 million back in 2019. But unlike a lot of companies out there, they decided to tell the scumbags behind the attack to take a hike and not pay them. This despite the FBI at the time telling them to pay up:
Personal information for the millions of active and retired members was never compromised, according to a Teamsters spokesperson, who also said that only one of the union’s two email systems was frozen along with other data. Teamsters officials alerted the FBI and asked for help in identifying the source of the attack. They were told that many similar hacks were happening and that the FBI would not be able to assist in pursuing the culprit.
The FBI advised the Teamsters to “just pay it,” the first source said. “They said ‘this is happening all over D.C. … and we’re not doing anything about it,'” a second source said.
Union officials in Washington were divided over whether to pay the ransom — going so far as to bargain the number down to $1.1 million, according to the sources — but eventually sided with their insurance company, which urged them not to pony up… The Teamsters decided to rebuild their systems, and 99 percent of their data has been restored from archival material — some of it from hard copies — according to the union’s spokesperson.
The FBI’s communications office did not reply to repeated requests for comment. The FBI’s stance is to discourage ransomware payments.
Clearly the Teamsters are made of tougher stuff than most. They were willing to rebuild everything rather than pay up. And I applaud them for that. This should be a case study for every other company out there of what to do when you get attacked by ransomware. If more companies do what the Teamsters did, the scumbags behind ransomware attacks would be out of business tomorrow.
Posted in Products with tags Onvis on June 13, 2021 by itnerd
I have been using lockdown and everything related to that to work on the home security system that I am building using HomeKit products. One of the things that I wanted was a way to have a siren using the HomePod Mini that I have. But that’s simply not possible. Apparently if you want to have a siren sound play when for example a motion sensor detects motion, you can’t unless you have an Apple Music account. That’s a #fail. So I went looking for a second option. The thing is, there’s not a whole lot of options out there. As a result it took a while to find a product that I thought would work for me. And that product was the Onvis CS1 Security Alarm Contact Sensor. Here’s what you get in the box:
Besides the two parts of the sensor, you get 2AAA batteries, a pack of three screws, 3M double sided adhesive, and of course the usual instructions, which I should note that the English isn’t the best in the supplied documentation.
Now, let me get this out of the way right up front. This device uses Bluetooth LE 5.0. Which means it only works with your phone in range of it, which of course isn’t practical for this use case, or with a HomeKit Hub (An Apple TV 4 or above, HomePod or HomePod Mini) that is within range. That’s due to the fact that if it had WiFi, the batteries would drain pretty quickly. But the batteries should last about a year or more via Bluetooth LE 5.0. In my case, that forced me to buy a second HomePod Mini to make this work as my HomePod Mini as in the bedroom, which made it too far away to be useful. The second HomePod Mini now lives discreetly in my living room plugged into a uninterruptible power supply. And as a bonus it is part of an active/standby scenario where if one of the HomePod Minis become unavailable for any reason, the second one will take over running my HomeKit gear.
Setting this up is typically HomeKit easy:
Take out your iPhone and open the Home app.
Click the “+” and click “Add Accessory”.
Scan the HomeKit code on the side of the device.
Follow the prompts and you’re done.
You then have to mount it. You can use the double sided 3M tape. Or you could screw it in. I would screw it in if you can. Here’s how the finished product looks:
In my case I used the double sided 3M tape and I drilled a bunch of holes to screw it in place to ensure that it was secure. I also placed it at the top of the door for one other reason that I will get to in a moment.
Now you get a number of sensors as part of the deal:
Temperature sensor
Humidity sensor
Door sensor
So in short, besides being able to sense if the door is open or not, it can also monitor temperature and humidity. Those last two features aren’t really useful to me. But they might be useful to somebody else who is interested in using that information to drive automations for smart thermostats for example. You also get a 120 dB siren as well. Though in my testing it did only hit 89 dB when I tested it with my Apple Watch with the volume cranked up to max.
