[Security Weekly] First-Ever Fatality Caused by Ransomware Attack Reported at German Hospital

3rd Week of September 2020


1. First-ever fatality caused by ransomware attack occurs at German hospital

On September 10, a German woman died en route to the emergency room when the closest hospital, the University Hospital of Dusseldorf, was shut down due to a ransomware attack, forcing her to be redirected to another hospital 30km away.

According to the University Hospital of Dusseldorf, at the time of the incident, more than 30 of its internal servers were encrypted by ransomware, forcing it to shut down all services including the emergency room. The attackers gained access to the network by exploiting a vulnerability in an undisclosed commercial software.

This makes the first-ever reported human death caused by a ransomware attack. As authorities investigate this case, the German police stated that if the cause of death is confirmed to be the direct result of the hospital shutdown, this would be treated as a murder case. After being contacted by the police, the ransomware operators provided the decryption key without asking for a ransom payment.

This incident again demonstrates the interconnectedness between cybersecurity and personal safety. As the world increasingly relies on technology for crucial tasks, cyberattacks could soon become one of the biggest threats to personal safety.

Sources: ZDNet, Infosecurity


2. US Department of Veterans Affairs suffers cyberattack affecting 46,000 veterans

The US Department of Veterans Affairs (VA), a federal agency responsible for ensuring social benefits and medical care of veterans, has recently suffered a cyberattack where the attackers stole funds and personal data.

According to an official from VA, the attackers gained fraudulent access to a web application provided by VA’s Financial Services Center (FSC) through social engineering techniques, perhaps phishing and credential stuffing. After obtaining access to the application, the attackers redirected payments that were supposed to be sent to healthcare providers for the medical treatments of veterans. During this process, the Social Security numbers (SSN) of over 46,000 veterans might have been exposed to the attackers.

To prevent further spread of the attack, VA has temporarily disabled the application until a full security check is performed. It is also offering free credit monitoring services to those veterans whose SSNs may have been compromised.

The growing scale of today’s data breaches makes it easier than ever for hackers to deploy social engineering attacks and credential stuffing. This is why it is crucial to secure the authentication process with a multi-factor authentication solution like ISign+. Click here to learn more about ISign+.

Sources: ZDNet, Bleeping Computer


3. Gaming giant Razer leaks personal data of 100,000 customers

Razer, an industry-leading manufacturer of professional gaming hardware, as well as a provider of esports and financial services, exposed personally identifiable information (PII) of its customers due to a misconfiguration in its cloud server.

The incident came into light when cybersecurity consultant Bob Diachenko discovered a misconfigured Elasticsearch cloud database that was open to the public. Exposed data consisted of a portion of Razer’s infrastructure information, along with the personal data of its customers, including full names, phone numbers, emails, customer IDs, order details, and billing and shipping addresses. Based on the number of unique email addresses exposed, it is estimated that over 100,000 customers were affected.

After discovering the issue on August 18, Bob Diachenko immediately contacted Razer’s customer support, only to be redirected to a number of staff members until finally reaching the right person after three weeks. The flaw was finally fixed on September 9.

Razer’s customers are exposed to the potential danger of phishing, credential stuffing, and identity theft. All affected customers are advised to take extra precautions when receiving phone calls and emails.

Sources: International Business Times, Threatpost, Infosecurity


4. 2,000 Magento online stores hacked in largest recorded Magecart campaign

Since September 11, nearly 2,000 online stores powered by Magento Commerce were attacked over the course of a few days in a large Magecart campaign. Magento Commerce is an open-source ecommerce platform owned by Adobe, currently one of the top five ecommerce platforms worldwide.

The incident was discovered and published in a report by Sansec, a Dutch-based cybersecurity firm specializing in ecommerce security. According to the report, 10 stores were initially hacked on September 11, followed by 1,058 stores on the 12th, 603 on the 13th, and 233 on the 14th. This was the largest Magecart campaign ever recorded by Sansec since its foundation in 2015.

Like any other Magecart attacks, the threat actors exploited the vulnerabilities of the web application, and injected malicious codes into the checkout forms, which would log and extract all the information entered into the forms.

The ironic part is that most of these compromised stores were using Magento version 1, which reached end-of-life (EOL) on June 30, 2020. Adobe had been warning its users since the end of 2019 about the dangers of using version 1, and asked all users to update to version 2. This was followed by another warning issued by Visa and Mastercard in early 2020. 

Clearly, the attackers had been waiting for the EOL to launch this campaign. Unfortunately, many website owners chose not to update their website and exposed them to the risk of exploitation. This incident again shows the importance of keeping software up-to-date.

Sources: Sansec, ZDNet, SC Media


5. UK exposes personal records of 18,105 COVID-19 patients

Public Health Wales, the national health agency of the British constituent country, disclosed a data breach incident that exposed the personal and medical records of all Welsh residents who were tested positive for COVID-19.

According to the statement, the personal records of 18,105 COVID-19 patients were mistakenly uploaded to a public server on August 30. This allowed the information to be searchable by anyone via the Public Health Wales website. Until the incident was discovered, the database was publicly available for 20 hours and viewed 56 times.

Fortunately, the records for 16,179 of these patients only included their initials, along with dates of birth, sex, and area of residence. Public Health Wales claimed that the risk for these individuals from being identified is low. However, the remaining 1,926 records were of patients living under social support such as nursing homes and community housing. For these patients, the record also included the name of their residence, putting them at a higher risk of being identified.

Public Health Wales apologized for this mistake. As of now, there has been no evidence of these data being misused.

Sources: Fox News, Digital Health


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security