Weekly Cyber News Roundup

December 11th to December 15th, 2023 

Content 

01. News Bites
  • Cyber Attack Strikes Hotelplan UK
  • Norton Healthcare Cyber Attack Exposes Personal Data of Millions
  • U.S. warns of Chinese military cyber infiltrations targeting critical infrastructure and essential services
  • Massive Cyberattack Disrupts Kyivstar, Ukraine's Largest Mobile Operator
  • Ukraine's Defence Intelligence Claims Major Cyber Strike on Russia's State Tax Service  
02. Conclusion

Quick News Bites

Cyber Attack Strikes Hotelplan UK 

Hotelplan UK, the parent company of brands such as Inghams, Explore Worldwide, Esprit Ski, Inn travel, and Santa’s Lapland, revealed it has recently been the target of a cyber-attack that prompted a swift initiation of an investigation and the temporary suspension of key systems. The incident, first discovered over the weekend, led to immediate action to isolate affected systems and start a detailed probe.  

Hotelplan UK’s CEO assured customers that existing holiday and trip bookings are not impacted. He emphasised the team's dedication to restoring full operational capacity across all brands, aiming to mitigate service disruptions.  

In communications with travel agents and suppliers, he confirmed that departures continue as scheduled and that regular communication channels remain open. He noted that temporary solutions are being implemented to limit disruption, though some delays might occur in the short term. Ponte apologised for any inconvenience and expressed gratitude for the ongoing support, adding that different brands may resume normal operations at different times.  

This incident highlights the vulnerability of the hospitality sector to cyber-attacks, and the need for robust security measures in this increasingly targeted industry. 

Norton Healthcare Cyber Attack Exposes Personal Data of Millions 

Norton Healthcare, a major Kentucky-based nonprofit healthcare system, has reported a substantial data breach impacting 2.5 million individuals.  

Operating over 40 facilities in Louisville, the breach occurred during a ransomware attack in May, affecting patients, employees, and their dependants. The hackers accessed network storage between May 7th and 9th, compromising sensitive data including names, birth dates, Social Security numbers, and medical details, though Norton’s primary medical record systems were unaffected. The extent of the breach, including potential exposure of financial and identification information, was confirmed after an internal investigation.  

Norton informed law enforcement and did not pay a ransom. The ALPHV/BlackCat ransomware gang took responsibility but so far their claims are unverified. There is a growing trend of cyberattacks against the healthcare sector with the U.S. Department of Health and Human Services stating that up to 88 million people have been affected by breaches this year in the United States.  

U.S. warns of Chinese military cyber infiltrations targeting critical infrastructure and essential services 

 U.S. officials and cyber security experts have raised alarms about the Chinese military's intensified efforts to infiltrate key infrastructure, utilities, communication, and transportation sectors in western nations. The Washington Post reported that hackers associated with China's People’s Liberation Army targeted about two dozen critical service entities over the past year, including a Hawaiian water utility, an oil and gas pipeline, a West Coast port, and made attempts against the Texas power grid.  

These intrusions are seen as part of China's strategy to disrupt or destroy vital services in the event of a Pacific conflict with the U.S. and its allies. While these hacking attempts didn't affect industrial control systems directly, they signal a potential Chinese military strategy to use cyber-attacks to hinder U.S. responses to conflicts, particularly in Taiwan.  

Brandon Wales of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) noted a significant shift in Chinese cyber activities from espionage to targeting critical infrastructure.  

Massive Cyberattack Disrupts Kyivstar, Ukraine's Largest Mobile Operator 

Kyivstar, Ukraine's largest mobile network operator, suffered a major cyberattack on Tuesday, which was dubbed the most significant since Russia's war on Ukraine began in February 2022. The attack affected over half of Ukraine's population, disrupting services and damaging IT infrastructure. This left millions without critical air raid alerts amidst potential Russian assaults.  

Kyivstar CEO, Oleksandr Komarov told Reuters news agency that the attack was related to the ongoing war, stating they needed to physically shut down Kyivstar to limit enemy access. Russian hacktivist group Killnet claimed responsibility without evidence. 

The attack, which did not compromise the Ukrainian military, is under investigation by Ukraine's SBU intelligence agency, suspecting Russian security services' involvement. Kyivstar, with 24.3 million mobile and 1.1 million home internet subscribers, partially restored fixed-line services and aimed for full restoration by Wednesday. The attack is suspected to be a state-sponsored act, with a focus on destruction rather than financial gain. Ukrainian officials reported impacts on air raid systems in over 75 settlements, and in Kyiv, residents switched to other networks for connectivity. Other Ukrainian companies, including Monobank and major financial institutions, also reported disruptions. Ukraine has frequently accused Russia of cyberattacks, including a significant hit on Viasat Inc at the war's outset, that affected satellite internet modems across Europe. 

Ukraine's Defence Intelligence Claims Major Cyber Strike on Russia's State Tax Service  

Ukraine's defence intelligence directorate (GUR) announced that it had launched a ‘significant’ cyberattack on Russia's federal tax service (FNS) earlier this week, claiming to have infected thousands of servers with malware, leading to the destruction of databases and backups.  

The operation involved infiltrating a central server of the FNS and over 2,300 regional servers across Russia and occupied Crimea. The attack reportedly paralyzed internet connectivity between the FNS’s Moscow central office and its regional branches. According to GUR, this has caused a “complete destruction” of the FNS’s infrastructure, potentially leaving the service incapacitated for over a month. 

The claims, which remain unverified as Russian state media and the FNS have not commented on the incident, mark a significant escalation in Ukraine's cyber offensive capabilities. The operation follows another successful cyberattack by GUR against Rosaviatsia, Russia's civil aviation agency, in November. Previously, such attacks were mainly attributed to pro-Ukraine hacker groups and hacktivists. Notably, Ukraine's security services (SBU) have been collaborating with these groups, including a breach of Russia's largest private bank and a hack into Russia's Labor Ministry by the Ukrainian hacker group Blackjack, though the SBU has not publicly acknowledged these incidents. 

 

Closing Summary

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

Disclaimer

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.

Need advice?

If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.

More detailed threat intelligence news?

If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.

We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.

Security-first-stacked-logo4-No-Padding

Cyber Security Conference

STOCKHOLM | 17 October 2023

Integrity360's flagship conference Security First comes to Stockholm in 2023!

Join leading cybersecurity experts from across the community as we explore the latest threats and industry trends, and learn practical strategies to safeguard your organisation.