Once you set this up, you can use the Home app to do a very limited amount of customization. You can set it up to arm when you leave, and disarm when you come home. You can add the sensors to automations, and…. that’s about it. To do anything interesting, you need the Onvis Home app which allows you to customize things like the volume of the alarm, the delay before it alarms, and the like. The good thing about the Onvis Home app is that it reads your HomeKit data to allow you to customize it. That suggests to me that you can set this up as HomeKit only and in theory because it is Bluetooth only, it won’t be a security risk on your network. The Onvis app is also used for firmware updates as well. I will say that the Onvis app is a bit sketchy in terms of the user interface as some stuff simply doesn’t work the way that you expect it to, and has some borderline amateur level graphics. Fortunately you can choose to use another app like the Eve app for example which allows you to do everything that the Onvis Home app does minus the firmware update part.
Gripes? I have one. The battery compartment holds two AAA batteries and is unremarkable except for the fact it’s really easy to open and close. Too easy. I can see a situation where someone does manage to get into your home, but isn’t deterred by the alarm and is quickly able to deactivate it by taking the batteries out very fast if he can find the sensor. Your neighbors would likely see that as a false alarm and not call the cops. Then the scumbag thief can go to town on your place. While you would get an alert that the door had been opened, if you’re not close to home you are still in trouble. Because of that, you have to hope that the thief in question hears the alarm (which is very loud and hard to miss in my condo) and decides to run away before the cops show up. Onvis should really fix this by having a screw or some other mechanism to make the battery section harder to open. My own mitigation strategy for this issue is to place the sensor at the top of the door so that it if this situation happened, it would take just that little bit longer for the thief to find it. Which may encourage them to run away instead of trying to disable the alarm.
The Onvis CS1 Security Alarm Contact Sensor goes for $27.99 USD. Which is a pretty low price for this. I’d give this a look if you live in a condo or apartment and you need an alarm system to protect your property. Just make sure that you have a HomeKit hub nearby so that you can get alerts when you are away from home.
Humber River Hospital Pwned By Cyberattack…. ER Docs Want The ER Closed Until IT Systems Are Restored
Posted in Commentary with tags Hacked on June 18, 2021 by itnerdHospitals are really important right now given the times we currently live in. Which makes news of a cyberattack on Toronto’s Humber River Hospital incredibly frightening. And a group of ER doctor’s want the ER closed until things are back to normal:
A group of emergency physicians at Humber River Hospital has written a letter to the hospital’s administrators calling for the emergency department to be temporarily closed until IT systems are fully restored, citing concerns over patient safety.
The hospital’s information technology system has been shut down since Monday following an early-morning ransomware attack that triggered a Code Grey, or loss of essential services.
The IT shutdown has led to delays in medical and diagnostic test results needed to assess patients, according to the physicians who authored the letter obtained by the Star.
“This is leading to compromised and dangerous conditions for our patients,” the letter reads.
The authors want “normal activities in the emergency department to cease until our IT systems are restored to normal function,” noting patients could travel to nearby GTA hospitals that “can operate at the proper level of care.”
However the hospital says things are safe:
In an interview with the Star, Dr. Leon Rivlin, chief and medical director of the emergency department, said the hospital has “continued to deliver care to all of our patients in a very safe way” during the ongoing Code Grey.
The emergency department is now safely relying on paper records while assessing patients, he said. It’s also working closely with the diagnostic and laboratory departments “to ensure that we are maintaining all of the efficiencies and the safety mechanisms that have been developed in order to make sure patients get the care that they need,” Rivlin said.
The problem is that this could easily become one of those situations where everything is fine until it isn’t. And then it will go very bad for the hospital and more importantly, the patients. Hopefully we don’t see that scenario play out and things get back to normal quickly.
Also, I hope there’s an explanation of what happened here, and more importantly, what the hospital will do to stop something like this from happening in the future.
Leave a comment »