Overview:

• Phish Tale of the Week
• Ransomware Attack Hits Ardent Health Services, Disrupts Hospital Operations
• Ukrainian Authorities Arrest Key Ransomware Operator in International Crackdown
• How can Netizen help?

Phish Tale of the Week

Often times phishing campaigns, created by malicious actors, target users by utilizing social engineering. For example, in this text message, the actors are appearing as Royal Mail, a courier service, and informing you that action needs to be taken regarding your package’s delivery. The message politely explains that “RoyalMail” is holding our parcel at the nearest PO Depot, and that we just need to rearrange a delivery in order to receive it. It seems both urgent and genuine, so why shouldn’t we visit the link they sent us? Luckily, there’s plenty of reasons that point to this being a scam.

Here’s how we can tell not to click on this smishing link:

1. The first warning sign for this SMS is the fact that it includes a URL in the message. Typically, companies will send notifications like this through SMS, but they’ll end with a call to action within an already trusted environment, for example the statement “check your tracking details for more information.” Always be sure to think twice and check “urgent” statuses like this one through a trusted environment, and never click on links sent through an SMS from an unknown number.
2. The second warning signs in this text is the messaging. This message tries to create a sense of urgency and get you to take action by using language such as “is being held” and “Please visit.” Phishing scams commonly attempt to create a sense of urgency in their messages in order to get you to click their link without thinking about it first. Always be sure to thoroughly inspect the style and tone of all texts before following a link sent through SMS.
3. The final warning sign for this email is the style of the link. After a quick look at the address, one can quickly deduce that we’ve been sent a phishing link. Trusted companies like Royal Mail typically will use a simple, standardized domain as their website. For example, Royal Mail’s official website is simply “royalmail.com.” Threat actors typically will utilize message-related words in the links they send you. After taking one quick look at the URL, “post.office-costs.com,” it’s very obvious that this email is an attempt at a smish.

General Recommendations:

A smishing attack will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via your text messages. 

1. Scrutinize your messages before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the message come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
2. Verify that the sender is actually from the company sending the message.
3. Did you receive a message from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
4. Do not give out personal or company information over the internet.
5. Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many smishing messages pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any SMS requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this month’s Cybersecurity Brief:

Ransomware Attack Hits Ardent Health Services, Disrupts Hospital Operations

On November 27, 2023, Ardent Health Services, a healthcare provider operating 30 hospitals in states like Texas, New Mexico, Oklahoma, and New Jersey, was hit by a devastating ransomware attack. The attack occurred on Thanksgiving Day, a time typically marked by reduced staffing, which likely exacerbated the situation. The ransomware not only disrupted Ardent’s IT systems but also forced the shutdown of their critical electronic healthcare records system. This led to the diversion of some emergency room patients to other hospitals, highlighting the direct impact on patient care and safety.

The consequences of the attack were far-reaching. The inability to access electronic health records is a significant setback in any healthcare setting, as it can delay critical patient care processes. The incident also put additional strain on nearby healthcare facilities that had to accommodate diverted patients. It vividly illustrated how cybersecurity breaches can have immediate and tangible effects on people’s lives, especially in sectors as sensitive as healthcare.

Ardent Health Services responded by shutting down numerous IT systems to contain the breach. The main objective was to restore critical services and ensure the safety of patients amidst the chaos. However, the attack raised significant concerns about the preparedness of healthcare institutions to handle such sophisticated cyber threats. It highlighted the necessity for robust cybersecurity infrastructure and rigorous emergency response protocols to minimize the impact of such attacks on healthcare delivery.

The Ardent Health Services ransomware attack serves as a critical reminder of the growing cybersecurity threats facing the healthcare sector. Hospitals and healthcare providers are lucrative targets for cybercriminals due to the sensitive nature of the data they handle and their crucial role in public health. This incident underscores the importance of implementing strong cybersecurity measures, including proactive defense strategies, regular data backups, and comprehensive emergency plans, to protect against such disruptive and potentially dangerous cyberattacks.

To read more about this article, click here.

Ukrainian Authorities Arrest Key Ransomware Operator in International Crackdown

In a significant operation against cybercrime, Ukrainian authorities, in cooperation with international law enforcement agencies, arrested an individual on November 28, 2023. This person is believed to be a key figure behind a ransomware group that has targeted organizations in 71 countries. The arrest was part of a broader crackdown that also saw four other individuals detained, signifying a substantial effort in the global fight against ransomware.

The arrested individual’s group was known for deploying four different strains of ransomware, demonstrating the diversification and sophistication of modern cybercriminal operations. Their tactics included brute force attacks, SQL injection attacks, and the distribution of emails with infected attachments. These methods underscore the evolving nature of cyber threats and the challenges organizations face in protecting their data and systems.

The operation’s success was largely due to the collaboration between various international law enforcement agencies, including Europol. This global cooperation highlights the necessity of a unified approach in tackling cybercrime, particularly ransomware, which often transcends borders. The arrest sends a strong message to cybercriminals worldwide about the increasing effectiveness and reach of international law enforcement in combating cyber threats.

This crackdown on a ransomware gang is a critical development in the cybersecurity landscape. It demonstrates a concerted effort by global authorities to pursue and apprehend individuals responsible for significant cyber threats. However, it also brings into focus the continuous need for enhanced cybersecurity measures at the organizational and national levels. As ransomware gangs become more sophisticated, so must the strategies to counter them.

The arrest in Ukraine is a positive step toward a more secure digital environment, emphasizing the importance of international cooperation in cybercrime investigations. It reinforces the commitment of law enforcement agencies to track down and prosecute individuals behind these disruptive cyberattacks. This event is a crucial reminder of the ongoing battle against ransomware and the need for continued vigilance and robust cybersecurity defenses in all sectors.

To read more about this article, click here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.