Founder of the UK NCSC has issues stark warning about future attacks on the NHS

A leading cyber security expert has warned that the NHS remains vulnerable to cyber-attacks unless it updates its computer systems. This comes after the major ransomware attack that disrupted healthcare services in London. Prof Ciaran Martin, founding CEO of the UK's National Cyber Security Centre, told the BBC: "I was horrified, but not completely surprised. Ransomware attacks on healthcare are a major global problem."

NHS England has invested £338m in cyber security over the past seven years, but Prof Martin suggests more urgent action is needed with a British Medical Association report highlighting that the NHS's ageing IT infrastructure, causing doctors to waste 13.5 million hours annually due to outdated systems.

The June 3rd cyber-attack on Synnovis severely affected services at major hospitals, resulting in postponed appointments and operations. The Russian-based hacking group Qilin demanded a £40m ransom, publishing stolen data when the NHS refused to pay.

Prof Martin highlighted outdated IT systems, identifying vulnerable points, and improving basic security practices as critical issues. "In parts of the NHS estate, it's quite clear that some of the IT is out of date," he warned.

Australia, US, and UK accuse Chinese state agency of cyber espionage

Australia, the United States, and Britain accuse a Chinese state-sponsored spy agency of cyber espionage. Beijing has rejected these allegations, calling them attempts to "smear and frame China on cyber security."

The Australian Signals Directorate accuses APT40, linked to China's Ministry of State Security, of widespread hacking. The hackers infiltrated old and forgotten computers connected to sensitive networks, targeting government and business information.

This is Australia's first direct attribution of cyber espionage to a Chinese state-sponsored group. The report was co-authored by Five Eyes alliance partners, including Canada, New Zealand, and the UK, along with Germany, South Korea, and Japan.

Australia’s Prime Minister Anthony Albanese seeks to stabilise ties with China but acknowledges ongoing cyber security disagreements. China has refuted the claims.

APT40 exploits vulnerable small-office and home-office devices, which are often softer targets due to outdated software and lack of security updates. Two technical case studies have been shared to help network defenders identify this activity, used by other China state-sponsored actors globally. The UK has previously identified APT40 as part of China's Ministry of State Security. The advisory, titled "PRC MSS tradecraft in action," follows a warning from the GCHQ Director about the growing cyber threat from China.

Hacker breaches OpenAI’s internal systems, raises fears of foreign espionage

A hacker infiltrated OpenAI’s internal messaging system, accessing employee discussions about AI advancements, according to a New York Times report. This unreported breach has raised alarms over foreign adversaries, such as China, potentially accessing sensitive AI technologies.

The hacker did not access the core code, but the 2023 incident has sparked fears of AI secrets being stolen. The breach occurred early last year, with OpenAI confirming it to employees and the board in April 2023 but not making it public, as no customer data was compromised.

The company believes the hacker was an individual, not state-sponsored. Concerns among employees about foreign adversaries have grown, leading to criticism of OpenAI’s security measures. OpenAI has since formed a Safety and Security Committee.

Major breach in Ivanti software prompts urgent cyber security actions by CISA

The exploitation of vulnerabilities in Ivanti's software highlights the necessity for robust cyber security measures and proactive response strategies to mitigate risks and protect critical assets. Following an attack on Ivanti's VPN software, the Cyber security and Infrastructure Security Agency (CISA) took decisive action. The attack involved threat actors bypassing authentication and gaining unauthorised access by sending malicious packets to the VPN gateway. They exploited vulnerabilities to inject malicious code, maintaining persistent access despite reboot or patching.

CISA’s intervention, which included taking two of Ivanti's systems offline, underscored the severity of the threat. This measure aimed to protect against the theft of privileged administrative credentials. Miscommunications during the incident emphasised the need for clear crisis management protocols.

The incident serves as a stark reminder of the digital age's threats, underscoring the importance of robust cyber security measures, proactive infrastructure design, and clear communication to mitigate risks and protect critical assets. Continuous vigilance and minimising high-value targets are crucial steps in safeguarding against future threats.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.